last executing test programs: 2m55.228023315s ago: executing program 3 (id=183): ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x40043d14, &(0x7f0000000180)={0xffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$evdev(0x0, 0x3e, 0x208604) io_setup(0x6, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(r1) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, 0x0, 0x11) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000}) close_range(r3, 0xffffffffffffffff, 0x0) 2m53.02595471s ago: executing program 3 (id=188): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0}}, 0x18) unshare(0x2a020400) recvmmsg(0xffffffffffffffff, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40000020, 0x0) close(0xffffffffffffffff) 2m44.339096339s ago: executing program 3 (id=200): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000", @ANYBLOB="f7", @ANYRESOCT], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_disconnect(r0) 2m39.132205359s ago: executing program 3 (id=210): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0}}, 0x18) unshare(0x2a020400) recvmmsg(0xffffffffffffffff, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40000020, 0x0) close(0xffffffffffffffff) 2m31.217103049s ago: executing program 3 (id=223): connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x101800, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x2002, 0x3b9}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0) 2m28.55016672s ago: executing program 3 (id=226): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0) r0 = fanotify_init(0x200, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x240102, 0x0) fanotify_mark(r0, 0x455, 0x8000003, r1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) syz_init_net_socket$ax25(0x3, 0x3, 0xce) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x7, 0xe, &(0x7f0000000380)=@raw=[@map_idx_val={0x18, 0x5, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1000}, @map_val={0x18, 0x5, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}}, @func={0x85, 0x0, 0x1, 0x0, 0xc}], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r6, 0x10e, 0xc, 0x0, 0x0) sendmsg$netlink(r6, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000000040)}, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 2m13.297801744s ago: executing program 32 (id=226): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0) r0 = fanotify_init(0x200, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x240102, 0x0) fanotify_mark(r0, 0x455, 0x8000003, r1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) syz_init_net_socket$ax25(0x3, 0x3, 0xce) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x7, 0xe, &(0x7f0000000380)=@raw=[@map_idx_val={0x18, 0x5, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1000}, @map_val={0x18, 0x5, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}}, @func={0x85, 0x0, 0x1, 0x0, 0xc}], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r6, 0x10e, 0xc, 0x0, 0x0) sendmsg$netlink(r6, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000000040)}, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 20.0307967s ago: executing program 4 (id=477): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x18, 0xb, &(0x7f0000000880)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='kfree\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000240), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000780)={0x1, @pix={0x7, 0x60ed, 0xa0363159, 0x7, 0xd, 0x7, 0x7, 0x9, 0x1, 0x2, 0x2, 0x3}}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x210c08, &(0x7f0000000640)=ANY=[], 0x1, 0xa8b, &(0x7f0000001400)="$eJzs3UuMHEfdAPCe3Z21HTufx/lsYpyQ2ASSCMhuvGvMw4I4ii9YMeIWKeJiOU6wcAzCkSCRpdg+ccORZW6IhzjlEgFCIhdk5cQlErHEJafAgQOWkSxxgAR70M5Wzc78PZOe8T56Z+f3k3pququmq7q3u7dfVVUAY2ui9VlvfV55+/KRfzz69y0L359qp2i0Pqc6xhZS19L4VJjfB5OL4a2b5070CmvFXOszj1/q+O3WoijOF3uLq0Wj2HPl2hvvzj177MLRi/vee/PQ9VVYdAAAGDvfunrowK6//vmBHR++9dDhYlN7ej4/b6Txbem8/3A68V8Ipmr5+mHpeqDWMXSaDumm0jAR0k32SFd0pKvndJu7fxfznw7zrfdJt6kk/8mOaZ3TY7lhFOXtuFHUJma6xicmZmYWr8mL1nX9dG3mzKnTL56tqKDAivvXw0VR7DUYxmSo5+/N7e2doOoyVTh0rAWASsXnhXc4H+8sLE97blOD5X/j6Ynev+9WX8kyMj7WevuXf5x/dznWOv+y5f/1hVVefsbK4FvT5lUtx0rLy5X3o21pPD5HiO8vDXv8yfObDPMb9ASg33OEUXm+0K+ck2tcjrvVr/xxu9iovpbCvB6+HuI795/4Nx2VvzHQ27/X3f3/LUuFq7wsBsPGHppVHnyAapVc1sf35ppJjo/v9cX4TSXxm0vit5TE31MSv7UkHsbZ7175SXGptnSdH6/pb90819pZBr0flu+z3ZvC/xuyPPF+5LD34+J7v8Nabv7xfWJYz/5w/LmTX37h+WuL7//X2tv/7bS9703jjbRvXU0J8v3CeF+9/e5/ozufiT7p7gvlubdH+tb3nd3pajuX5lN0HGfuKMfu7t9t75fuwe50jZBuSxri6VI8P7kn/C6ff+Tjal5fU2F562E5pkM58nFlRwpH62kM61XeHvu9/5+3z91FvfbiqdMnn0zjeTv902R908L0/WtcbmD5Bq3/s7vorv+zrT29PtF5XNi+NL3WeVxohOlzfabPp/H8f+47k1ta02dOfO/0Cyu98DDmzr762nePnz598ge++DJ6X+rroxgb8UvVRyZgtc2+8vL3Z8+++toTp14+/tLJl06emT94cH5u7uBX5g/Mts7rZzvP7oGNZOmfftUlAQAAAAAAAAAAAAb1w6NHrv3lnS+9v1j/f6n+X67/n9/8zfX/fxzq/8d68rkefK4HuKNHfCtNaGB1OqSrp+H/Q3l3hnx2hd99IoXtfvxS/f+cXWzXNZfn/jA9tt+b04XmBO5oL2U6tEES+wv8dAovpvBXBVSo9rPek1NY1r513tZz+xTapRhN+e+W2zPJ7Zjk+t/92nXKx/8dvWf7+kqXk5W1FtUJq15GoLd/rrv2v1dlWGrws/KydFwxDJL+9YrKOV31ehrP4Vaz2VzL/JrNj+vFQ19TwNqpuv/PfN8zh2f++I3NC0NOduPp7uNlbL8UlqPq/i8ryz/fWBzX5R8w/5Xu/7Pd/93Ax7/QY17j7vL9z8+vv9+RbbGnb/6biq784/LndqB3Dpf/hyn/vDSPFf3y717+5i9D/vGB0IA+CvnfM2D+cfkvD5txyvC/Kf+82h5/ZND8F2dQm+guR7xvnJ//xfvG2a2w/Lltz2GX/247aryd8odxNir9zA6rq//fC8217/93mT0MxfcwvpjG84Ewv+cQ+zsZtvz5/Yr8f2BXmH+t5P+b/n9H21dTWLY/5P5/8/bY6DE+0TFe77FuN+qxBkbVByv2/K/jjbl18BzFMD5DzTZ310Oz2az0IZ8njNWqev1XfZ1Qdf5Vr/8ysf/feA4f+/+N8bH/3xgf+/+N8a37ih8tddob11fs/zfGx/5/Y/z9Id/YP/DukvhPlsTvKYl/oCT+wZL4T5XE7yuJf6gk/uGS+PtK4h8pif9M+IvH+M+W/P7RkvjHPz5+/kclv9/ocn2UcV1+GGexfp79H8ZHfv7Tb//fWRIPjK6fvrX/med/++3GYv3/6fb9kPwc73Aar6dr53i9FO+fTKa4d9L430L8er/fAeMktp8R/78/VhIPjK78npf9G8ZQrXeLPYO2W9XvPJ/R8rkUfj6FX0jhEymcSeFsCvencG6NysfqeOY3vz90qbZ0vb89xA/6PnmsDxTbiZofsDzx/sCw77PHdvyGtdz877I6GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGUmWp8HDuyuFcWVty8fee7YqdmFKU+1UzRan1MdY/X274riyRROpvAX6cutm+dOdIa3U1gr5opaUWtPL755o53T1qIozhd7i6tFo9hz5dob7849e+zC0Yv73nvz0PXVWwMAAACw8f0vAAD//3fOHG0=") r4 = socket$inet_tcp(0x2, 0x1, 0x0) preadv(r1, 0x0, 0x1d, 0xfffffffe, 0x102) syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x200) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$BLKGETSIZE64(r5, 0x80041272, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000e40)=@mangle={'mangle\x00', 0x44, 0x6, 0x520, 0x98, 0x98, 0x3b8, 0x98, 0x188, 0x488, 0x488, 0x488, 0x488, 0x488, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'ip6gre0\x00', 'ip6gre0\x00', {}, {0xc93f35ddc4ae1e35}}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0xc0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xf}}, @inet=@rpfilter={{0x28}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0xa}, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x19}, 0x0, 0x0, '\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x580) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) 17.188232654s ago: executing program 5 (id=483): socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000040)=0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) keyctl$read(0x2, r3, &(0x7f00000000c0)=""/4096, 0x1000) keyctl$read(0xb, r3, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) r4 = syz_open_dev$vim2m(&(0x7f0000000200), 0x40002, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000000)={0xa, 0x1, 0x2, "176e0000203e703b9db3ada49694c000000000ed000000000000000086a600", 0x50313459}) r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x2}) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000005004d564b"]) 16.355006843s ago: executing program 2 (id=484): socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) unshare(0x22020600) r3 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f0000000000)='cpu.stat\x00', 0x300, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r5, 0x0) setpgid(0x0, r5) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file0/file0\x00'}, 0x18) 15.040048226s ago: executing program 5 (id=485): socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet6_sctp(0xa, 0xb, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$setperm(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x80042, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) write$binfmt_aout(r1, &(0x7f0000000280)=ANY=[], 0xfce1) 14.843703882s ago: executing program 4 (id=487): bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, 0x0, 0x0, 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = socket$inet_tcp(0x2, 0x1, 0x0) creat(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000380)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x28}}, {0x20000010304, @dev}, 0x4, {0x2, 0x4e20, @multicast1=0xe000cc02}}) clock_gettime(0x3, &(0x7f0000000040)) 14.759285155s ago: executing program 2 (id=488): memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)=ANY=[], 0x50) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x19, 0x1c, &(0x7f0000001840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x6, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x2}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x480, @void, @value}, 0x94) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYRESDEC=r3, @ANYRES64=r3], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000340)={{0x8, @loopback, 0x4e2c, 0x1, 'ovf\x00', 0x14, 0x2, 0x19}, {@empty, 0x4e22, 0x3, 0x10001, 0x400fc1a, 0x8}}, 0x44) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="200000006800e97800000000ffdbdf250a0000000000000008000500", @ANYRES32], 0x20}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 13.173995357s ago: executing program 5 (id=490): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000140)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@nobarrier}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q") ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285629, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) read$msr(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x8) 13.171982865s ago: executing program 2 (id=491): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r2, &(0x7f0000000cc0)=[{{&(0x7f0000000700)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, 0x0}}], 0x1, 0x48094) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$tty1(0xc, 0x4, 0x1) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {0x401, 0x3, 0x4, 0x2}, 0x1e, [0xd4, 0x5, 0x9, 0x8a4, 0x2, 0x2, 0x7fffffff, 0x80000001, 0x5, 0x1, 0x105, 0x3c6, 0xa, 0x6, 0xf70, 0x3, 0xe7, 0x7, 0x401, 0xbc5e, 0x8, 0x1, 0x6, 0xffff, 0xe, 0xb, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0x2, 0x7, 0x1ff5, 0x1, 0x1, 0x80000000, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x1, 0x1, 0xa, 0x2, 0x3, 0x9, 0x5, 0x9, 0x0, 0x3a26, 0x1000, 0x57f5, 0x2, 0x6, 0x7ff, 0x2], [0x80000800, 0xffffffff, 0x4, 0x5, 0x7fffffff, 0x1, 0x553, 0x7, 0x2, 0xfffffffc, 0x8, 0xc, 0x36, 0xa, 0x3, 0x1, 0x9, 0x98, 0xc, 0xe56d, 0xa4, 0x4, 0x98d, 0x8, 0x0, 0xd, 0x5, 0x0, 0x6e39, 0x8000, 0xa, 0x2, 0x3, 0x0, 0xfffffffe, 0x7, 0x4, 0xd, 0x80000009, 0xfff, 0x4, 0x0, 0x40, 0x7, 0x8, 0xfffffff7, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a17, 0x0, 0x8, 0x7, 0x0, 0xffffffff, 0x1, 0x9, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x6, 0xdb8, 0x9, 0x4, 0x2, 0x6, 0x5, 0x5, 0x3, 0x5, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x8008, 0xee40000, 0x1, 0x1, 0x43, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x8, 0x2, 0x4, 0x800, 0x7, 0x9, 0x0, 0x0, 0x1, 0xfffffffe, 0x7, 0x0, 0x9, 0x8c0, 0x9, 0x8000002, 0x9, 0x7, 0x6, 0x5, 0x81, 0xf7b4, 0xffffff20, 0x55f2, 0xdf45, 0xfffffffd, 0x7f, 0x9, 0x7ffc, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x7f, 0x3, 0xffff], [0x1, 0x896, 0x8, 0x246d, 0x6, 0xfe, 0xfffff410, 0xd, 0x7ff, 0x606, 0x4, 0x800009, 0x80000001, 0x2, 0x8000000b, 0x2, 0x7, 0x1, 0x80000000, 0x2, 0x7ff, 0x3ff, 0x0, 0xfffffffe, 0x9, 0x100, 0x2, 0xec9b, 0x61c8, 0x6, 0x0, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0xe, 0x4000006, 0x7, 0x1, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x3, 0x3c, 0x400, 0x1000, 0xfffffffe, 0x15, 0x8002, 0x7, 0x81, 0x5, 0x7, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000200)=0x9, 0x4) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000680), 0x1, 0x5d5, &(0x7f00000006c0)="$eJzs3U9rHOcdB/DvrNey5YKtJHbiloBFDG1TUVurdVO3l7qlFB1CCRR6CgFhryPhtRKkTVFCKer/a19CetAb6C23QHrIqT33pGso9K6by8zOrjaWokixrF3Fnw88+zzPPjPP/Oa3M7M7K8QGeGYtzqW5mSKLc69vlP3trXZ3e6v9cNBOci5JI2n2qxSrSfFJcif9km+WT9bTFV+0nVc/u/TRtbc+fbPfa9alWr5x0HqHs1mXzCY5U9fHNd/dJ56vGO5hmbDrTxYbHJ9He2weZfUnPG+BSVD03zf3mEkuJDlffw5IfXVonGx0x+9IVzkAAAA4pS7tZCcbuTjuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA0qX//v6hLY9CeTTH4/f+p+rnU7VPt43EHAAAAAAAAAADH4NpOdrKRi4P+o6L6m/8rVedy9fiNvJf1dLKWG9nIUnrpZS2tJDMjE01tLPV6a61DrLmw75oLJ7O/AAAAAAAAAPA19Ycs7v79HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkGRnOlXVbk8aM+k0UxyPslUudxm8u9B+zT7eNwBAAAAwAm4tJOdbOTioP+oqO75X6zu+8/nvayml5X00k0n96rvAvp3/Y3trXZ3e6v9sCx75/3p/44URjVj+t897L/lq9US07mfleqZG7mbd9LNvTSqNUtXB/HsH9fvy5iKn9QOGdm9ui73/G91PRlmqoycHWZkvo6tzMZzB2fiiK/O41tqpTH85ufyU8j5hbou9+cvE53zhZGj78WDM5H84Nf/WV7urj5Yvr8+Nzm79BU9non2SCZeeqYyMV9l4sqwv5hf5FeZy2zeyFpW8psspZdOZvPzqrVUH8/l48zBmbrzud4bXxbJVP269K+iR4vplWrdi1nJL/NO7qWT2/lRbuV2budWFjKf+ZFX+MohzvrG0c7669+tG9NJ/lrXk6HM63MjeR295s5UY6PP7Gbp+eO/Nja/VTfKbfyxrifD45lojWTihYMz8fdH5eN6d/XB2vLSu4fc3nfqujyP/jxR7xLl8fJ8+WJVvc8fHeXYC/uOtaqxy8Oxxp6xK8OxLztTp+rPcHtnWqjGXtp3rF2NXR0Z2+/zFgAT78L3LkxN/3f6X9MfTv9penn69fM/O3f73MtTOfvPsz9uzp/5duPl4h/5ML/bvf8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+uvX3P3iw1O121jQ0NDSGjXFfmYCn7Wbv4bs319//4PsrD5fe7rzdWW3farVfu9V6rf3Dm/dXup35/uO4wwSegt03/XFHAgAAAAAAAAAAABzWSfw7wbj3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjdFufS3EyR1vyN+bK/vdXulmXQ3l2ymaSRpPhtUnyS3Em/ZGZkuuKLtvPqZ5c+uvbWp2/uztUcLN84aL3D2axLZpOcqevjmu/uE89XDPewTNj1QeJg3P4fAAD//0H+C6o=") 11.417391388s ago: executing program 4 (id=494): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/216, 0xd8}], 0x1, 0x6, 0xfffeeffa) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x800) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c090003042402020424"], 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 9.908053587s ago: executing program 1 (id=496): socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000040)=0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) keyctl$read(0x2, r3, &(0x7f00000000c0)=""/4096, 0x1000) keyctl$read(0xb, r3, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) r4 = syz_open_dev$vim2m(&(0x7f0000000200), 0x40002, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000000)={0xa, 0x1, 0x2, "176e0000203e703b9db3ada49694c000000000ed000000000000000086a600", 0x50313459}) syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000005004d564b"]) 9.777392474s ago: executing program 2 (id=497): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x1868b, &(0x7f0000000cc0), 0x1, 0xc24, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnTNaS96mmd1snA/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6y+LMnFG0pwIaGEtMUlF7msYRPoXX3VQmjAvdqWEBC9Kr0obrsx27tJIG3pxaqcmXekkda2lLUtyevfz9j/M2eeM/OeWT2ac2bPmRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMTXv3FycCjt9SgAgN10ZuLNwWHv/wDwRDln/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO2lKOK7keLdH7TSVPt2R//p5vyVq5Nj43dfbCBFikoU7fryb//Q0eFjr7x6fKSb91/+YftCvDFx7mT91MLc4tLM8vLMdH1yvnlhYXpmx4/woMtvdaT9AtTn3r4yffHicv3oy8Ob7r5au3Pg6UO1EyOHh9/q1k6OjY9P9NRU+z72s39EengPxSfIU1HENyPFey99kBoRUYkH74Vtfnc8agNRLfuvvRKTY+PtFZltNuZXyjtTJVdVI2o9C412e2QXevGBjEZcK/87lQM+Uq7exGJjqXF+dqZ+trG00lxpLsynSme05frUohIjKWIxIlrFXg+e/aYvijgWKe78upXOR0TR7YMXz0y8OTi8/QNUd2GQ93jaWhGxGo9Bz8I+dSCK+MtI8cOpwbiQ+6rdNu9HfKXM1yIul3krxfV8O5W/IEYifuX9BB5r1SjiF5FiIbXSdLf329uVp79Vf33+4kJPbXe78rHfP9hNtk3Yx/qjiPPtLf5W+vgfdgEAAAAAAAAAAAAAu6OIn0aKm3MvpMXoPae0OX+pfq5xfrZzVHD32P96XmptbW2tljpZzzmYczTn2ZxTORdzXst5PeeNnDdz3sq5mvN2zlbOqOTnz1nPOZhzNOfZnFM5F3Ney3k9542cN3Peyrma83bOVs5w3hMAAAAAAAAAAAAAAAAAAAAP2UAUMR4pbrz7R+3rSkf7uvSfPjFyZuy53mvGf26bxylrX46In8bOrsnbl681nirln4e/XsD2+qOI7+Tr//3JXg8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYFypRxHcjxY9+00qRImI0Yio6ebvY69EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKX+VMSpSPFf3+hv316NiC9GxIdr5Z+I/13baq9HDAAAAAAAAAAAAAAAAAAAAJ9AqYjLkeLH77VSLSKu1u4cePpQ7cTI4eG3iigilSW99W9MnDtZP7Uwt7g0s7w8M12fnG9eWJie2enT9Z9uzl+5Ojk2/khWZlsDj3j8A/2nFhbfWWpe+sOVu95/sP/k+eWVpcaFu98dA1GNGOydc6Q94Mmx8fagZ5uN+faiqXKPAVYj6jtdGQAAAAAAAAAAAAAAAAAAAPaNg6mIsUjx/M+Ope5549XOOf+f6twq1mt/8scb3wUwuyW7er8/YCfTaacDPdI+8b4+OTY+PtEzu9r30dJyTCkV8dlIcfjvP98+Hz7FwbueG1/W/VmkGPm/Y7mudrisG91U1X9kcmy8fmZh/qWTs7MLFxorjfOzM/WJxcaFHX9xAAAAAAAAAAAAAAAAAAAAANzHwVTEn0eKY6+vpu515/s65/9XO7d6zv9/LaJ72fn+tDnXtc/t/932uf2d6U+fGHn96PP3mv8ozv8vx5RSER9Gimf+6vPt6+l3z/8f3FJb1v04Uvzie1/KdZWnyrqh7up0HvFic3ZmsKx9MVJ8/2y3Ntq1r+baz2zUDpW1/xApnv2DzbXHc+1zG7VHy9o7kWL8zN1rP7tRO1zWDkSKr/5pvVt7sKz9eq49tFH78oWF2emdvrw8mcr+/7dI8eWhb6buz3z1Xv3f8/0f17bkuo/0/P2nH1b/13rmXct9vZb7f2ib/r8cKf7i+pdyXaf3jub7n2n/u9H/348Uv/epzbWv5NpnN2qHdrpasJfK/v+nSLF6+1/Wf+Zz/+fO2ujQ3v7/YnVzdrcL9qr/n+mZV8vjGv4tXwt40iy/8+23G7OzM0smTJgwsT6x17+ZgEet3P7/70jxtctF6u7H5u3/3+nc2tj//5/vbGz/n9iS6/Zo+//Znnkn8l5LXzWif2Vuse9zEf3L73z7peZc49LMpZn54eGR479/bOjo8aG+p7o79xtTO37t4HFX9v/bkeInf/PP659jb97/v/vnfwe35Lo96v/P9K7Tpv2aHb8U8MQp+/+vI8W/3vhg/f833e/zv+7nfC88vzkHukV71P/P9cyr539Geua9UESc3OlzAQAAAAAAAADAY+JgKuJnkeJvW/+4fs37zcf/xJe7tb3H/93Lfrj+PwBwf+X7/0Sk+PnBr6bud8js5Pj/6S25bo+O/z3UM296l85r3vGLDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH1OKIg5Eind/0Eq3i/J2R//p5vyVq5Nj43dfbCBFikoU7fryb//Q0eFjr7x6fKSb91/+YftCvDFx7mT91MLc4tLM8vLMdH1yvnlhYXpmx4/woMtvdaT9AtTn3r4yffHicv3oy8Ob7r5au3Pg6UO1EyOHh9/q1k6OjY9P9NRU+z72s39EengPxSfIU1HEzyPFey99kP69iKjEg/fCNr87HrWBqJb9116JybHx9orMNhvzK+WdqZKrqhG1noVGuz2yC734QEYjrkVEpRzwkXL1JhYbS43zszP1s42lleZKc2E+VTqjLdenFpUYSRGLEdEq9nrw7Dd9UcTfRYo7v26l/ygiim4fvHhm4s3B4e0foLoLg7zH09aKiNV4DHoW9qkDUcRzkeKHU4Pxn0Wnr9pt837EV8p8LeJymbdSXM+3U/kLYiTiV95P4LFWjSLORoqF1ErvF7n329uVp79Vf33+4kJPbXe78rHfP9hNtk3Yx/qjiF+2t/hb6ZfezwEAAAAAAAAAAABgnyvia5Hi5twLqX1+6Po5pc35S/VzjfOzncP6u8f+1/NSa2tra7XUyXrOwZyjOc/mnMq5mPNazus5b+S8mfNWztWct3O2ckYlP3/Oes7BnKM5z+acyrmY81rO6zlv5LyZ81bO1Zy3c7ZyhuOkAQAAAAAAAAAAAAAAAAB4RCpRxPcixY9+00prRef6slPRydvOc4VPtP8PAAD//2YvRwc=") move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x4) r0 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000100), 0x4) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast2}, 0x10) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r3 = getpid() bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x2, &(0x7f0000000480)=ANY=[@ANYBLOB="850000008c00000006120000", @ANYRES32, @ANYBLOB="00000000000000feda90da0000000000850000000dd70100008030eb020a57568a36bb1ebbee0c34d3f15b068257943464ea61c79008eebdd5eeb329d2"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./bus\x00', 0x2218050, &(0x7f0000000140)=ANY=[], 0x1, 0x1528, &(0x7f0000001800)="$eJzs3Au4TtX2MPAx5pyLTS5vkvsacyze5DJJklwScqkkSUjuCUmSJKnEJrckJEmuO8l1h9zTTu73W+6hnSNJkpCQZH7PTn061fn6n/PvHH1nj9/zrGfPsdYac421x/u+a633efb+suvQGo1qVq3PzPCv0D8P8OKPRABIAIABAJAdAAIAKJOjTI607Zk0Jv5LBxH/Jg2mXe4KxOUk/U/fpP/pm/Q/fZP+p2/S//RN+p++Sf/TN+m/EOlact4rZUm/i3z///859b9Jluv/fx/E3676R/tK///b6H9qb+l/upHh91ZK/9OL378ESP/TN+l/ehZc7gLEZSbv//RN+i9Euvanf6e87uw/s3/wb6nhP7xouPw1/KuLEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgjxH3DWX2IA4Ofx5a5LCCGEEEIIIYQQfx7/zuWuQAghhBBCCCGEEP9+CAo0GAggA2SEBMgEmeEKyAJZIRtkhxhcCTngKsgJV0MuyA15IC/kg/xQAEIgsMAQQUEoBHG4BgrDtVAEikIxKA4OSkBJuA5KwfVQGm6AMnAjlIWboByUhwpQEW6GSnALVIYqUBVuhWpQHWpATbgNboc7oBbcCbXhLqgDd0NduAfqwb1QHxpAQ7gPGsH90BiaQFNoBs2hBbT8g/yk7L+X/yx0h+egB/SEROgFveF56AN9oR/0hwHwAgyEF2EQvASDYQgMhZdhGLwCw+FVGAGvwUh4HUbBaBgDY2EcjIckeAMmwJswEd66PytMhikwFabBdEiGt2EGzIRZ8A7MhjkwF5IyzYcFsBDehUXwHqTA+7AYPoAlsBSWwXJYASthFayGNbAW1sF62AAbYRNshi3wIWyFbbAddsBO2AW74SPYA3thH3wMqfjJP5l/5u/zoRsCAipUaNBgBsyACZiAmTEzZsEsmA2zYQxjmANzYE7MibkwF+bBPJgP82EBLICEhIyMBbEgxjGOhbEwFsEiWAyLoUOHJbEklsLrsTSWxjJYBstiWSyH5bE8VsSKWAkrYWWsjFWxKlbDalgDa+BteBvegbWwFtbG2lgH62BdrIv1sB7Wx/rYEBtiI2yEjbExNsWm2BybY0tsia2wFbbG1tgW22I7bIftsT12wA7YETtiJ+yEnbEzdsEu2BW7Yjd8Gp/GZ/FZfA6fw55YTfXC3tgb+2Af7If9sT++gAPxRXwRX8LBOASH4sv4Mr6Cw/E0jsDXcCSOxEpqNI7BschqPCZhEmaECTgRJ+IknIyTcSpOw+mYjMk4A2fiTHwHZ+McnIPzcB4uwIW4EBfhe5iCKbgYz+ASXIrLcDmuwJW4AlfjGlyN63A9rsONuBE342b8ED/EbbgNd+AO3IW78CP8CPfiXhyMqZiK+3E/HsADeBAP4iE8hIfxMB7BI3gUj+IxPIbH8QSexBN4Ck/haTyDZwHgHJ7D83geL+CFtDe/SmOUURlUBpWgElRmlVllUVlUNpVNxVRM5VA5VE6VU+VSuVQelUflU/lUAVVAkSLFKlIFVUEVV3FVWBVWRVQRVUwVU045VVKVVKVUKVValVZl1I1ny6qbVDlVXrVxFVVFVUm1dZVVFVVVVVXVVHVVQ9VUNdXt6nZVS9VStVVtVUfVUXXVPaqe6oX9sIFK60wjNQQbq6HYVDVTzVUL9Qo+oFqp4dhatVFt1UPqNRyB7VUr10E9qjqqMdhJPa7G4hOqixqPXdVTqpt6Wj2jnlXdVWvXQ/VUk7CX6q2mYh/VV/VT/dUMrK7SOlZDvaQGqyFqqHpZLcBX1HD16l68+IGpRqnRaowaq8ap8SpJvaEmqDfVRPWWmqQmqylqqpqmpqtk9baaoWaqWeodNVvNUXPVPDVfLVAL1btqkXpPpaj31WL1gVqilqplarlaoVaqVWq1WqPWqnVqvdqgNqpNarPaoj5UW9U2tV3tUDvVLrVbfaT2qL1qn/pYpapP1H71N3VAfaoOqs/UIfW5Oqy+UEfUl+qo+kodU1+r4+qEOqm+UafUt+q0OqPOqu/UOfW9Oq9+UBeUV6BRK6210YHOoDPqBJ1JZ9ZX6Cw6q86ms+uYvlLn0FfpnPpqnUvn1nlMXp1P59cFdKhJW8060gV1IR3X1+jC+lpdRBfVxXRx7XQJXVJfp0vp63VpfYMuo2/UZfVNupwuryt40DfrSvoWXVlX0VX1rbqarq5r6Jr6Nn27vkPX0nfq2vouXUffrevqe3Q9fa+urxvohvo+3UjfrxvrJrqpbqab6xa6pX5At9IP6kC30W31Q7qdfli314/oDvpR3VE/pjvpx3Vn/YTuop/UXfVTupuuAgA/6Ava6x66p07UvXRv/bzuo/vqfrq/HqBf0AP1i3qQfkkP1kP0UP2yHqZf0cP1q3qEfk2P1K/rUXq0HqPH6nF6vE7Sb+gJ+k09Ub+lJ+nJeoqeqqfp6bpf2kygLr5i/iD/zd/JH/Tj0TfrLfpDvVVv09v1Dr1T79K79W69R+/R+/Q+napT9X69Xx/QB/RBfVAf0of0YX1YH9FH9FF9VB/Tx/RxfUJ/p7/Rp/S3+rQ+o8/o7/Q5fU6f1xd/B2DQKKONMYHJYDKaBJPJZDZXmCwmq8lmspuYudLkMFeZnOZqk8vkNnlMXpPP5DcFTGjIWMMmMgVNIRM315jC5lpTxBQ1xUxx40wJU9Jc97/O/6P6WpqWppVpZVqb1qataWvamXamvWlvOpgOpqPpaDqZTqaz6Wy6mC6mq+lquplu5hnzjOluupsepodJNImmt3ne9DF9TT/T3wwwL5iBZqAZZAaZwWawGWqGmmFmmBluhpsRCT/dMplRZowZY8aZcSbJZzcTzAQz0Uw0k8wkM2VAdjPNTDPJJtnMMDPMLDPLzDazzVwz18w3881Cs9AsMotMikkxi81is8QsNUvNcrPcrDQrzWqz2qw1a816s95sNBvNErPFbDFbzVaz3Ww3O81Os9vsNnvMHrPP7DOpJtXsN/vNAXPAHDQHzSFzyBw2h80Rc8QcNUfNMXPMHDfHzUlz0pwyp8xpc9qcNWfNOXPOnDfnzQVzIe22L1CBCkxgggxBhiAhSAgyB5mDLEGWIFuQLYgFsSBHkCPIGVwd5ApyB3mCvEG+IH9QIAgDCmzAQRQUDAoF8eCaoHBwbVAkKBoUC4oHLigRlAyuC0oF1welgxuCMsGNQdngpqBcUD6oEFQMbg4qBbcElYMqQdXg1qBaUD2oEdQMbgtuD+4IagV3BrWDu4I6wd1B3eCeoF5wb1A/aBA0DO4LGgX3B42DJkHToFnQPGgRtPxT5/f+dO4HXY+wZ5gY9gp7h8+HfcK+Yb+wfzggfCEcGL4YDgpfCgeHQ8Kh4cvhsPCVcHj4ajgifC0cGb4ejgpHh2PCseG4cHyYFL4RTgjfDCeGb4WTwsnhlGBqOC2cHiaHb4czwpnhrPCdcHY4J5wbzgvnhwtC/OnikhK+Hy4OPwiXhEvDZeHycEW4MlwVrg7XhGvDdeH6cEO4sczAi7uGW8Nt4fZwR7gz3BXuDj8K94R7w33hx2Fq+Em4P/xbeCD8NDwYfhYeCj8PD4dfhEfCL8Oj4VfhsfDr8Hh4IhOE34Snwm/D0+GZ8Gz4XXgu/D48H/4QXgh92s192uWdDBnKQBkogRIoM2WmLJSFslE2ilGMclAOykk5KRflojyUh/JRPipABSgNE1NBKkhxilNhKkxFqAgVo2LkyFFJKkmlqBSVptJUhspQWSpL5chSBapAN9PNdAvdQlWoCt1Kt1J1qk41qSYh3k61qBbVptpUh+pQXapL9age1af61JAaUiNqRI2pMTWlptScmlNLakmtqBW1ptbUltpSO2pH7ak9daAO1JE6UifqRJ2pM3WhLtSVulI36kbP0DPUnbpTD+pBiZRIvak39aE+1I/60QAaQANpIA2iQTSYBtNQGkrDaBgNp+E0gl6jkfQ6jaLRNIbG0jgaT0mURBNoAk2kiTSJJtEUmkLTaBolUzLNoBk0i2bRbJpNc2kuzaf5tJAW0iJaRCmUQotpMS2hJbSMltEKWkGraBWtoTW0jtbRBtpAm2gTbaEttJW20nbaTjtpJ+2m3bSH9tA+2keplEr7aT8doAN0kA7SITpEh+kwHaEjdJSO0jE6RsfpOJ2kk3SKTtFpOk1n6Sydo+/pPP1AF8hTgs1kM9srbBab1Waz2e2v4zw2r81n89sCNrS5bG6bCQB+jslaW8QWtcVscetsCVvSXvebuJwtbyvYivZmW8neYivbcjYT/DK+3d5ha9k7bW17l61pb/u7uI6929a199t6tomtb5vZhraFbWTvt41tE9vUNrPNbQvbzj5s29tHbAf7qO1oH/tNvMi+Z9fYtXadXW/32L32rP3OHrFf2nP2e9vD9rQD7At2oH3RDrIv2cF2yN/HAHakfd2OsqPtGDvWjrPjfxNPsVPtNDvdJtu37Qw78zfxQvuunW1T7Fw7z863C36M02pKse/bxfYD7723y+xyu8KutKvs6v9b63K70W6ym+1u+5HdarfZ7XaH3Wl3/Rinncc++7FNtZ/Yw/YLe8B+ag/ao/aQ/fzHOO38jtqv7DH7tT1uT9iT9ht7yn5rT9szP55/2rl/Y3+wF6y3wMiKNRsOOANn5ATOxJn5Cs7CWTkbZ+cYX8k5+CrOyVdzLs7NeTgv5+P8XIBDJrbMHHFBLsRxvoYL87VchItyMS7OjktwSb6OS/H1XJpv4DJ8I5flm7gcl+cKXJFv5kp8C1fmKlyVb+VqXH3bHRc/7fgOrsV3cm2+i+vw3VyX7+F6fC/X5wbckO/jRnw/N+Ym3JSbcXNuwS35AW7FD3JrbsNt+SFuxw9ze36EO/Cj3JEf4078OHfmJ7gLP8ld+Snuxk/zM/wsd+fnuAf35ETuxb35ee7Dfbkf9+cB/AIP5Bd5EL/Eg3kID+WXmfkVHs6v8gh+jUfy6zyKR/MYHsvjeDwn8Rs8gd/kifwWT+LJPIWn8jSezsn8Ns/gmTyL3+HZPIfn8jyezwt4Ib/Li/g9TuH3eTF/wEt4KS/j5byCV/IqXs1reC2v4/W8gTfyJt7MW/hD3srbeDvv4J28i3fzR7yH9/I+/phT+RPez3/jA/wpH+TP+BB/zof5Cz7CX/JR/oqP8dd8nE/wSf6GT/G3fJrP8Fn+js/x93yef+AL7BkijFSkIxMFUYYoY5QQZYoyR1dEWaKsUbYoexSLroxyRFdFOaOro1xR7ihPlDfKF+WPCkRhRJGNOIqiglGhKB5dExWOro2KREWjYlHxyEUlopLRdVGp6PqodHRDVCa6MSob3RSVi8pHFaKK0c1RpeiWqHJUJaoa3RpVi6pHNaKa0W3R7dEdUa3ozqh2dFdUOro7qhvdE9WL7o3qRw2ihtF9UaPo/qhx1CRqGjWLmkctopbRA1Gr6MGoddQmahs9FLWLHo7aR49EHaJHo47RY5e2Fw0uvr5+tT0x6hXpn2737tTz4wviC+PvxhfF34unxN+PL45/EF8SXxpfFl8eXxFfGV8VXx1fE18bXxdfH98Q3xjfFN8c975mRnCY9iAMxgUug8voElwml9ld4bK4rC6by+5i7kqXw13lcrqrXS6X2+VxeV0+l98VcKEjZx27yBV0hVzcXeMKu2tdEVfUFXPFnXMlXEnXwrV0LV0r96Br7dq4tu4h95B72D3sHnGPuEddR/eY6+Qed53dE66Le9I96Z5y3dzT7hn3rOvunnM9XE+X6BJdb9fb9XF9XD/Xzw1wA9xAN9ANcoPcYDfYDXVD3TA3zA13w90IN8KNdCPdKDfKjXFj3Dg3ziW5JDfBTXAT3UQ3yU1yU9wUN81Nc8ku2c1wM9wsN8vNdrPdXDfXzXfz3UK30C1yi1yKS3GL3WK3xC1xy9wyt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcVvdVrfdbXc73U632+12e9wet8/tc6ku1e13+90Bd8AddJ+5Q+5zd9h94Y64L91R95U75r52x90Jd9J94065b91pd8addd+5c+57d9794C4475Jib8QmxN6MTYy9FZsUmxybEpsamxabHkuOvR2bEZsZmxV7JzY7Nic2NzYvNj+2ILYw9m5sUey9WErs/dji2AexJbGlsWWx5bEVsZUx7/NvjXxBX8jH/TW+sL/WF/FFfTFf3Dtfwpf01/lS/npf2t/gy/gbfVl/ky/ny/sKvolv6pv55r6Fb+kf8K38g761b+Pb+od8O/+wb+8f8R38o76jf8x38o/7zv4J38U/6bv6p+b89PL03f1zvofv6RN9L9/bP+/7+L6+n+/vB/gX/ED/oh/kX/KD/RA/1L/sh/lX/HD/qh/hX/Mj/et+lB/tx/ixfpwf75P8G36Cf9NP9G/5SX6yn+Kn+ml+uk/2b/sZfqaf5d/xs/0cP9fP8/P9Ar/Qv+sX+fd8in/fL/Yf+CV+qV/ml/sVfqVf5Vf7NX6tX+fX+w1+o9/kN/stPiNs9dv8dr/D7/S7/G7/kd/j9/p9/mOf6j/x+/3f/AH/qT/oP/OH/Of+sP/CH/Ff+qP+K3/Mf+2P+xP+pP/Gn/Lf+tP+jD/rv/Pn/Pf+vP/BX5C/WRNCCCGE+B9J/IPtvX5nnfppMQDQGwCybst76Jfb056bNuS6OO6r9nSMAcCjPbs2+Hlp0CAx8efjLtEQFJoHALFL+RngUrwU2sLDP45K/W59fVUF5F/NH/xie9r88RsBMgNk+nldAvwY/2L+DtAGrv8H8zd599fz/7r++DyAIoUu5aQd6Of40vyl/8H8u9r9wfyZPk0CaP2LnCxwKb40f0l4EB6DDn+3pxBCCCGEEEIIcVFfda7bHz3fpj2f5zOXcjLCpfjS8+fvP5//gcp/xjkIIYQQQgghhBDi/+2Jp5955IEOHdp0/m8eZPxrlPEXGCAA/AXKkMFff3C5P5mEEEIIIYQQf7ZLN/2XuxIhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECL9+tf/Q5j6H+/8y+Ppy3eqQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxGXzfwIAAP//mQVHMg==") openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x84a42, 0x99) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)=@newtaction={0x18, 0x30, 0x1, 0x2, 0x25dfdbfc, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r7, 0x0) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000d00)=ANY=[@ANYBLOB="14000000140001002dbd7000000000f708"], 0x14}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@hci={0x1f, 0x0, 0x2}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)="18", 0x1}], 0x1}, 0x0) 9.707279559s ago: executing program 0 (id=498): socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000040), 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2) r4 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000080)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f00000000c0)=0x5) 9.651787245s ago: executing program 5 (id=499): socket$packet(0x11, 0x3, 0x300) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r0) mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r5, &(0x7f00000002c0)=[{&(0x7f0000000280)}], 0x1) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='kmem_cache_free\x00', r7}, 0x18) 8.617019606s ago: executing program 0 (id=500): socket$nl_xfrm(0x10, 0x3, 0x6) syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file3\x00', 0x8, &(0x7f00000003c0)=ANY=[], 0x4, 0x1c0, &(0x7f0000000440)="$eJzslT+PEkEYxp+ZxQWMn8DGQhKxcNld1NiQQGNlYeIfYmEikYWgixjYQkiM8RPY21n4MUy09UMYtNEGq7t6L/NnlzkC3EHY45J7fwnvPrsz8/LOO8kzIAjiwvLn9+E0Pqj9LQC4ghLy+vs/az6HG/N/Ff6///HgfvPT868/81OnuCxnHJ/+/3MAvjcsROna46tL+vkYPNVPwHFT6yYYHK1fgOOp1gEYnmn9ytADMd9xOr0wcF4OwrYQrgieCL4I1cX6Zh8Z2kZ9zBgfjSevW2EYDDMUJ/Vv1uCoGfWZ5+VAVesa/fPA4WldBcMjre8hn/RGtcTY/9XcPL+1dv82drr/TpadtQFstxxgZ3L2GQsLUiQnuvd6di6QOxdlZCy+1dX5JV/iD+p9szz1FUP2hnl051N/ir8w3DD8SVnJZ3nVVKL+28poPLnV67e6QTd44/vVu+5t173jV6QRqbjG/4rSny7P8y+9kwQ2s/GuFUVDT8X03VdxmeNy6X8c5eu4JN6Fm9oLeQuGZvrH5VOosrWyeIIgiD1yDUx6svTlROjbJB2IY//hnuskCIIgCIIgCIIgCGJ7jgIAAP//nx9gWA==") socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4080) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000500)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe94, 0x30, 0x25, 0x0, 0x0, {}, [{0xe80, 0x1, [@m_pedit={0xe7c, 0x1, 0x0, 0x0, {{0xa}, {0xe50, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x2c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x8}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe94}}, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) 8.616066535s ago: executing program 1 (id=501): r0 = socket$inet6(0xa, 0x3, 0x7) getsockopt$inet6_int(r0, 0x29, 0x50, 0x0, &(0x7f0000000040)) 8.33685267s ago: executing program 1 (id=502): openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0xffffffdfffffffff, 0x4100, 0xb, 0x0, 0x3, 0x95, 0x4, 0x0, 0x100, 0x7, 0x0, 0x7, 0x2, 0x9f, 0x1, 0x0, 0x4, 0x300000000000, 0x9, 0x8001, 0x9, 0x1, 0x3, 0x1, 0xe}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}}, 0x0, 0x0, 0x0) 6.563353322s ago: executing program 1 (id=503): memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)=ANY=[], 0x50) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x19, 0x1c, &(0x7f0000001840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1b}}, {}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x5}, {0x3, 0x3, 0x6, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x8, 0xa, 0x4}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x0}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x2}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x480, @void, @value}, 0x94) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYRESDEC=r3, @ANYRES64=r3], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000340)={{0x8, @loopback, 0x4e2c, 0x1, 'ovf\x00', 0x14, 0x2, 0x19}, {@empty, 0x4e22, 0x3, 0x10001, 0x400fc1a, 0x8}}, 0x44) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="200000006800e97800000000ffdbdf250a0000000000000008000500", @ANYRES32=r6], 0x20}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 6.499957379s ago: executing program 4 (id=504): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0xe47, 0x80, 0x0, 0x21e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) r3 = fsopen(&(0x7f0000000140)='vfat\x00', 0x0) close(r3) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r4, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20042, 0x1}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58) r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(r6, &(0x7f0000001a80)={0x0, 0x0, 0x0}, 0x40012121) fsopen(&(0x7f00000000c0)='fusectl\x00', 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) 5.79783345s ago: executing program 5 (id=505): bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, 0x0, 0x0, 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = socket$inet_tcp(0x2, 0x1, 0x0) creat(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000380)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x28}}, {0x20000010304, @dev}, 0x4, {0x2, 0x4e20, @multicast1=0xe000cc02}}) clock_gettime(0x3, &(0x7f0000000040)) 4.88472553s ago: executing program 0 (id=506): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) ioctl$DRM_IOCTL_GET_UNIQUE(0xffffffffffffffff, 0xc0086401, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000002980)=""/4112, 0xfffffe09}], 0x1}, 0x0) 4.696193632s ago: executing program 2 (id=507): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r2, &(0x7f0000000cc0)=[{{&(0x7f0000000700)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, 0x0}}], 0x1, 0x48094) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$tty1(0xc, 0x4, 0x1) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {0x401, 0x3, 0x4, 0x2}, 0x1e, [0xd4, 0x5, 0x9, 0x8a4, 0x2, 0x2, 0x7fffffff, 0x80000001, 0x5, 0x1, 0x105, 0x3c6, 0xa, 0x6, 0xf70, 0x3, 0xe7, 0x7, 0x401, 0xbc5e, 0x8, 0x1, 0x6, 0xffff, 0xe, 0xb, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0x2, 0x7, 0x1ff5, 0x1, 0x1, 0x80000000, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x1, 0x1, 0xa, 0x2, 0x3, 0x9, 0x5, 0x9, 0x0, 0x3a26, 0x1000, 0x57f5, 0x2, 0x6, 0x7ff, 0x2], [0x80000800, 0xffffffff, 0x4, 0x5, 0x7fffffff, 0x1, 0x553, 0x7, 0x2, 0xfffffffc, 0x8, 0xc, 0x36, 0xa, 0x3, 0x1, 0x9, 0x98, 0xc, 0xe56d, 0xa4, 0x4, 0x98d, 0x8, 0x0, 0xd, 0x5, 0x0, 0x6e39, 0x8000, 0xa, 0x2, 0x3, 0x0, 0xfffffffe, 0x7, 0x4, 0xd, 0x80000009, 0xfff, 0x4, 0x0, 0x40, 0x7, 0x8, 0xfffffff7, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a17, 0x0, 0x8, 0x7, 0x0, 0xffffffff, 0x1, 0x9, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x6, 0xdb8, 0x9, 0x4, 0x2, 0x6, 0x5, 0x5, 0x3, 0x5, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x8008, 0xee40000, 0x1, 0x1, 0x43, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x8, 0x2, 0x4, 0x800, 0x7, 0x9, 0x0, 0x0, 0x1, 0xfffffffe, 0x7, 0x0, 0x9, 0x8c0, 0x9, 0x8000002, 0x9, 0x7, 0x6, 0x5, 0x81, 0xf7b4, 0xffffff20, 0x55f2, 0xdf45, 0xfffffffd, 0x7f, 0x9, 0x7ffc, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x7f, 0x3, 0xffff], [0x1, 0x896, 0x8, 0x246d, 0x6, 0xfe, 0xfffff410, 0xd, 0x7ff, 0x606, 0x4, 0x800009, 0x80000001, 0x2, 0x8000000b, 0x2, 0x7, 0x1, 0x80000000, 0x2, 0x7ff, 0x3ff, 0x0, 0xfffffffe, 0x9, 0x100, 0x2, 0xec9b, 0x61c8, 0x6, 0x0, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0xe, 0x4000006, 0x7, 0x1, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x3, 0x3c, 0x400, 0x1000, 0xfffffffe, 0x15, 0x8002, 0x7, 0x81, 0x5, 0x7, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000200)=0x9, 0x4) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000680), 0x1, 0x5d5, &(0x7f00000006c0)="$eJzs3U9rHOcdB/DvrNey5YKtJHbiloBFDG1TUVurdVO3l7qlFB1CCRR6CgFhryPhtRKkTVFCKer/a19CetAb6C23QHrIqT33pGso9K6by8zOrjaWokixrF3Fnw88+zzPPjPP/Oa3M7M7K8QGeGYtzqW5mSKLc69vlP3trXZ3e6v9cNBOci5JI2n2qxSrSfFJcif9km+WT9bTFV+0nVc/u/TRtbc+fbPfa9alWr5x0HqHs1mXzCY5U9fHNd/dJ56vGO5hmbDrTxYbHJ9He2weZfUnPG+BSVD03zf3mEkuJDlffw5IfXVonGx0x+9IVzkAAAA4pS7tZCcbuTjuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA0qX//v6hLY9CeTTH4/f+p+rnU7VPt43EHAAAAAAAAAADH4NpOdrKRi4P+o6L6m/8rVedy9fiNvJf1dLKWG9nIUnrpZS2tJDMjE01tLPV6a61DrLmw75oLJ7O/AAAAAAAAAPA19Ycs7v79HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkGRnOlXVbk8aM+k0UxyPslUudxm8u9B+zT7eNwBAAAAwAm4tJOdbOTioP+oqO75X6zu+8/nvayml5X00k0n96rvAvp3/Y3trXZ3e6v9sCx75/3p/44URjVj+t897L/lq9US07mfleqZG7mbd9LNvTSqNUtXB/HsH9fvy5iKn9QOGdm9ui73/G91PRlmqoycHWZkvo6tzMZzB2fiiK/O41tqpTH85ufyU8j5hbou9+cvE53zhZGj78WDM5H84Nf/WV7urj5Yvr8+Nzm79BU9non2SCZeeqYyMV9l4sqwv5hf5FeZy2zeyFpW8psspZdOZvPzqrVUH8/l48zBmbrzud4bXxbJVP269K+iR4vplWrdi1nJL/NO7qWT2/lRbuV2budWFjKf+ZFX+MohzvrG0c7669+tG9NJ/lrXk6HM63MjeR295s5UY6PP7Gbp+eO/Nja/VTfKbfyxrifD45lojWTihYMz8fdH5eN6d/XB2vLSu4fc3nfqujyP/jxR7xLl8fJ8+WJVvc8fHeXYC/uOtaqxy8Oxxp6xK8OxLztTp+rPcHtnWqjGXtp3rF2NXR0Z2+/zFgAT78L3LkxN/3f6X9MfTv9penn69fM/O3f73MtTOfvPsz9uzp/5duPl4h/5ML/bvf8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+uvX3P3iw1O121jQ0NDSGjXFfmYCn7Wbv4bs319//4PsrD5fe7rzdWW3farVfu9V6rf3Dm/dXup35/uO4wwSegt03/XFHAgAAAAAAAAAAABzWSfw7wbj3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjdFufS3EyR1vyN+bK/vdXulmXQ3l2ymaSRpPhtUnyS3Em/ZGZkuuKLtvPqZ5c+uvbWp2/uztUcLN84aL3D2axLZpOcqevjmu/uE89XDPewTNj1QeJg3P4fAAD//0H+C6o=") 3.551961515s ago: executing program 0 (id=508): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file3\x00', 0x8, &(0x7f00000003c0)=ANY=[], 0x4, 0x1c0, &(0x7f0000000440)="$eJzslT+PEkEYxp+ZxQWMn8DGQhKxcNld1NiQQGNlYeIfYmEikYWgixjYQkiM8RPY21n4MUy09UMYtNEGq7t6L/NnlzkC3EHY45J7fwnvPrsz8/LOO8kzIAjiwvLn9+E0Pqj9LQC4ghLy+vs/az6HG/N/Ff6///HgfvPT868/81OnuCxnHJ/+/3MAvjcsROna46tL+vkYPNVPwHFT6yYYHK1fgOOp1gEYnmn9ytADMd9xOr0wcF4OwrYQrgieCL4I1cX6Zh8Z2kZ9zBgfjSevW2EYDDMUJ/Vv1uCoGfWZ5+VAVesa/fPA4WldBcMjre8hn/RGtcTY/9XcPL+1dv82drr/TpadtQFstxxgZ3L2GQsLUiQnuvd6di6QOxdlZCy+1dX5JV/iD+p9szz1FUP2hnl051N/ir8w3DD8SVnJZ3nVVKL+28poPLnV67e6QTd44/vVu+5t173jV6QRqbjG/4rSny7P8y+9kwQ2s/GuFUVDT8X03VdxmeNy6X8c5eu4JN6Fm9oLeQuGZvrH5VOosrWyeIIgiD1yDUx6svTlROjbJB2IY//hnuskCIIgCIIgCIIgCGJ7jgIAAP//nx9gWA==") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4080) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000500)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0) sendfile(r5, r5, 0x0, 0x40008) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0100001a00130727bd702004000001fe8000000000000000000000000000aaac1414bb000000000000000000000000000000004e2200090000a0002f000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000133000000640101010000000000000000000000000000000000000000fcffffffffffffff01000000000000000300000000000000060000000000000002000000000000007e720800000000006d000000000000000000000000000000fbfffff7ffdfffff0600000000000000020000000000000001000001060000000800000000000080063500000a00020021000000000000004c001400736861310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000"], 0x13c}}, 0x0) 1.849810632s ago: executing program 0 (id=509): bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file0/file0\x00'}, 0x18) 1.778909228s ago: executing program 2 (id=510): socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000040), 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2) r4 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000080)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f00000000c0)=0x5) 1.571656678s ago: executing program 0 (id=511): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000000300)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1, @remote}, 0x0, {0x2, 0x0, @private}, 'syz_tun\x00'}) read$FUSE(r0, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) chown(&(0x7f0000000240)='./file1\x00', r3, r4) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000002640)={{{@in6=@local, @in6=@loopback}}, {{@in=@multicast1}, 0x0, @in6=@ipv4={""/10, ""/2, @broadcast}}}, &(0x7f0000000180)=0xe8) r5 = geteuid() r6 = syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f00000024c0)={[{@compress_algo={'compress', 0x3d, 'zlib'}}, {@user_subvol_rm}, {@fatal_errors_bug}, {@datacow}, {@noinode_cache}, {@autodefrag}, {@noenospc_debug}, {@space_cache}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@hash}, {@pcr={'pcr', 0x3d, 0xd}}, {@measure}, {@fowner_eq={'fowner', 0x3d, r3}}, {@subj_type={'subj_type', 0x3d, 'noinode_cache'}}, {@subj_user={'subj_user', 0x3d, 'noinode_cache'}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@fowner_lt={'fowner<', r5}}, {@fsmagic}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}, 0x0, 0x55dd, &(0x7f000000c1c0)="$eJzs3W9sVeUdB/BzWwoNutKNFRgvCBCDQRJkyxZHULwYA9tw8VJBYU4EohKDFWyiG4zUIskyY9BCJ4KLSEg0mRFk+ELBDFmGMJbxZ5tbjM0KSqVZsg3UrHHE6NJ773O59xxue2Fudfr5kPac5/7O89znnpwX93vpeW4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAURQdTs14b3LnS0eG1n35gX/8eMxja34yatueDQdvvX/tA7NPD7l5y9SFPasmtsxavabpcOszu6ffFkWpbL9Uvv/t132r8a6bbv9ubRhw0Zzctr6+3FPmup7INQaXPNjbr/RncRRFNbEBqvPb1/I7VSUDFHabkwP26d32udE942aO3d7x9Mj56TldyZdOr9qBnsBAyV9XXeeupXT2d1XsiEK76NJLlVyiuf7xC+5C5lL1n7wQAKBiUzLZTeHtaP4tbqHdGq/H2ulYuy3WDu8Q2oobFyM37uBy8xwbrw/QPNO5qDCk7Dxj9fz5L7Qz8f6xdixqXMA8Sw/NR5racvNcEasP1DwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPk1GHDuyfPH2R3fc/8t9dYff+2D6VQ9+ad+h7fOOD71mwZLNy8f/dOrCnlUTW2atXtN0uPWZ3dNvi6L6bL9UrnvqeNsVv82MmNW5a+Sbzduer+upzo8btoOKDo7eCDtTh0XRkqJKVxj2r3VRlCktZJvR5mTh7uzOt0MBAACAz5KvZH9XFdq5OFhT0k5l02Qq+y/IhcV32+dG94ybOXZ7x9Mj56fndF38eJky46XPO16hXX/uJ1UUjEP8jY93rh4ObU6M07f4iPE8f9nw4e+8Pa5x3Ncnznjyxmcv6ez4wlOT12f+2FD34pU3dDc+d30i/9f3nf/DmZP/AQAAuCA1pU35Pz5O3/rL/3cumLD+jV8MWvrr9qYn9zdu/nP7d57dMvdk140/6nllQvqOx65J5P+xJU+ZyP9hxiH/V0UXl/8BAADg0+y/nf/TiXH61l/+bzrdM+0H+19v2Pf36fN2/OrhK+edOfW3WSe3bR28/M62VQ0PX5XI/1Mqy/+DiqcdHvxdmPCyYVE0pfKTCgAAAJQI/+9+7qOFkNdznxzE8/p1/7y6dfctH37zGw/d+6e33vnN0b3Txq7c1DBl/ys3N35U/b1NnYn8n64s/9f8b14uAAAAUIEXjiyZMfNY19knzrzYceLQtu4Tk586vbKl51T7pW3Llq49+noi/2cqy/9DBublAAAAAOdx313PL1732ss9D+65e8T4rqqrmy9N3bpx84SW0R8fuKz7ik0bEvl/UWX5f2h+m7/zIdfpQPgrhPZhUVTbu7MiVzgYtV1bKAAAAACfkJDTN3y4eOGILSO6Rx079XjdwTcPTfvLigPT11zbWdO57sDC5ssT6wWExF5u/f+w0kG4/79k/b/E/f9Fhdyqf9MsDAAAAMDnUfJ+/rA8fu6bC8p9/36l9//PbxhzPLX97feXfvXs3rPDZ+/5/g1rVzZ2d987+uXf//APkz6uTeT/1sryf3Xx9pP8/j8AAAC4CP9v3/+3IDFO3/pb/7+lqqdp6cpdk5atX7F+Tmrh3tqTDy3b9cHs5f+acMsLLXXX703k/7bK8n/YXlL88vaF87N2WBSN6t3Jryb48zDdZbHCzpqiQu7Ex3rcFHrkCzuHFBWyVsR6fG1YFI3r3WmNFb4YCm2xwpm6fGFrrHA0FPLXQ6GwI1bYF660jXX56cYLL4VC/gaLneEOiksKt0TEeryf7FFVKJy3R0fhyQEAAD5XQnjOZ9ma0mYUj7I7U/0dMLSPA0oWxC87QnV/BwyKHRA/sNzj0aLSQnj8jgOPrl7bND796iMzHv/ZW881j979xOUN3es+enXjfWO2TGqbkMj/WyvL/+FUDM5tyt3/H4X7//Pfa1i4/39RKNTHCjtDIRNfMSATniMXdh8Jz1Gfyfc4M6pQAAAAgM+08LlA9QDPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Dd79x4nVXUnCPx00w+6aZo2TkQzTtJRA5qRprE1DINj0Dw0GkIzaxw3GQ2EbhBpAuGxCsGkAXXGIX7G186aiY6gILKrfohxNBiMxEXMqJMoJj4AH+vouq7vUYnRTNhP961TVN3qoguhlXa/3z+6TtXvPG89us69t84FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/z/ceeTzXx65ZN4/vNtwzgXrqmYs/R+d4y/6w2Vf+/hj/7hy6b+HRb8Yc+b2hUd898RFi2f+a+eqdcedEUJrd7mypHjZU5d8+r7WA0588pahW+Zce2P99qpMvZl4GNT1pzxz5/zY6rODQ7i9LISKdGBEXRKozNyvi/UdXBfCfmFnIFuivTYpkW443FMTwvKwM5Ctal1NCHU5gVM3333XxV2JK2pC+FQIoTrdxhPVSRs16cCwqiRQmw7MqkgCv92RyAZ+Up4EYI/FN0P2Rb+2NT9DQ8/lirz+Kvdaxz5Y6eENiImG4vlePr6PO5WjKv1A6x49bQXV0ScK3h4bSn/aKkqorp/a199tBdv5Eh+SuV+kMt9QduwMVYfytvapk+d3zIuPlIempgHFauqj5/nx1xdN2Z10v3kdxg407JXX4YUPrZ41aOX4Cy/f9qsJm8+qOWxPu/lYzibNTfe16pB5zfWb5zEa5/OkH7z9Cr4lNfrSFULYcc7Zsz8/v+3s4wbc8OjGF++9t2772fMX/+LMtnOXnv+Vzf+x6LmC+X/Druf/8eUcb8vzcsdW361P5ubxkbqYeLU+mZsDAABAv9Ef9pqu+c7Lf/Xy9ze0zll6+tdfO/Kcdw9o/fWYu4dUHfbKxqbW72z56AsF8//G0o7/x0P+dbmj3RDCuO7E0iEhHNj9eBJYE7vzzSEhfLI71ZofOD4V2BDCQd2JI7JVpUoMjCUaU4Hn6zOBcanApvoQ/jlnW2YDq2KJS1Ilzo+BtanAlBjYkAqcEANhev44Pl2fGUfJgZoYmJRsxLXxLIQ36mNrqW21NVsVAADAXpKZHVbm380512FPM8Tp5dqa3jLEM7CLZqhO1ZCewWanVUVrqOithvLeasiOu3PXwy+ouay3mgtOwyjLz3Dt+r+8a+mzx3xs4gFtH1028rzpP5scznr99qqHm5c/+9rBx12/sWD+37zr+X91Dx0pyzn+Hx+f2P035i7PZOiIvQ2TWvMyAAAAAHvge3/8F/vVPj/isIatb5fduWjDIw+u/uW2/U49/e1JJ738w2NrGu8smP+PK+38/7hPZEBO5vBA3A0xY0gIzfmBpNqxhYHkqPegTAAAAAD2bQO7/2aPx2dP+J+euU1O0U7Ppwvzt+5m/njgf1yP+X9/xz/X3rLj354tO++b54ypGbLin17snHLyV0644aSvvXFQxWG/LC+Y/7eWdv5/bf5t0olNsReXD4nbIwncG3vZFejWGANPfzY/kBn/prgBlsWqMicmZKtaFktMioHmVGB5sRIPZkscmB/IPFnZxpdmxzE9UyInAAAAAO+7uDsgHpeP5/+3nDHmtL/+9ty/XfLCveeuO++CvxrduWjsl+9+/N2GBZeuCFtfPa5g/j9p987/754HF5ze3zEohJEVIQxILwz4QG2yMGAM1JVlEnfWJnUNSFe1pDaEsV0DS1f1TGb9/4r0GoMP1yRVxcCBh9zw+rCuxMqaEEbmBh75+opjuhLzU4Fs46fVhPCJrtGmG79tYNJ4ZbrxKweG8PGcQLaqKQND6GqsKl3V/6zOXMcgXdXa6hD2zwlkqxpdHcKCAEB/Ff+XtuU+OHfBwhmTOzra5/RhIu7ErwlTp3e0N02Z1dFWXaRPbak+561jtLhwTKVe+mZrZo2iZWumVZaSzv5QsDm3rcyO/IIzBzP345ehyu5xHlWZd7clPeTDDy1sIuR8lSo25PI+HnJtbiU7n8SC+mP+qjAoDJw/t31O07mT582bMyr5W2r2o5K/8ThTsq1GpbdVbU99K+HlUXS5rJT3uq2G5VYyct7M2SPnLlg4YvrMydPap7V/q+XoP2sZM3r0Z8aM7BpUc/K3l5EO66nm1Eh3rChxWHtxpB/LveTI+/GhIfHBJrqe+H2gGxL9KnHIf9l2//j9N33r6p+99OPvDPrSaXce+Nk5Pzz6shn3VR987LKbRxxeMP+fvev5f/zUiR/8mfUZih3/b4iH+ZPHdx7mnxQDy0s9/t9Q7Gh+9sSAxlSgMwY6HeYHAADgwyHujox7M+NO6W03bNq4ZXnLgh80vNFy4/qOFdddd9dXf3Lr0JM/MTwcsPmqkz9SMP/vLO33/3tp/f/s0vUnF1vm/4hYornY+v/pZf6z6/939rD+f4/L/GfX/1/+Aaz/Pz8bSG2SN6z/DwAAfBiU5fzt2/X/e13eP32BgIIMvS7vn75AQEGGXpfxL3aBgHj/Pa//v/7ev/5U1aAJt/xJy2/qL3jp7+44pvWzG7fN+ZNP7NjUdtdVE29YXzD/v6S0+b+F+wEAAGDf8Z8vuqLihLNvv6Vl44wtk14d/uajry0fNuCdihPu7xj7zNBXbjy3YP6/vLT5//u//l8odv5/Y7FAa7GFAa3/BwAAQD9VbP2/O0a2NP5hwuA/PD7qN6vuvX78Tx/4+e9XHfLzU35WftDiLzw956KpBfP/taXN/+NpF+V5uWNv3q1P1rQL6TXtXq3P/mQAAAAA+ofy0NRUWWLevIVRj3/vbT6eWQp0V+lc337hyrO3PTPrxIdP3/h3NScP33/KzPPWNv7N6MNv/ei4C/ZfsfWrBfP/DaXN//N+l3HhQ6tnDVo5/sJ3L9/2qwmbz6o5bOfxfwAAAKDvlLpfAgAAAAAAAAAAAAAA+OCd07nsuw+s/MJbX7r5Lw49bvmLw2+67fDfjRj03CWX3TN17StnTvt8we//w8TucsV+/x+v+xd/X/BHebljq72v/5e5f+opNy/oXrLwgfoQDs0NzFgyY7+QuTb/8NzAXWccMbQrsSRdYv2TJzzXlfhGOnDSiI9s70ocmwpMioskHpQOxKsqbh+cCsTlFR9OB+L2WJsOVGUCFw3uHkdnwbZ6oS7ZVmXpbbWlLoQhOYHstrq9LmmjLD3AK1KB7AC/nQ7EAX4lEyhP9+rmQUmvYqAuFr1mUNIrAAD2WfFbYGWYOr2jvTl+hY+3H6vIv43ylixbXFhtWYnNb80sTbZszbTKUtID0t9Fd15rvDJUdw1hVMHX1dwsZd2j3Du19LLp/qjIkHtb7a28SLm03d10VcVHVJOMqGnKrI62yl4H3tJ7lqMqes0yqmxXWcq7N2kJtZTQlxJGVOK2KaHL8X55aGoakMr15zHYEPL09ooo9ff6uev8FXsV5Oa56ehLX/vk53761Dv/8tFHBn/xtJqb537/zVN+/fLdhx913FVTmtZvL5j/N5Q2/6/OHdf2zMUAOuOV9cYOCWFSiSMCAACAD7+bvnfjLafP2vTC1A0Vjz700IzyCadX7lh066KFF2y5c9lJFx25ek/jx5z12+//Zvih//7kZc/9dOxB91xz/f9+9JiH//z39//ovjfq1gyY+FbB/L+xtPl/3IOVORSc7O3YEK//v3RICN2X1m9IAmvicL85JIRPdqdaY4nkgvonxxLNSWBN3GFyRCwxqTW/qoExsDYVeL4+E9iQCmyKgcxeihtCZlfOpfUhHNOdmphfYnYs0ZAKTIiBxlSgKQaaU4HBMTAuFXhpcCbQmgrcHwNhev62+vHgzLYCAADYHZl5VmX+3ZCe562t6C1DWW8ZanvLUN5bhureMhQbRbx/S8xQmTp5pSwnU2W61ppULQUZ4sXwd7tfBRnCg/k50wULmo7nH2TPNyjLz3DpD5786qbhs+5bt+1znxl60z+O2P/I5ll1by2+5rHfTvjWVU//6bCC+X9zafP/2vzbpPVNcf6/8/p/SeDe2L3L46njjTHw9GfzA5kdA5viZHdZtqrWTInMpH1ZLDEuBhpTgdkxMC4VmDQxE1g+ND+QmWlnG1+abXx6pkROAAAAAN53cQdB3E0T5//XHv+Dy98e0rZ95cI5d09seeQr4794+W0/uvPQlbe+uXr4kElvfaNg/j+utPl/bG9QbmPnx948OziE28t29iYbGFGXBOJ+jLr48/iD60LYL2cHR7ZEe21SoirVcLinJvmFelW6qnU1yRoD8f6pm+++6+KuxBU1IXwqZ+9Lto0nqpM2atKBYVVJoDYdmFWRBOKen2zgJ+VJAPZYdq9gfEFlTnXJaui5XJHX34flmqDp4RXsA+0hX0+/ueor1ekHMvtUs3bvaSuojj5R8PbY4N3WH99tDbv7buvcZXX9VPaLVOYbyo6doepQ3tY+dfL8jnnxkdxfshboo+c591eqpaT3wuuw8733tnfV6Q40pz4+mnsu1/PHR1ms7sKHVs8atHL8hZdv+9WEzWfVHFZyN4qIPxT+0fb/VflYzubta9Uh85rrd58nrf5798d/A42ethDCRVd/7uDlb/76kKeueeqrG8uunfjiX869Y+uqv6k8dtzGtx8dOf7igvl/a2nz/4rUbbffxY05d0gIh+ds3Afi5v/ckORzMCeQfEruXxhIDrn/W33RT04AAADY27K7O7L7C6ZnbpMTwtPz5ML8rbuZP+6vGNdj/lL7/YWNW9Z8eeQrVx32t+ed8srfX3nsY/ddfVHZxlX/feI769ZfvOytRwrm/5N2Pf8fmOqm4/+O/9NHHP/v0b6+K3pg+oHOPdoVXVAdfcLx/x7t6++2PT/+v+vq+inH/x3/74nj/71w/L9H+/rTVvAtabYvXV2T4Ktv/fnv2q57Z0HjIUd++bEnjm676p8ua7n9tlNf+G/nnDvzpa9tK5j/zy5t/m/9v54X7cuu/zep2Pp/s4ut/9dp/T8AAKBPFVloLj3PK1i9ryBDevW+ggy9LhDY6xKD1v/rYf2/zI6YIuv/LRn7H9/77g+fbrnyjVsnXbx+6xfOfPHxjeuemLv6xHO+81rrbbe1Fsz/O0ub/8eXw6Dc1vfG+n9t2Wtq9t36f40Ti1R1SQzMtjAgAAAA+6JiOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YB192htvX/D5f2gf9ovV1//9jf/3/zxZu+GeL33xutG/nP6nZ5St33zFmDO3LzziuycuWjzzXztXrTvujBCmd5crS4qXPXXJp+9rPeDEJ28ZumXOtTfWb6/O1FuZuf3jvNyx1XfrQ1ie80hdTLxa33VnZ+DUU25eUNGVeKA+hENzAzOWzNivK7GqPoThuYG7zjhiaFdiSbrE+idPeK4r8Y104KQRH9nelTg2EyhLd/eqwUl3y9LdvXhwCENyAtnunj04v6psGydmAuXpNlbXJW3EQF0semVd0kYMdMQS0weGMLIihAHpqv6lOqlqQLqqO6qTqgakq/pedQhjQwgV6aqeqkqqqkiP/MGqpKoYOPCQG14f1pVYURXCyNzAI19fcUxXYk4qkG38P1WF8Imul0y68R9XJo1Xphv/r5UhfDyEUJUu8VZFUqIqXeKZihD2zwns3IgVISwIfDjET5+23AfnLlg4Y3JHR/ucPkxUZdqqCVOnd7Q3TZnV0Vad6lMxZTnpHYvf+9i3vr5oStftsjXTKktJV2TKVXZ3+ajKvLst+3rvY79qcyvZ+XwU1B/zV4VBYeD8ue1zms6dPG/enFHJ31KzH5X8HZCJJttqVH/ZVsNyKxk5b+bskXMXLBwxfebkae3T2r/VcvSftYwZPfozY0Z2Dao5+bs3Rrri/R/pxypyKnk/3v8SEhL9LVGe9+nWvK9/jhd80d/Z0cpQ3f0BXTCtyM1S1j3KvTHo49/jiN/L15ReRzSqYOJQkOWo3rO0FEwmdmapSbJ0f60rmBzm1lTevUnj/fLQ1DSg2HZoyL+bu3lf3oPN+3hm05WaBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/7EDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAsQAAAACAMH/rMHo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//95mxgR") r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000001000)={0x20, r8, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x100040e, &(0x7f00000000c0)={[{@dax_always}, {@mblk_io_submit}, {@lazytime}, {}, {@block_validity}, {@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@init_itable_val={'init_itable', 0x3d, 0x3ed}}]}, 0x3, 0x449, &(0x7f0000000740)="$eJzs28trXNUfAPDvnSR995f8Sn30oUarGHwkTfqwCzeKggsLgi7qMiZpqZ020kSwpWgVqUspuC8uBf8CV7oRdSW41b0UimTTKghX7sy9ycxkJp2Jk0zrfD5wk3PuPZNzvnPvuXPOPZkA+tZo9iOJ2BURv0bEcDVbX2C0+uvO0pWZP5euzCSRpm/+kVTK3V66MlMULV63s8gMRpQ+TeJAk3oXLl0+N10uz13M8xOL59+bWLh0+fmz56fPzJ2ZuzB14sTRI5MvHJ861pU4s7hu7/9w/uC+196+fnLm1PV3fvw6KeJviKNLRtc6+FSadrm63tpdk04GVx/ftpmNoW0D1W4aQ5X+PxwDsXLyhuPVT3raOGBDpWmaPtj68NUU+A9LotctAHqj+KDP5r/FtklDj3vCrZeqE6As7jv5Vj0yGKW8zFDD/LabRiPi1NW/bmRbbMxzCACAOt9m45/nmo3/SlH7XOh/+RrKSET8PyL2RMTxiNgbEQ9EVMo+FBEPd1h/4yLJ6vFP6ea6AmtTNv57MV/bqh//FaO/GBnIc7sr8Q8lp8+W5w7n78lYDG3N8pNr1PHdK7983upY7fgv27L6i7Fg3o6bg1vrXzM7vTj9b2KudevjiP2DzeJPllcCkojYFxH711nH2We+OtjqWJP4/07T9EZbf7jJOlOn0i8jnq6e/6vREH8hWXt9cmJblOcOTxRXxWo//XztjVb13/38b6zs/O9oev0vxz+S1K7XLnRex7XfPms5p1nv9b8leatu3wfTi4sXJyO2JK8PRX6fWt4/1VBuaqV8Fv/Yoeb9f0+svBMHIiK7iB+JiEcj4rG87Y9HxBMRcWiN+H94+cl363aM7eog/o2VxT/b0flfSWyJxj3NEwPnvv+mrtKR6CD+7PwfraTG8j3t3P/aadf6rmYAAAC4/5QiYlckpfHldKk0Pl79H/69saNUnl9YfPb0/PsXZqvfERiJoVLxpGu45nnoZD6tL/JTDfkj+XPjLwa2V/LjM/Pl2V4HD31uZ4v+n/l9oNetAzZcF9bRgPuU/g/9S/+H/qX/Q/9q0v+396IdwOZr9vn/UQ/aAWy+hv5v2Q/6iPk/9C/9H/qX/g99aWF73P1L8hISqxJRuieaIdFJ4uSxtgv3+s4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHf8EAAD//yeb6Hg=") mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$BTRFS_IOC_QUOTA_RESCAN(r6, 0x4040942c, &(0x7f0000000040)={0x0, 0x7f, [0x1, 0x512, 0x1ff, 0x46, 0xffffffff7fffffff]}) 1.419889632s ago: executing program 1 (id=512): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team0\x00'}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, &(0x7f00000001c0)={0x1}) ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, &(0x7f0000000040)={0x5, {0x1, 0x5, 0xa, 0x8, 0x7fffffffffffffff}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0x40, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r2, 0x0}, 0x20) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0x1d, &(0x7f0000000700), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@bridge_setlink={0x20, 0x13, 0xa2f, 0x70bd2b, 0x0, {0x7, 0x0, 0x68, 0x0, 0x948, 0x20}}, 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x4050) r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x7) getsockopt$ax25_int(r6, 0x101, 0x0, &(0x7f0000000380), &(0x7f0000000440)=0x4) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000700)=@filter={'filter\x00', 0x42, 0x4, 0x3c8, 0xffffffff, 0x188, 0xc8, 0xc8, 0xffffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @private, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x74000002, 0xa0, 0xc8, 0x1ba, {0x46010000, 0x2c000000000000}, [@common=@unspec=@cluster={{0x30}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'bridge0\x00', 'wg1\x00'}, 0x287, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@connlabel={{0x28}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x168, 0x1a8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0xde, 0x0, 'syz1\x00'}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) 1.064207927s ago: executing program 4 (id=513): r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f0000000080)=0x2) setregid(0x0, 0xee01) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004d40)="6d16c31b0ba1a41313fc80ef7ce41d3413bb59b3d535650159b168bc1ee72ea74495aaa3524fb2b66197c38f0d3b30315ff6984143f4fd49dc655926feb9477cd82fbf2e08d2eb028ea1092b0307b531b19255e0e40bec3e11eaa14589fe85a6e0796dc6423b0124098adc929c83fec6406b1d3a12bbcf374289d0a0df305d94e2143b11e0efff4ca81a3cd4561c3d19be5f776f8e0fc7ebec3c5a3b3497f419c466daff2524b04beaeb4210fb05b3e62bea8cf6f707b7f3533188fb3df1cf385b1759ee755d2d1fc002ba491f6c6207b08e9ffd6f837be202ed73c27af9a85879cdc4e012705ec95354be8d273353c685384f51c152abac4b114a4b12a0d57de4373fb3e2e636fcd95556ea1af281c2fc2ec8b92674afcb74ca5599afd3f6e02dfe92856f75b4d605e4b38ccfb2f86c421b1c7bf54eb40cf5c70af10af70acff0c2124d137c6dacaeb229f04b6135e47c9b54730c5591ad6fe240ae3ad35c7d268771426445934a8861683e4c04f6208e225674dda6674abdf620a90692c5607c53cbd2b868191f081068e36e9f36b088f9d0c85a7ef51662fbdd259f2b8de905e4f7f793eadeff6a26231d9cc14bf2a0e297cc96d30208d3f07db6e41ff340d00b08ddb6842053b3fc0599d16888a5b60908664c3f41939828840307901b7210d64946c8d1cda5ed4647c96cd33d7e18ce9966b99c537e65166554f76521ef3ec9183c74f60d4e4718f39ab7b95be96b63133da6b7872b75ff7c0bbd7568b3f036dc83ef060647a99130f33c689b8ae8afc7e4baf45aed48b70e5aaaaee2d5898dfd7eb44ed80c5728d08ac00ac68fbbce948064d798794d52c53deccb50b2c899cf682e650867e3d5e3995fa3907a65942eb6d70ee8e59a3b18cad61093035cbe53b66a75e7aa3fba3ffc0e5fb8c319c4d0a402779721f2f413f68477ca3ab73d2a825aaf5ed9214f3aef10407117e78a8bd87100b1213b6b4a2ca87854e8759fa8d838b40d14c4a228c03fb4c0d2702e9febf1f1960142b249adb40e3cdec2f323c7c6c4afcfa26014714062cb4f0a05f00daca3d0f2c99e92f0d937869c1bafa5d728f27b3d69a7276159aa4c4dd9cac00f442bea617fd013318b87f2b600c552899ad4d6482e2f489b771f7c194290334c076be908341d54aaece5c01558ac8fd95418bead42f945358dfe74670ed8debfd15ffa241ea274e22a9588abc6fa8277679ad371cfa43de02f6d8e4ce09053f5dcde317c32386e936d5683bd78f81a9e2c8ce5edc94ec7e87cce7cd61e783a48041e82dc724aab49f3192fa9862c11e421702345d31ce45e57ba5b46d50cb136d7ec5dcebc62fd74c36cbe979e59ccef1d044b3982a3aa97319e99e20acc13857ea0ffca0ae44b2f5205143c263c0157530b109e12aa95b84cebbec5d792bb7e45bbda11ca8085b49cce4bd03402fc83f88ba33b19ecbb2eb1252a267eb27c3caa2afb4e2ee75e0b804deb1c58e2a87693657f9d5e8469e499142da8c0092b9fc9dc676f71b2334f2b93928def8bd6fc1dd510d74f7be6c07e2a63d8e4f2124876a79724c3a74e3c9bafedb230261553b5dfad423c123c2c9c867ef30fda38282eefc649714caffb5598217f83bd1443fce225db0e622babfc09e16c6c3fdcd49386792da5d7a872965ea405641cf7ee97dd2bd90542d46b54baa8ea781aac75bbb9ea70989959d12aa76d24e0a474e09ce05440a49ffc5d1853e6242ccd0fa3fe05eae5749b6d80a7c4a1f5a15d827efb654a3e844ae05a8e0bc92e00f7e003cfeb2c029225a11a2f172576030215162ea495fc61047095f40ee6335ac0da6e84a9acdea6631963a7050d9fc5278acd9a672966c150a8321ef2d6f2ef9be4d1f26478ab0acf862474b1f7e39d93e09983a0eec7da75e16cc0f804c67f8889c93b3bf2e500cbea09a7e7e7fcc77df0355a7f9f412d124f43c8b38e3d7fb96164d3fc0537f479b9e7261bd2b16310b6091baee5ea5af8620d1890bc1e3919fc1931ed5133bc27ea0d36700bc5b3de42dbc84d92014a7c7925ff01dc656fe5fa9214108f2bba14d679893eb9f44db5349a51becd5c8679123369b39b115f1c466b3b2fe4f3b3343b84ea4f249ac06ddba6879d7e41bd883093d473beb54f5a11db0174f231001f7784f8d58b5efa82b438ed028b73515e5f793301b3a5848c27b0f772cfe22f8250fb4a0141e8176cd9ac0855ef8249a43d86faa3d47c46974c4e21a577c8786ce6617f0ab09bca82576217ae3e8a758a543ac143fdc8179f8f63910e4329e0c630101de6222a443105c57465374114e729f589f4d20454a92667c9bffe3da0b27c33dddce036fd89e5012daf6474a9a7ad0913baad60a1efe6b327f0bfbc3ad6de228b42f495022b2b4590d98475f6647527a9e55ebef6daf49691a8fbd43d5cb8a6c1857fd0744a1d23c103d6d99c06c4d1cf216038780bca779733e4a96be9a4be2f7294087e9ef91bfec1a812998bdcad1b48f42affdd64ca3d64c95846005d9ce88f1ca92e6a078797bb5e63c9997848aea042b03e9ff695d4cd57cc17f15bbc9187e8d7d1519ccaaffd5cb557cbf0d1030fa3378975ef57a86da02e0793859714066c027d3d78501d0cd17a5b9e0e0190972f269ecc986d91bb433beb7afbea2fcf293023d87afee73bbb22d044e094b823f3c2f06bbcbab52ca5f6326b8fc7b5ca142e4f4b76c0cef326c08d49e49b26b3cfd0d2e15ad765a65a6e442fcc21ba0a9d4bf381886a5315b899321b429f1a8f08731e8cf5678082be8541e06d1d0f90e2253ce7104f1531e928e78da0805950c2ff89d6aef01fc63bcb5256edebeca2d3c4482e14e5267d1e3ea1cdf6bd4eec91cd217ab82a0950f465398499121e260ea70941b92d18cf6613d4c0265c9dc4f58b8e28fc1b9727e61878a013018768959066733a4753a22add452a24c4702d9947f418bdd7f993f110e9934fda20c8aa63a4651b76f426af5db73727590bd3bcbb5d8e197ac4103dd199d22207d61cf52aa9530585701c2f959a4af32fece274adbd4a887170b71eeaa520402a96f90b0b2eca18c510a5afee9a6ff1896a89475bc69b9a976546bb9f2d74aa64a5d74e995329447186a430d0f999698d64b7d3b5ea83e51a79973f9960622c5f853cba4da5235169cdb8c3d36c6bd6f612e29436ce624ed90f146e8ada63c17d5d3a86c0886ed7dca0843ae473ff5f00a59a0374b32fe23bd6e53a581480f081ff438294f94dbf48038dc6eac9afab42f87ce40482fed84ad514a4a3708c66e7e11d956ad5ac4bbd1f6e00831e3d71e323e7a00d9b30ead17b384b95c6eae85437043517e6ee33bc98a2a58a9bc6406a2315f2a940092f59dbbd7ef65e14d310e9277cea266415b1352374076b121ad1a718cc33ca9fe8da52c7e94786f50784b6d4ba46ff5914376fcd6d75b595f2e33a393095811e22c133b0d4b68220070690d78bc4983eecb8a437c0163d3b753afbd5fded66eb97d52dcadf1c4af483985c8de8f78d6581cd5634ba0fde40f7e48379ffabb961dd079672aff63efc328bc02610e48245221ccd35d5fcd3bffee7312c0a58a2e2463c82faf27e133f201a0b42e5f6f63c9a35518f7f6c74561f0b1108b6a020eeb440cbc21307cb36ccbbd2daa221ec924eee7cbf3c8b31100dc037a41c1f40849d6b835a3a52d90c285e86f6ace93caf15114f9a76ed62bda73741c9d256919e183c0c8d07df0e35d85f9131bdfceaf937482941d153b6847170d5deb30b122280add91c3ceca77f13a2393da832a704e73c7c7ca52f71abba77b14f1bae5ebd300ecb60dd5708047012abe49dd5fa9d9517e8e20e8beea97912d94c93e852b2b9b1c8e1095ae960424b57f0ffa7406b7008f25c5f7a663d236f7bd13ba54116d7f285741e5f2f1e6b8dde8f852d75d227edac466049652f869d140781d6801ddc886288d503707d24a4be80c65d82e654cde0b3caeb177dcc85d1dff7d07adb5613cd9028dfcfa1b6a547cb555cc4715881f88f958073a12ddf9d671170833b6c5d02eb4917eef28e6afabe64a5ce18603defbe3fad52390dcdf9896b5f191eebecf789f28a6d523ea77ac35dcba351e71ccad378d08eba77d1dc76363ffbc3440d5ccde541df1d6c528d6a4889b75ee0a01cdaa05b2a1963368ada4b436291d56374c8116c1a5afff17be767019d9279c9b071eb791d496f93289e8ddddf2af670d467d86ca0c1ba623a5636b94d6864efd43de9746c0332ea632324c9462845c3d0dba3e6706dc2da4335173bfe564e46bff2e9d3f52102a5c60e24064c97935a9e81fce3696d361674a0cc1a156cd580c0239f133ee5b71f79bc6d2c4919bc8197c0cf15e09b162913bad68535fba9ac47879f0720c685391e47770fbea278eef3a785d47ca52ded06ae4c94b5a6583993d8e71cd7edd9bf9705160787d554e237e23d52ed73531810df80629bb3543d7b76f667e18d5d50af31647eba5791b2dfdddb44075b754aab7e9722d249b1c0cd99581652eddda4f7aa89890d54ca64fa562d7a685278e92d36c488f378a324fdeab57429c19141ba4e3df8a0b6ce8657b750f9aef6a800c5e59b78d717721fb2a6ba8ff011328f41ee6149dcce163d0b112990f480a66b280c56cbce2e64c240750b15912ae4742a5fe476f82f6419a79c49f2d86634ae8a64e41ea4e1af7c3cad0dea8de37f0f6207891ecdcf1d9e62c97e887381310e107963ae98b922aedef63b3652030a91fa4e5f189b0ced2e2165e7cf258c5464c8a475ece1e5a6253454f1eb03024242f58785ccb1922ebac268db589afb91983f5d6299eddca2359502ce55d0baf825f808affa3ef2c722cda455c5089732a51b058e28ef12d88a42755d4ee5343a13b2bcee1a5d3ea6b4ab17b04708e058d8625c4f18a16e92ba2239047fb3752071739896dea7df659aaef07522c768690c04181ae14a87d2995acf88dfb326c78476fb25963b1c24cfed98e89aad5d64bff9897718a8bc6e3217ac6d54aa57b630467350b95da392d98a52e2256f911c605b9160810872f9158b9216673b47f95d4c1742c4499a5284e31519adac4746ba6599c0d78731bef2db4b3eea8ca56b95323543aad6dd7cf38a82ddaba415de4ec612895e6ee953ad200b39dcf128311b73ecabc184743f2ea631375b583a18b6e2c2a29b388613eede627b1a3e521b0b55ac89abb3aa5d39f66517aef0e6e40bdfce8de5f5e79f0ea96dab768c8ed051ec92144ccb6800cc32c749d9f4132240c1fe51a4c0b5783a8c93348835e2a0efdd7963d7edf650c99c608cf1f2068e3150f3fa3191fc1ce111a45856af25b8183d6996d438dc3ab27635138f3b287073020d1df7dfecddf16845af3a878a015b6a8313856d722069884426d5a62240e3670bfb433201c88fc340c60be701d2d6af98890137d6f850cddb8bc55de447be42e88f19dbbcba052a9da50abeded688a9c7e29ca59d6fca0305dc326b321194a1890111d93ba0bc6995976ed5888908adaa88828ed303fa496afd114226d6bb7f570b4fa333f07cdbb41cc43fd8497bbe6be0706a562576b85ceaef9b6f602c84b95a2265d5593c30319b6ab2fb78de5a3fe629f2e315c074913dd102e1f299f5617ff5325b8e352023b24ddc365517c846cb0237ef703aa268ecce83c77bdf4c401250b38f2ce6cc6ab55dacea2b863900ed3824581eea85676a60ede2cbd41dcb9286e611667c27d483f9c3763b2330f1287b3686a08809198db71bdf6363b7b99bb4f3ff2c43a28cc3da4ac793b47cfde9a323979b778038638e74500dd7eec97ad4890a6f522055bb3feb2569beba687ecb35ff8ba79d12375267239ecf1121e08a5914cf86767159868a21635807f1425fb56b152b0e4bbb0700f2e9e4990e2c90f488e88e8d60d139593c8323d3c11b54eaf5b7d492f561c90b8692af147e4268a2284800c1f647779507049361c8643100e2c8e4be0ddd3f8090493ef1e39d5512469036cbad6d2ef934fc6586a023046a72893567577f0a87f5ed37d96be103894bde4f9c1e822a209fd2d08cd6ebc5fb11c9224be419a54390f60b55c7e6e31fc367c85730ddf7efbe33b86732185deee7de994471ae770ce5b7fd218196e831aec02d1c3da1c29abbcf40dc1a9088aa44c9c9a32f7eb6e0d9f8e4a7762e7a9f3f78ad1cd88f13b32c694b40859eb3b0c3bce68834e5f6675b986ccbd75f5eb813f1f4ed4d4dbfdd697e085325a64dfd797d57cb9d46ffa9cb05ca63033574607efbd86bd556a208d2c8987d230f6367ecd9b56a18252f1da1fbc60b63dbf610a4fbe271380020a7e10e3b77f71be80511f24c059d29b2aaa69ca61c63d93d6da09f317a557cb3c80998f7e979652c281640daa0c9bfb055cff07cbd91f0c6385bee65e9841bbf5aaec196ab870d1e9981cb5789e7f9519b544df954e74fcba0bb6f504a3bf0d9c73584db599402dfd8e1582819e7274ab87d1dfebdf7be8aae62fd7f43ec83cdd8a1e96395080b2589159b1c80ef6b4417d62b9633588c2aa10c5f3129fe1486397cf57e018717d30b85c41740e4ba0b2da96ca37fc85df35396e5599bfa0d7b04699f40cc36c1eed99a4d29bd20e48f7791c63d7f81c74ca6580cfcf57c11ce63caf216aab762f7f7986dd63ff90a25571054875fb52f8a2e11f69c4c99f5a98a684346b1205c578274fcd58228a60a24b3d40dffa4975ec28ea982cbae7d355d7ca5b1ee310515095ab410a5ce3a720218ecd9f2c33dd8e6dabcf02f815b4a4d27457580852ae6237e74a2ae828df3ffa2269e142d1fed18f93464380b073126cf5beafa6034e890031f586c5088c6c3fb13d547dec93deb92bc42b285553c01457f9c9ad7eb25f00d19b6f0868118332bc45ce527f26cb46655e0f9777a4dfecfbb9717b4f8cb79cf163a85802ff17d283b283668b93030fa6ca3b0855569833a8f23a0a069f4dc8444a686b837af3d9f256e80a950527784df17f3604f6345586abf2127f8f6c7469884a91154a0e117f75c61eb3d00aaa75c2abdc72ef01cbf6cecf32b8d8fe9e724e8903ae6426968d1c14e054503a580ee792d6405045ecd7fdad862a7cdd3230ca55b3784d4d7654f6d4a6c54157970468ec50fe660a120b9e8a0fe2618cff77eb7d2a1b95c6bf40953b1f77d45cf288f66efb420b6a5a949c2453190f82b8699d396b26183e4eed9f4e1e4d99a14b8195f320c1a477719ca04510470b90323edaba89b0971fbe417f0483d92c7714abbda4c9c0e8f37ccac8fb46f0eecbd50bba2da4d5ec9189f8b2ae762f0e9a440049b16df153151560a9351504fe17ae9778aa16d7c13f4329c8da3e48dcec2b4262e091cc142d5c7b4c08a0198bc968f5b0bad27b9db8ee664caf007bca8499a03c183bd988e1dd795f8e379be48856fbf9d0e78d35c998963ebb5511ee025cf40c0e29eb5ebac08a99df810f41e9ef2aaab9911f37d95250afe5c9fae4e25df2002216c05e79fca7cfa25ad644caee7478688d0353e70f5a8189dcf88552ac694cb50c74b44c4ae3abb730e4f00bacbfe28cfad12456a7ab64866dc8f5387d408658213e7be0089a0c725e7fae3f4c9c8bf2d6d7f1d5f63f2bdc78edd5793c0131d2d03e65699405a97767224b545e6ed6a5dda8f0d325e6bc0bdd35c27e5f1b4f4ade27f85987489868a1c4a81ecc39870ec9ea5d92ce52b51711a8d3b73372b2a0ff7aa7e5973ce36648f0a7edbdb6b16b58b35f46e99249ae87d6d4c23ec7054822774b7ab497e7c7ee9d2357760d58942b2af16b65800cc619ca9ef43f2126f2363e1579628ad038cff46fb646a75c6781a4df38ad2772a4748626ba37d099d0ce97439d500e42c2555967695be64ca14750de7ff9626dde562ad0ef40b11054eb6c051fedde29b432a5e723c4eae2405360ab4ac967089c0b812f480a8452b8cd5b17012ea548faa0eaa63769379649c06e7bf2450f7eb337afc73543b578ecf14cd213d194b93bbeea7ac4e1277e6bee65f514ba2940c8ff3b8f4ded54ddd1e7d9135b67b20b0f14dcc88ad7ec54aa60f65647371686a6a64b65e390623cb7d06e61df2f7e97c56e2d4915e61e3d3c61868a66370641674f7577bc896b5b7b3c31b6cc11a29d80af7692a9cdf8e4ba2e1f18d56377366de6fd377767cfceb6858e3806cc1ec511cb07e23d8ba7cb4dd9f77d58933b650e819cd08b08b987fe33a5d23bb3f92012bdf05f9fbfe89b7c4c6c403203acad533e2fddf11987fe787ac042abf948f0956a4ab337eb3a9207d21125adb61c898ed620b84417c0e90c3ba21b7bc55346899b5d7b0e72a53df3d805247961de8b12e595dd04296969ad0a2ed868aa04a1d9897c6ab5b9bc1e05e04533e17e631e9634443d173e3ddc8ad0a2a2400865e071adff372c0dcfd1c8a30c2fcb06dc4878d81a0545cb6e4475e8ecd66ed14398e526447aa2802c65138fd234680e5b4b00b33396852727e10d7ac6e02e7be08da8999ad9c61b601129243d04dca2cdbe6ac671e4e1c51d33c2d21668a01e0bdfe8228f0bf3b0eece88a0e31106697125e6caaebf15b03e48cab871ed149586a1be0f297a9e31ba24d0b182ecbbcdfda7b7f982c29e56b520bdf387d704c9eb649bf06187440e721c29a37c2bb83bf60f0a6ff93ee269123cc845e79a98388655497335e70eeb74387ab11adac8934807bb1fc207b2ef1c760c9b2b928477a490e06c5d0f28ea760aa10de8aec1db07e308046a6bab76da010961e56521cf9817514c2b780202108e2ffb8bed7ba700f1fc02dd3741a050789f23ca1d5e605fc6f9637e516e7d61b804d454ef2b6e5006d084fd89be580919566061e615fcc79709fb2e0887aca593df637febaa57bca98cd418d8b72af941f90237987c8ebddcc3479efcccde19b7a4b9285dafc6a4b276238872ac65fda6aee702b24074f146940403c4a523ed7aaa5142d8142ad6edf12376e603f99d355112685efe5e6b8e472e9c2c90873b6f5edd0c6d4a7c00495b8927d8ef03cd28a1a7eb82f7c70107da124236ba9a245006bfc3402dd39d94e6e653c0efb873627c1083468eb1c35ab5ab6f51b79b7a88c268db5d962124f7cf103a5e18b0d8fe85614094981acbad4d42b79256e608d1e32a97831b3e4926fd81f46f8fc2eb1cb9d216f7b2deed8a8d498deba9e6ee5450a458338f2cfb62bc8f40728ad7e70eb233bccd89201039805cffa3337a760ef99ba45354791b6dcb4e284536b58920647215bfe400383e577c1b44d686fcc1e50531f29f48c736b4ed4cd4b83b229f90919f973ef35f99d8caae3b02c8cb0136811b6ac09bc001f9c7aa88ebdd14fae571416143f4a88f879bfd4d01740ac6599e1734f1cc0cd654b9138df1adbb0e316535bc8b564be87bea852b99ddd245d984c8e1ec68fce7d288c167f6f8d2ff18889cd7e5a4854b940060e202a9dd5413fccd3f148c697b54386dfda87ccc387c5a4fd0178195b0f820978e5c8add0291f19d08c08e29c60d4671aa0b7912c117dab52fbb919392aa3368f34af40b65ddc4acdf8afad6989a4f5130cab66cfaef7c36dcbb23bdebcf099e795cf0e2881caad28e988103183dfac8ab1a0d8b7f60ef00c612fc907ca9e6b62a474733a91bf06f8166e4f2344124b35cf5370f9be5bf128052ef1fc0aa333ebb5219e32763f570bb059efa302ec6445c930bd21171a86721679822c9fd17d022358160e46e555cebb900ae3563a074b467fab603d8812693c3bfa8d01de3a5e06c1b655fc769c2d5732008c21c046d21918774813cdc370956ddbf80fbd65d769be4638d405b50b0f2bc92866f0af664eb9fdf2e668c4dfb8d800aa0a9e064fe84e3dc1b0588b79a5c17dae13a1009768229b37eaa7d8484cfd19603d85f8d3c342fc91980db1ad30359267a88fdf458bbce667776511b3b814e558c3409a108dc454f3f53cac9dcfdd02b7cfbf957a73a35ef67f96d3f6aa9643e505af59d1f8112ef6e99f8721c046c138dfeae5645fd2263fd7b22e81250446f8f7ddf005d43e39b50304de291ad5e41cc4ffaa5c9833928a55b10c2f9eb15c88a8d1e6987d7090adbbd15fbcbaa72f5fe08256d06e7beb1d566741540ebf13ef5a17ee55b4b64bcab090a83b5dc9af65dcd6ac86e2b8eab05e156f101d8d2b9d18cba3f6ffa5c88ab02584707a526dfa948966f3953a0df48fe81cca4b5ab4c2a126c47f7e8f66628cc8db14fb78a666f69cd7e56ac3ff20d804b3532e0980056dbcf3b9344646f8cf3735f60fdbcb9688ca9b78425072ee1922db2f0878894ca8ae9eff6f289128a7673802fb7fac9b9b4a2075985988dcb8993aae16e838113ad8377b4220738716986660ff8c32a3ba6dc9f988893e3f7494f282dbd980ebdb167a1a149f89831c22802731d36ed09decf1fdb13b0de8acc771aadc55b3a10d5ee6402ba75c145403daf5b8afe2e067545c9839562887bbabddc1eb83aefafe4ce4fa45e2b57ddd5c6057c25ee25802a64dbea924b00a25a1b8ae6a4fc5b90810c162a881eb60f0b6211f6a0c312e897d116c27bdc7e0a437979ae9fd7e0dcc118c894cab4953dae5b6d85b553d0afca8720bff29efa3eb9e311850f506a74431fbdda62019fb9775320b852e96a1c5b38e0dd1ab8f5ac693a7cb63ead4db54eea20436888946f3cf2deb5bd2a0ef3c5815edb96c1b77906b46f0dbfc29b73aa19a08c3d51b39344312df6f93974cb23a6fa09dde575e2feee0b35d19ed7028b3408c3c851bd64d254222b76e41297bbb5b05d6fb0700e82dd6393c172b321038fd7ec2062e022458644187de0d8260a2d859e48a9ddbaa28fa848bfb95e88fc12655aa674d112742cd9d08adbc8de4e3b144cd6b218d300bde865b0957da35f3ac22fce2dab40e04cbd3834e6b8ab8b36c5a963a0c4012fce6bfd0c794d9ff70168eddb86a83b104f35241195c5f8f22e2fa0438c9a0bb1b3ac5976f449821ebfe26c24af49f3394d98fe2ff5be27ef1b7dd9590d1781006854f99b1cbaf6d69a98eb39a36407f4a03221dd1e56865bae1373f447d192f109a79450f94411601d8937c1fcfa73f6c80426981621f53118704cbc2f6f33de89640e9f0980408a6f3a4e7e4d6279665e5f08e29af763bc42b83ddae7335f929554b9a41baead71abacb2d6723ae672130d1b8e9b2c77c30ad95d84ae2e69c5f067a2ac0f0485b981e1b7a5812b4731188fa11be9f4f5558baafdee8a7c1a61ac5a877899997a45efdc6e456ef3d0300331059c9daf5c626f05d5d09cb867c80aea82937ef79e89ff49701f24e6144ecf19f6eb3a7fc2e5c0850e5053f262f8ec5dfd5f0135bac731d27ddbab5a6fd1b72fd247ac7463e6fa9a74b72551941ec4244dea7b964f240535f5f80f1c12e3126f05bcadf552d7ed6d04b7a7ada7717e5ed1f9cdeb17af1442ee3899857ffe6e8f5ce831990ea890dd7bd6bc2bb457084d1387029a7514eee2d25e5be8d686ff41c00", 0x2000, &(0x7f0000003100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20004fed, &(0x7f0000000180)={0x2, 0xce23, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x11000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x1, 0x185, &(0x7f0000000500)="$eJzskrGO00AQhr+1neRAxwkkqmvuipOAAuL4ANFxZejpaLASEyIcIHEkSJTCCKEUFIiSJ8hrIPECUCAeIHWKiBoZ7e7YcsIjsF+xf+bf2dmdiZ9n46wF/Nkuelxg8Dnih1IEwImy3saz+ln0p+gnK3yXvEfivxc9zmbzpuSccs0aL+I0TSanwG/jVVb28J3HxpT6JYeeAkVRFODRB53OYZmzXfR8YFzlwHEA100TRZWjG9HBDaA9Hb1uZ7P57eEoHiSD5GXkn98P74bhvaj9bJgmoV1V7QppBa23gNaBGPGh2W8AH8S6zC6q9jTZV5d4Qlm7Wc7wSLGPVztbquJr9a4W5f8Fjy9AP+tNrmrumakSYFrqovAl6AS199m7DszGnd6rtL9EocpjK4KqRmdNowqienD+IOeKLbWUkmeiXdGV6Fr0ZO+TCXK9fpToZg5N3sbT6aSjh2R/NeTsJKq86GpeH5i+9Yu329w375/ZOhwOh8PhcDgcDsf/xt8AAAD//4Yhcvw=") read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) readv(r1, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/79, 0x4f}], 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, &(0x7f0000000240)={{r0}, 0x0, 0x0, 0x5, 0x3}) 1.03426054s ago: executing program 5 (id=514): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/216, 0xd8}], 0x1, 0x6, 0xfffeeffa) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x800) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c090003042402020424"], 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 355.679725ms ago: executing program 1 (id=515): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) chdir(0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10290}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}]}, @IFLA_GROUP={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x4008040) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}}, 0x20}, 0x1, 0x0, 0x0, 0x900}, 0x0) 0s ago: executing program 4 (id=516): socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000040)=0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) keyctl$read(0x2, r3, &(0x7f00000000c0)=""/4096, 0x1000) keyctl$read(0xb, r3, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) r4 = syz_open_dev$vim2m(&(0x7f0000000200), 0x40002, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000000)={0xa, 0x1, 0x2, "176e0000203e703b9db3ada49694c000000000ed000000000000000086a600", 0x50313459}) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x2}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) kernel console output (not intermixed with test programs): f interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.737047][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.753482][ T5841] hsr_slave_0: entered promiscuous mode [ 89.760575][ T5841] hsr_slave_1: entered promiscuous mode [ 89.767012][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.774645][ T5841] Cannot create hsr debugfs directory [ 89.915227][ T5833] hsr_slave_0: entered promiscuous mode [ 89.922225][ T5833] hsr_slave_1: entered promiscuous mode [ 89.928344][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.936197][ T5833] Cannot create hsr debugfs directory [ 90.106204][ T5835] hsr_slave_0: entered promiscuous mode [ 90.113140][ T5835] hsr_slave_1: entered promiscuous mode [ 90.119285][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.128068][ T5835] Cannot create hsr debugfs directory [ 90.559794][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.574386][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.590354][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.626250][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.698543][ T5848] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.721411][ T5848] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.742517][ T5853] Bluetooth: hci0: command tx timeout [ 90.742527][ T5838] Bluetooth: hci1: command tx timeout [ 90.753439][ T5848] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.768678][ T5848] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.828579][ T5853] Bluetooth: hci3: command tx timeout [ 90.828606][ T5838] Bluetooth: hci2: command tx timeout [ 90.828661][ T5838] Bluetooth: hci4: command tx timeout [ 90.888759][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.902416][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.934736][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.965021][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.056194][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.076123][ T5835] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.090623][ T5835] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.127848][ T5835] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.140656][ T5835] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.226120][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.299742][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.313232][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.334322][ T3021] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.341615][ T3021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.354507][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.363791][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.405534][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.418114][ T3021] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.425475][ T3021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.469624][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.508349][ T3021] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.515618][ T3021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.549840][ T3021] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.557178][ T3021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.639189][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.755992][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.789164][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.830444][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.837860][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.854116][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.861362][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.947760][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.977300][ T4514] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.985333][ T4514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.010097][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.017612][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.109446][ T43] cfg80211: failed to load regulatory.db [ 92.160745][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.200363][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.305712][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.364915][ T3021] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.372336][ T3021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.394454][ T3021] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.401715][ T3021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.549820][ T5832] veth0_vlan: entered promiscuous mode [ 92.577584][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.684546][ T5832] veth1_vlan: entered promiscuous mode [ 92.710471][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.815430][ T5832] veth0_macvtap: entered promiscuous mode [ 92.822083][ T5838] Bluetooth: hci0: command tx timeout [ 92.822093][ T5853] Bluetooth: hci1: command tx timeout [ 92.830890][ T5832] veth1_macvtap: entered promiscuous mode [ 92.898634][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.908145][ T5838] Bluetooth: hci4: command tx timeout [ 92.917876][ T5838] Bluetooth: hci3: command tx timeout [ 92.921483][ T5853] Bluetooth: hci2: command tx timeout [ 92.950432][ T5848] veth0_vlan: entered promiscuous mode [ 92.994750][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.029627][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.065427][ T5848] veth1_vlan: entered promiscuous mode [ 93.087589][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.098434][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.108197][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.118585][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.190114][ T5841] veth0_vlan: entered promiscuous mode [ 93.276308][ T5841] veth1_vlan: entered promiscuous mode [ 93.313177][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.332661][ T5848] veth0_macvtap: entered promiscuous mode [ 93.394106][ T5848] veth1_macvtap: entered promiscuous mode [ 93.407053][ T3021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.429297][ T3021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.483730][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.507906][ T5841] veth0_macvtap: entered promiscuous mode [ 93.552453][ T5841] veth1_macvtap: entered promiscuous mode [ 93.559949][ T4514] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.575070][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.582548][ T4514] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.609053][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.623170][ T5848] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.633420][ T5848] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.642594][ T5848] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.652723][ T5848] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.709881][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.713567][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.769636][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.779653][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.789151][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.815123][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.847918][ T5833] veth0_vlan: entered promiscuous mode [ 93.994492][ T5833] veth1_vlan: entered promiscuous mode [ 94.015139][ T5835] veth0_vlan: entered promiscuous mode [ 94.133400][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.146036][ T5835] veth1_vlan: entered promiscuous mode [ 94.150991][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.194409][ T4514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.207290][ T4514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.234799][ T5833] veth0_macvtap: entered promiscuous mode [ 94.291560][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.302115][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.306451][ T5833] veth1_macvtap: entered promiscuous mode [ 94.316060][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.325058][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.325181][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 94.399740][ T5835] veth0_macvtap: entered promiscuous mode [ 94.427150][ T5835] veth1_macvtap: entered promiscuous mode [ 94.451666][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.496511][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.526427][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.541245][ T24] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 94.549695][ T24] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 94.585463][ T24] usb 1-1: config 220 has an invalid descriptor of length 101, skipping remainder of the config [ 94.607712][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.626791][ T5964] loop2: detected capacity change from 0 to 2048 [ 94.643438][ T24] usb 1-1: config 220 has no interface number 2 [ 94.646222][ T5964] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 94.649971][ T24] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 94.681910][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.690858][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.711326][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.720716][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.731434][ T24] usb 1-1: config 220 interface 0 has no altsetting 0 [ 94.738356][ T24] usb 1-1: config 220 interface 76 has no altsetting 0 [ 94.746331][ T24] usb 1-1: config 220 interface 1 has no altsetting 0 [ 94.760938][ T5966] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.773123][ T24] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 94.796165][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.800776][ T5835] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.805101][ T24] usb 1-1: Product: syz [ 94.818543][ T24] usb 1-1: Manufacturer: syz [ 94.824872][ T24] usb 1-1: SerialNumber: syz [ 94.837099][ T5835] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.847152][ T5835] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.860079][ T5835] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.871453][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.901618][ T5853] Bluetooth: hci0: command tx timeout [ 94.915561][ T5853] Bluetooth: hci1: command tx timeout [ 94.951986][ T5968] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 94.981549][ T5853] Bluetooth: hci3: command tx timeout [ 94.991790][ T5968] overlayfs: missing 'lowerdir' [ 95.002891][ T5853] Bluetooth: hci2: command tx timeout [ 95.006084][ T5838] Bluetooth: hci4: command tx timeout [ 95.090921][ T5968] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET) [ 95.133306][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.574446][ T24] usb 1-1: selecting invalid altsetting 0 [ 95.589134][ T24] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 95.614133][ T24] usb 1-1: No valid video chain found. [ 95.652474][ T5904] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 95.673329][ T24] usb 1-1: selecting invalid altsetting 0 [ 95.679337][ T24] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 95.743190][ T24] usb 1-1: USB disconnect, device number 2 [ 95.862450][ T5904] usb 4-1: Using ep0 maxpacket: 32 [ 95.881229][ T5904] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 95.914844][ T5904] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 95.932536][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 95.955366][ T5904] usb 4-1: Product: syz [ 95.962920][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.966110][ T5904] usb 4-1: Manufacturer: syz [ 95.978628][ T5976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7'. [ 96.003059][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.005992][ T5904] usb 4-1: SerialNumber: syz [ 96.018676][ T5976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7'. [ 96.048363][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.062600][ T5904] usb 4-1: config 0 descriptor?? [ 96.065540][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.076346][ T5967] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 96.246261][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.307289][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.388758][ T5982] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.8'. [ 96.399868][ T5982] netlink: zone id is out of range [ 96.405673][ T5982] netlink: get zone limit has 8 unknown bytes [ 96.420078][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 96.440445][ T5934] usb 4-1: USB disconnect, device number 2 [ 96.465159][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.567485][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.621529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.651535][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.669942][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.751484][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.781620][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.125180][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.275137][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.752634][ T5997] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.061678][ T6008] loop3: detected capacity change from 0 to 2048 [ 100.124899][ T6010] loop2: detected capacity change from 0 to 40427 [ 100.164869][ T6008] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 100.199502][ T6010] F2FS-fs (loop2): quotafile must be on filesystem root [ 100.405338][ T6012] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16'. [ 100.420838][ T6012] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16'. [ 100.468692][ T6013] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 100.801758][ T6015] loop1: detected capacity change from 0 to 2048 [ 100.911778][ T6017] overlayfs: missing 'lowerdir' [ 102.794130][ T6009] Set syz1 is full, maxelem 65536 reached [ 102.911233][ T6015] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 102.979750][ T6023] loop4: detected capacity change from 0 to 512 [ 103.004268][ T6022] loop0: detected capacity change from 0 to 128 [ 103.168119][ T6023] ======================================================= [ 103.168119][ T6023] WARNING: The mand mount option has been deprecated and [ 103.168119][ T6023] and is ignored by this kernel. Remove the mand [ 103.168119][ T6023] option from the mount to silence this warning. [ 103.168119][ T6023] ======================================================= [ 103.861480][ T6023] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.18: iget: bad extended attribute block 1 [ 103.923216][ T6023] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.18: couldn't read orphan inode 15 (err -117) [ 104.002651][ T6023] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.166157][ T6033] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.21'. [ 104.176813][ T6033] netlink: zone id is out of range [ 104.182439][ T6033] netlink: get zone limit has 8 unknown bytes [ 104.971987][ T6030] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 104.987973][ T6023] EXT4-fs (loop4): shut down requested (1) [ 105.249956][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.273112][ T6037] loop2: detected capacity change from 0 to 256 [ 105.332051][ T6037] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x0ede1155, utbl_chksum : 0xe619d30d) [ 106.782798][ T6057] loop4: detected capacity change from 0 to 128 [ 106.847769][ T6060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.28'. [ 106.861998][ T6060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.28'. [ 108.513126][ T6069] loop2: detected capacity change from 0 to 2048 [ 108.553458][ T6069] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 109.150761][ T6077] loop0: detected capacity change from 0 to 8 [ 109.504634][ T6081] hub 8-0:1.0: USB hub found [ 109.511649][ T6081] hub 8-0:1.0: 1 port detected [ 109.887883][ T6078] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 110.992811][ T6082] overlayfs: missing 'lowerdir' [ 113.814319][ T6106] netlink: 28 bytes leftover after parsing attributes in process `syz.0.44'. [ 115.280878][ T6111] syzkaller0: entered promiscuous mode [ 115.386331][ T6111] syzkaller0: entered allmulticast mode [ 115.394997][ T6118] loop3: detected capacity change from 0 to 128 [ 116.412543][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 116.625676][ T24] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 116.639837][ T24] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 116.656644][ T24] usb 3-1: config 220 has an invalid descriptor of length 101, skipping remainder of the config [ 116.678770][ T24] usb 3-1: config 220 has no interface number 2 [ 116.691988][ T24] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 116.715685][ T24] usb 3-1: config 220 interface 0 has no altsetting 0 [ 116.727952][ T24] usb 3-1: config 220 interface 76 has no altsetting 0 [ 116.741710][ T24] usb 3-1: config 220 interface 1 has no altsetting 0 [ 116.768778][ T24] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 116.784051][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.810310][ T24] usb 3-1: Product: syz [ 116.819628][ T24] usb 3-1: Manufacturer: syz [ 116.824865][ T24] usb 3-1: SerialNumber: syz [ 117.167004][ T24] usb 3-1: selecting invalid altsetting 0 [ 117.173480][ T24] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 117.180075][ T24] usb 3-1: No valid video chain found. [ 117.368539][ T24] usb 3-1: selecting invalid altsetting 0 [ 117.464997][ T6131] hub 8-0:1.0: USB hub found [ 117.471449][ T6131] hub 8-0:1.0: 1 port detected [ 118.061518][ T24] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 118.103682][ T24] usb 3-1: USB disconnect, device number 2 [ 119.133289][ T6138] misc userio: No port type given on /dev/userio [ 120.231434][ T6126] lo speed is unknown, defaulting to 1000 [ 120.237614][ T6126] lo speed is unknown, defaulting to 1000 [ 120.244984][ T6126] lo speed is unknown, defaulting to 1000 [ 120.254778][ T6126] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 120.270951][ T6126] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 120.295642][ T6126] lo speed is unknown, defaulting to 1000 [ 120.302861][ T6126] lo speed is unknown, defaulting to 1000 [ 120.311190][ T6126] lo speed is unknown, defaulting to 1000 [ 120.318413][ T6126] lo speed is unknown, defaulting to 1000 [ 120.326759][ T6126] lo speed is unknown, defaulting to 1000 [ 121.343996][ T6155] netlink: 8 bytes leftover after parsing attributes in process `syz.4.58'. [ 122.433922][ T6155] syz.4.58 (6155) used greatest stack depth: 16808 bytes left [ 122.539578][ T5836] libceph: connect (1)[c::]:6789 error -101 [ 122.587164][ T5836] libceph: mon0 (1)[c::]:6789 connect error [ 122.682738][ T6156] ceph: No mds server is up or the cluster is laggy [ 123.010759][ T3079] libceph: connect (1)[c::]:6789 error -101 [ 123.048928][ T6163] loop1: detected capacity change from 0 to 2048 [ 123.186292][ T3079] libceph: mon0 (1)[c::]:6789 connect error [ 123.967429][ T6163] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 124.037015][ T6179] misc userio: No port type given on /dev/userio [ 124.063894][ T6180] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 124.403350][ T6181] overlayfs: missing 'lowerdir' [ 125.033162][ T6187] loop4: detected capacity change from 0 to 128 [ 125.696848][ T6190] random: crng reseeded on system resumption [ 126.510481][ T5934] libceph: connect (1)[c::]:6789 error -101 [ 126.525277][ T5934] libceph: mon0 (1)[c::]:6789 connect error [ 126.792586][ T5934] libceph: connect (1)[c::]:6789 error -101 [ 126.801486][ T5934] libceph: mon0 (1)[c::]:6789 connect error [ 126.994378][ T6194] ceph: No mds server is up or the cluster is laggy [ 127.749525][ T6214] netlink: 8 bytes leftover after parsing attributes in process `syz.3.72'. [ 128.706506][ T6219] netlink: 8 bytes leftover after parsing attributes in process `syz.4.69'. [ 129.107883][ T6217] loop1: detected capacity change from 0 to 40427 [ 129.121832][ T6217] F2FS-fs (loop1): invalid crc value [ 129.239366][ T6217] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 129.601263][ T6227] misc userio: No port type given on /dev/userio [ 129.708847][ T6204] loop2: detected capacity change from 0 to 32768 [ 129.788718][ T6204] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.71 (6204) [ 129.834814][ T5833] syz-executor: attempt to access beyond end of device [ 129.834814][ T5833] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 129.895829][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) [ 129.895859][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.895870][ T5833] Call Trace: [ 129.895878][ T5833] [ 129.895887][ T5833] dump_stack_lvl+0x189/0x250 [ 129.895915][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.895931][ T5833] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 129.895961][ T5833] ? __pfx_queue_work_on+0x10/0x10 [ 129.895981][ T5833] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 129.896008][ T5833] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 129.896037][ T5833] ? f2fs_hw_is_readonly+0x39b/0x470 [ 129.896066][ T5833] f2fs_handle_critical_error+0x37c/0x540 [ 129.896097][ T5833] f2fs_write_end_io+0x495/0x810 [ 129.896120][ T5833] ? blkg_put+0x22/0x240 [ 129.896161][ T5833] __submit_merged_bio+0x27a/0x6a0 [ 129.896191][ T5833] __submit_merged_write_cond+0x255/0x530 [ 129.896222][ T5833] f2fs_write_data_pages+0x261d/0x3000 [ 129.896288][ T5833] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 129.896406][ T5833] ? __lock_acquire+0xab9/0xd20 [ 129.896443][ T5833] ? do_raw_spin_lock+0x121/0x290 [ 129.896477][ T5833] ? do_raw_spin_unlock+0x122/0x240 [ 129.896498][ T5833] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 129.896524][ T5833] do_writepages+0x32b/0x550 [ 129.896567][ T5833] ? do_raw_spin_unlock+0x122/0x240 [ 129.896594][ T5833] filemap_fdatawrite+0x191/0x230 [ 129.896613][ T5833] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 129.896687][ T5833] ? do_raw_spin_unlock+0x122/0x240 [ 129.896714][ T5833] f2fs_sync_dirty_inodes+0x31f/0x830 [ 129.896759][ T5833] f2fs_write_checkpoint+0x94a/0x1de0 [ 129.896814][ T5833] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 129.896889][ T5833] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 129.896915][ T5833] ? kfree+0x18e/0x440 [ 129.896934][ T5833] ? kill_f2fs_super+0x298/0x6c0 [ 129.896966][ T5833] kill_f2fs_super+0x2c3/0x6c0 [ 129.897000][ T5833] ? __pfx_kill_f2fs_super+0x10/0x10 [ 129.897023][ T5833] ? radix_tree_delete_item+0x2b6/0x400 [ 129.897057][ T5833] ? shrinker_free+0x2ce/0x3e0 [ 129.897084][ T5833] deactivate_locked_super+0xb9/0x130 [ 129.897113][ T5833] cleanup_mnt+0x425/0x4c0 [ 129.897137][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.897160][ T5833] task_work_run+0x1d1/0x260 [ 129.897187][ T5833] ? __pfx_task_work_run+0x10/0x10 [ 129.897207][ T5833] ? __x64_sys_umount+0x122/0x160 [ 129.897232][ T5833] ? exit_to_user_mode_loop+0x40/0x110 [ 129.897263][ T5833] exit_to_user_mode_loop+0xec/0x110 [ 129.897289][ T5833] do_syscall_64+0x2bd/0x3b0 [ 129.897308][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.897327][ T5833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.897345][ T5833] ? clear_bhb_loop+0x60/0xb0 [ 129.897377][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.897395][ T5833] RIP: 0033:0x7f36f138fc57 [ 129.897413][ T5833] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 129.897429][ T5833] RSP: 002b:00007ffda7f607b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 129.897449][ T5833] RAX: 0000000000000000 RBX: 00007f36f1410925 RCX: 00007f36f138fc57 [ 129.897462][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda7f60870 [ 129.897473][ T5833] RBP: 00007ffda7f60870 R08: 0000000000000000 R09: 0000000000000000 [ 129.897484][ T5833] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffda7f61900 [ 129.897496][ T5833] R13: 00007f36f1410925 R14: 000000000001fa50 R15: 00007ffda7f61940 [ 129.897530][ T5833] [ 129.929860][ T6204] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 129.934187][ T5833] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 129.946160][ T6204] BTRFS info (device loop2): using sha256 (sha256-x86_64) checksum algorithm [ 130.177075][ T6234] loop4: detected capacity change from 0 to 128 [ 130.182280][ T6204] BTRFS info (device loop2): using free-space-tree [ 130.473605][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 130.474761][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 130.504484][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 130.562070][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 130.592438][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 130.611706][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 130.652744][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 130.714774][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 130.745803][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 130.967525][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 131.015151][ T6204] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 131.253060][ T6204] BTRFS error (device loop2): open_ctree failed: -12 [ 131.501293][ T6221] loop0: detected capacity change from 0 to 32768 [ 132.338934][ T6221] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,nojournal_transaction_names,read_only,version_upgrade=none [ 132.338934][ T6221] allowing incompatible features above 0.0: (unknown version) [ 132.338934][ T6221] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 133.090753][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.097677][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.107994][ T6221] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 133.167978][ T6221] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: bad size, fixing [ 133.263891][ T5836] libceph: connect (1)[c::]:6789 error -101 [ 133.264102][ T5836] libceph: mon0 (1)[c::]:6789 connect error [ 133.304718][ T6221] bcachefs (loop0): invalid bkey in superblock btree=snapshots level=0: u64s 11 type btree_ptr_v2 18446742987082825727:U64_MAX:U32_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 133.304744][ T6221] invalid key type for btree snapshots (btree_ptr_v2), deleting [ 133.330274][ T6268] loop1: detected capacity change from 0 to 2048 [ 133.340865][ T6268] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 133.388239][ T6273] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 133.424553][ T24] libceph: connect (1)[c::]:6789 error -101 [ 133.424673][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 133.538295][ T5836] libceph: connect (1)[c::]:6789 error -101 [ 133.540267][ T5836] libceph: mon0 (1)[c::]:6789 connect error [ 133.590881][ T6278] overlayfs: missing 'lowerdir' [ 133.685732][ T5836] libceph: connect (1)[c::]:6789 error -101 [ 133.687555][ T5836] libceph: mon0 (1)[c::]:6789 connect error [ 134.046968][ T5836] libceph: connect (1)[c::]:6789 error -101 [ 134.051021][ T5836] libceph: mon0 (1)[c::]:6789 connect error [ 134.073783][ T6264] ceph: No mds server is up or the cluster is laggy [ 134.128352][ T6271] ceph: No mds server is up or the cluster is laggy [ 134.149801][ T6221] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 134.193076][ T43] libceph: connect (1)[c::]:6789 error -101 [ 134.221598][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 134.368062][ T6221] syz.0.75: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 134.422963][ T6221] CPU: 0 UID: 0 PID: 6221 Comm: syz.0.75 Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) [ 134.422993][ T6221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.423004][ T6221] Call Trace: [ 134.423013][ T6221] [ 134.423022][ T6221] dump_stack_lvl+0x189/0x250 [ 134.423050][ T6221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.423069][ T6221] ? __pfx__printk+0x10/0x10 [ 134.423092][ T6221] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 134.423114][ T6221] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 134.423137][ T6221] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 134.423162][ T6221] warn_alloc+0x214/0x310 [ 134.423193][ T6221] ? __pfx_warn_alloc+0x10/0x10 [ 134.423226][ T6221] ? __get_vm_area_node+0x28f/0x300 [ 134.423248][ T6221] ? bch2_fs_journal_start+0x480/0x1510 [ 134.423278][ T6221] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 134.423332][ T6221] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 134.423360][ T6221] ? rcu_is_watching+0x15/0xb0 [ 134.423391][ T6221] ? bch2_fs_journal_start+0x480/0x1510 [ 134.423415][ T6221] ? bch2_fs_journal_start+0x480/0x1510 [ 134.423437][ T6221] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 134.423459][ T6221] ? bch2_fs_journal_start+0x480/0x1510 [ 134.423492][ T6221] bch2_fs_journal_start+0x480/0x1510 [ 134.423537][ T6221] ? bch2_journal_log_msg+0xd9/0x120 [ 134.423566][ T6221] ? __pfx_bch2_fs_journal_start+0x10/0x10 [ 134.423600][ T6221] ? __pfx_bch2_journal_log_msg+0x10/0x10 [ 134.423629][ T6221] ? bch2_fs_resize_on_mount+0x81/0x880 [ 134.423662][ T6221] bch2_fs_recovery+0x229a/0x39a0 [ 134.423701][ T6221] ? lockdep_unlock+0x89/0x120 [ 134.423737][ T6221] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 134.423777][ T6221] ? irqentry_exit+0x74/0x90 [ 134.423797][ T6221] ? lockdep_hardirqs_on+0x9c/0x150 [ 134.423822][ T6221] ? preempt_schedule+0xae/0xc0 [ 134.423844][ T6221] ? preempt_schedule_common+0x83/0xd0 [ 134.423864][ T6221] ? preempt_schedule+0xae/0xc0 [ 134.423888][ T6221] ? __lock_acquire+0xab9/0xd20 [ 134.423925][ T6221] ? __lock_acquire+0xab9/0xd20 [ 134.423979][ T6221] ? bch2_fs_start+0x9fe/0xd90 [ 134.424004][ T6221] ? up_write+0x1c4/0x420 [ 134.424021][ T6221] ? bch2_fs_start+0x5c4/0xd90 [ 134.424045][ T6221] bch2_fs_start+0xa99/0xd90 [ 134.424066][ T6221] ? bch2_fs_start+0x5c4/0xd90 [ 134.424090][ T6221] ? __pfx_bch2_fs_start+0x10/0x10 [ 134.424134][ T6221] ? sget+0x267/0x620 [ 134.424170][ T6221] bch2_fs_get_tree+0xb6c/0x1460 [ 134.424232][ T6221] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 134.424284][ T6221] ? aa_get_newest_label+0xf7/0x5d0 [ 134.424311][ T6221] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 134.424347][ T6221] ? apparmor_capable+0x137/0x1b0 [ 134.424374][ T6221] vfs_get_tree+0x8f/0x2b0 [ 134.424398][ T6221] do_new_mount+0x24a/0xa40 [ 134.424431][ T6221] __se_sys_mount+0x317/0x410 [ 134.424461][ T6221] ? __pfx___se_sys_mount+0x10/0x10 [ 134.424490][ T6221] ? do_syscall_64+0xbe/0x3b0 [ 134.424510][ T6221] ? __x64_sys_mount+0x20/0xc0 [ 134.424535][ T6221] do_syscall_64+0xfa/0x3b0 [ 134.424554][ T6221] ? lockdep_hardirqs_on+0x9c/0x150 [ 134.424572][ T6221] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.424602][ T6221] ? clear_bhb_loop+0x60/0xb0 [ 134.424626][ T6221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.424644][ T6221] RIP: 0033:0x7f95885900ca [ 134.424665][ T6221] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.424681][ T6221] RSP: 002b:00007f95893bce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 134.424704][ T6221] RAX: ffffffffffffffda RBX: 00007f95893bcef0 RCX: 00007f95885900ca [ 134.424718][ T6221] RDX: 00002000000058c0 RSI: 0000200000005900 RDI: 00007f95893bceb0 [ 134.424731][ T6221] RBP: 00002000000058c0 R08: 00007f95893bcef0 R09: 000000000000000b [ 134.424743][ T6221] R10: 000000000000000b R11: 0000000000000246 R12: 0000200000005900 [ 134.424753][ T6221] R13: 00007f95893bceb0 R14: 0000000000005901 R15: 0000200000000500 [ 134.424785][ T6221] [ 134.424793][ T6221] Mem-Info: [ 135.022087][ T6221] active_anon:12718 inactive_anon:0 isolated_anon:0 [ 135.022087][ T6221] active_file:1337 inactive_file:39957 isolated_file:0 [ 135.022087][ T6221] unevictable:768 dirty:256 writeback:0 [ 135.022087][ T6221] slab_reclaimable:10193 slab_unreclaimable:99945 [ 135.022087][ T6221] mapped:33553 shmem:8334 pagetables:1172 [ 135.022087][ T6221] sec_pagetables:0 bounce:0 [ 135.022087][ T6221] kernel_misc_reclaimable:0 [ 135.022087][ T6221] free:1316942 free_pcp:18696 free_cma:0 [ 135.109263][ T6221] Node 0 active_anon:50956kB inactive_anon:0kB active_file:5348kB inactive_file:159548kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134216kB dirty:1028kB writeback:0kB shmem:31780kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12072kB pagetables:4608kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 135.263416][ T6287] misc userio: No port type given on /dev/userio [ 135.272898][ T6221] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:104kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 135.332491][ T6221] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 135.371209][ T5934] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 135.431577][ T6221] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 135.437905][ T6221] Node 0 DMA32 free:1363080kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:47060kB inactive_anon:0kB active_file:5348kB inactive_file:157732kB unevictable:1536kB writepending:1028kB present:3129332kB managed:2560988kB mlocked:0kB bounce:0kB free_pcp:47168kB local_pcp:28476kB free_cma:0kB [ 135.504085][ T6221] lowmem_reserve[]: 0 0 1 1 1 [ 135.509059][ T6221] Node 0 Normal free:28kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 135.557226][ T6221] lowmem_reserve[]: 0 0 0 0 0 [ 135.622557][ T5934] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 135.634129][ T5934] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 135.673870][ T6221] Node 1 Normal free:3895220kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:25216kB local_pcp:18048kB free_cma:0kB [ 135.708144][ T5934] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 135.720227][ T5934] usb 3-1: config 220 has no interface number 2 [ 135.738021][ T5934] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 135.766221][ T5934] usb 3-1: config 220 interface 0 has no altsetting 0 [ 135.775718][ T6221] lowmem_reserve[]: 0 0 0 0 0 [ 135.780509][ T6221] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 135.794738][ T5934] usb 3-1: config 220 interface 76 has no altsetting 0 [ 135.804022][ T5934] usb 3-1: config 220 interface 1 has no altsetting 0 [ 135.811931][ T6221] Node 0 DMA32: 650*4kB (UM) 430*8kB (UM) 301*16kB (UM) 92*32kB (UME) 62*64kB (UME) 40*128kB (UM) 20*256kB (UM) 3*512kB (UM) 4*1024kB (ME) 4*2048kB (ME) 323*4096kB (M) = 1364840kB [ 135.848528][ T5934] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 135.861551][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.870017][ T6221] Node 0 Normal: 1*4kB (M) 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28kB [ 135.883239][ T5934] usb 3-1: Product: syz [ 135.887533][ T5934] usb 3-1: Manufacturer: syz [ 135.895957][ T5934] usb 3-1: SerialNumber: syz [ 135.901402][ T6221] Node 1 Normal: 191*4kB (UE) 63*8kB (UME) 42*16kB (UME) 71*32kB (UME) 23*64kB (UME) 7*128kB (UME) 4*256kB (ME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 947*4096kB (M) = 3895220kB [ 135.933802][ T6221] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 135.950205][ T6221] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 135.960226][ T6221] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 135.975884][ T6221] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 135.985858][ T6221] 48558 total pagecache pages [ 136.000211][ T6221] 0 pages in swap cache [ 136.015120][ T6221] Free swap = 124996kB [ 136.019373][ T6221] Total swap = 124996kB [ 136.044117][ T6221] 2097051 pages RAM [ 136.048054][ T6221] 0 pages HighMem/MovableOnly [ 136.071163][ T6221] 424698 pages reserved [ 136.075500][ T6221] 0 pages cma reserved [ 136.173683][ T5934] usb 3-1: selecting invalid altsetting 0 [ 136.186647][ T6221] bcachefs (loop0): error reallocating journal fifo (32768 open entries) [ 136.203096][ T5934] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 136.223746][ T6221] bcachefs (loop0): error in recovery: ENOMEM_journal_pin_fifoemergency read only at seq 0 [ 136.558603][ T6297] xt_connbytes: Forcing CT accounting to be enabled [ 136.558800][ T6297] Cannot find set identified by id 0 to match [ 136.943585][ T5934] usb 3-1: No valid video chain found. [ 136.977290][ T5934] usb 3-1: selecting invalid altsetting 0 [ 136.977313][ T5934] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 137.095972][ T5934] usb 3-1: USB disconnect, device number 3 [ 137.285549][ T6300] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 137.335061][ T6221] bcachefs (loop0): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo [ 137.335085][ T6221] bcachefs (loop0): shutting down [ 137.360716][ T6221] bcachefs (loop0): shutdown complete [ 137.446283][ T6302] loop2: detected capacity change from 0 to 128 [ 138.161935][ T6307] netlink: 8 bytes leftover after parsing attributes in process `syz.1.89'. [ 138.628598][ T6310] loop1: detected capacity change from 0 to 512 [ 138.650915][ T6310] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 138.687510][ T6310] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 138.838873][ T6310] EXT4-fs (loop1): 1 truncate cleaned up [ 138.846398][ T6310] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.731317][ T5962] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 140.919214][ T5962] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 140.932494][ T5962] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.958607][ T5962] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 140.970185][ T5962] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=4 [ 140.979141][ T5962] usb 2-1: SerialNumber: syz [ 140.990686][ T5962] usb 2-1: config 0 descriptor?? [ 140.994059][ T6221] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo [ 141.002797][ T5962] usb 2-1: Found UVC 0.00 device (10c4:ea90) [ 141.021229][ T5962] usb 2-1: No valid video chain found. [ 142.753511][ T5962] usb 2-1: USB disconnect, device number 2 [ 142.909020][ T6328] loop0: detected capacity change from 0 to 40427 [ 143.150359][ T6328] F2FS-fs (loop0): quotafile must be on filesystem root [ 143.328825][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.981617][ T6327] Set syz1 is full, maxelem 65536 reached [ 145.182464][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 145.279457][ T6338] loop0: detected capacity change from 0 to 8 [ 145.471991][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 145.577705][ T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 146.757619][ T24] usb 3-1: string descriptor 0 read error: -71 [ 146.769899][ T24] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 146.779649][ T24] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 146.864662][ T24] usb 3-1: config 0 descriptor?? [ 146.883074][ T24] usb 3-1: can't set config #0, error -71 [ 146.923743][ T24] usb 3-1: USB disconnect, device number 4 [ 147.556179][ T6357] loop0: detected capacity change from 0 to 40427 [ 147.596042][ T6357] F2FS-fs (loop0): invalid crc value [ 147.723317][ T6357] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 148.253340][ T5832] syz-executor: attempt to access beyond end of device [ 148.253340][ T5832] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 148.383961][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) [ 148.383990][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.383999][ T5832] Call Trace: [ 148.384007][ T5832] [ 148.384015][ T5832] dump_stack_lvl+0x189/0x250 [ 148.384044][ T5832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.384059][ T5832] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 148.384087][ T5832] ? __pfx_queue_work_on+0x10/0x10 [ 148.384105][ T5832] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 148.384128][ T5832] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 148.384156][ T5832] ? f2fs_hw_is_readonly+0x39b/0x470 [ 148.384184][ T5832] f2fs_handle_critical_error+0x37c/0x540 [ 148.384214][ T5832] f2fs_write_end_io+0x495/0x810 [ 148.384237][ T5832] ? blkg_put+0x22/0x240 [ 148.384278][ T5832] __submit_merged_bio+0x27a/0x6a0 [ 148.384310][ T5832] __submit_merged_write_cond+0x255/0x530 [ 148.384339][ T5832] f2fs_write_data_pages+0x261d/0x3000 [ 148.384361][ T5832] ? __lock_acquire+0xab9/0xd20 [ 148.384430][ T5832] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 148.384510][ T5832] ? __mod_zone_page_state+0xd7/0x140 [ 148.384542][ T5832] ? folios_put_refs+0x560/0x640 [ 148.384592][ T5832] ? __lock_acquire+0xab9/0xd20 [ 148.384637][ T5832] ? do_raw_spin_lock+0x121/0x290 [ 148.384675][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 148.384696][ T5832] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 148.384722][ T5832] do_writepages+0x32b/0x550 [ 148.384766][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 148.384794][ T5832] filemap_fdatawrite+0x191/0x230 [ 148.384812][ T5832] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 148.384898][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 148.384926][ T5832] f2fs_sync_dirty_inodes+0x31f/0x830 [ 148.384974][ T5832] f2fs_write_checkpoint+0x94a/0x1de0 [ 148.385031][ T5832] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 148.385113][ T5832] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 148.385138][ T5832] ? kfree+0x18e/0x440 [ 148.385157][ T5832] ? kill_f2fs_super+0x298/0x6c0 [ 148.385191][ T5832] kill_f2fs_super+0x2c3/0x6c0 [ 148.385223][ T5832] ? __pfx_kill_f2fs_super+0x10/0x10 [ 148.385244][ T5832] ? radix_tree_delete_item+0x2b6/0x400 [ 148.385274][ T5832] ? shrinker_free+0x2ce/0x3e0 [ 148.385302][ T5832] deactivate_locked_super+0xb9/0x130 [ 148.385329][ T5832] cleanup_mnt+0x425/0x4c0 [ 148.385354][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.385378][ T5832] task_work_run+0x1d1/0x260 [ 148.385406][ T5832] ? __pfx_task_work_run+0x10/0x10 [ 148.385425][ T5832] ? __x64_sys_umount+0x122/0x160 [ 148.385452][ T5832] ? exit_to_user_mode_loop+0x40/0x110 [ 148.385483][ T5832] exit_to_user_mode_loop+0xec/0x110 [ 148.385509][ T5832] do_syscall_64+0x2bd/0x3b0 [ 148.385527][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.385546][ T5832] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.385564][ T5832] ? clear_bhb_loop+0x60/0xb0 [ 148.385599][ T5832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.385616][ T5832] RIP: 0033:0x7f958858fc57 [ 148.385634][ T5832] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 148.385649][ T5832] RSP: 002b:00007ffd47c39128 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 148.385669][ T5832] RAX: 0000000000000000 RBX: 00007f9588610925 RCX: 00007f958858fc57 [ 148.385682][ T5832] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd47c391e0 [ 148.385692][ T5832] RBP: 00007ffd47c391e0 R08: 0000000000000000 R09: 0000000000000000 [ 148.385703][ T5832] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd47c3a270 [ 148.385714][ T5832] R13: 00007f9588610925 R14: 000000000002429f R15: 00007ffd47c3a2b0 [ 148.385752][ T5832] [ 148.385760][ T5832] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 148.822350][ T6355] loop4: detected capacity change from 0 to 1024 [ 149.260498][ T5934] libceph: connect (1)[c::]:6789 error -101 [ 149.307285][ T5934] libceph: mon0 (1)[c::]:6789 connect error [ 149.453956][ T6355] hfsplus: invalid btree extent records (0 size) [ 149.481910][ T6355] hfsplus: failed to load attributes file [ 149.551414][ T6365] ceph: No mds server is up or the cluster is laggy [ 149.872406][ T6371] loop1: detected capacity change from 0 to 512 [ 149.880314][ T6372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.104'. [ 149.930185][ T6371] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 150.016252][ T6371] EXT4-fs (loop1): 1 truncate cleaned up [ 150.098149][ T6371] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 151.181393][ T43] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 151.913997][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 151.936316][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.927745][ T6384] loop2: detected capacity change from 0 to 40427 [ 152.978630][ T6384] F2FS-fs (loop2): quotafile must be on filesystem root [ 153.168226][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.450444][ T43] usb 2-1: string descriptor 0 read error: -71 [ 153.458023][ T43] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 153.468535][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=4 [ 153.490921][ T43] usb 2-1: config 0 descriptor?? [ 153.641642][ T6393] overlayfs: overlapping lowerdir path [ 153.741410][ T6394] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 154.228470][ T43] usb 2-1: can't set config #0, error -71 [ 154.259891][ T43] usb 2-1: USB disconnect, device number 3 [ 154.472703][ T6396] siw: device registration error -23 [ 155.964890][ T6403] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 156.764730][ T6412] netlink: 'syz.1.118': attribute type 12 has an invalid length. [ 157.590258][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 158.110570][ T6421] loop1: detected capacity change from 0 to 128 [ 158.134222][ T6421] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 158.248815][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 158.278643][ T6421] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 158.294337][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 158.324797][ T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 158.347107][ T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 158.358852][ T9] usb 1-1: Product: syz [ 158.366231][ T9] usb 1-1: Manufacturer: syz [ 158.376456][ T9] usb 1-1: SerialNumber: syz [ 158.388948][ T9] usb 1-1: config 0 descriptor?? [ 158.396938][ T6405] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 159.029407][ T43] usb 1-1: USB disconnect, device number 3 [ 159.127651][ T6430] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 160.202920][ T6442] Zero length message leads to an empty skb [ 161.399327][ T6450] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 161.451647][ T5904] lo speed is unknown, defaulting to 1000 [ 161.553674][ T6463] netlink: 161716 bytes leftover after parsing attributes in process `syz.3.133'. [ 161.553733][ T6463] netlink: zone id is out of range [ 161.553758][ T6463] netlink: zone id is out of range [ 162.095749][ T6466] loop1: detected capacity change from 0 to 128 [ 162.128178][ T6466] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 162.141614][ T6466] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 163.342756][ T5934] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 163.553183][ T5934] usb 3-1: Using ep0 maxpacket: 32 [ 163.576307][ T5934] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 163.647250][ T5934] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 163.715379][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 163.761470][ T5934] usb 3-1: Product: syz [ 163.765751][ T5934] usb 3-1: Manufacturer: syz [ 163.770552][ T5934] usb 3-1: SerialNumber: syz [ 166.352324][ T5934] usb 3-1: config 0 descriptor?? [ 166.461010][ T5934] usb 3-1: can't set config #0, error -71 [ 166.902110][ T5934] usb 3-1: USB disconnect, device number 5 [ 166.911861][ T5836] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 167.207247][ T6500] loop3: detected capacity change from 0 to 128 [ 168.176030][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 168.774918][ T5836] usb 1-1: device descriptor read/all, error -71 [ 168.782312][ T9] usb 5-1: device descriptor read/64, error -71 [ 169.087158][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 169.475148][ T9] usb 5-1: device descriptor read/64, error -71 [ 169.536889][ T43] libceph: connect (1)[c::]:6789 error -101 [ 169.544638][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 169.825105][ T6518] ceph: No mds server is up or the cluster is laggy [ 169.848829][ T43] libceph: connect (1)[c::]:6789 error -101 [ 169.927373][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 169.938848][ T9] usb usb5-port1: attempt power cycle [ 170.855581][ T6534] loop1: detected capacity change from 0 to 128 [ 172.207484][ T6541] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 172.351503][ T5962] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 172.641147][ T5962] usb 3-1: Using ep0 maxpacket: 32 [ 172.651557][ T5962] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 173.837091][ T5962] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 173.880646][ T5962] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 173.990407][ T5962] usb 3-1: Product: syz [ 174.071578][ T5962] usb 3-1: config 0 descriptor?? [ 174.078258][ T5962] usb 3-1: can't set config #0, error -71 [ 174.088425][ T5962] usb 3-1: USB disconnect, device number 6 [ 174.193459][ T6559] loop2: detected capacity change from 0 to 128 [ 174.241289][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 174.964848][ T24] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 175.006143][ T24] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 175.036173][ T24] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 175.079562][ T24] usb 4-1: config 220 has no interface number 2 [ 175.129973][ T24] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 175.179322][ T24] usb 4-1: config 220 interface 0 has no altsetting 0 [ 175.245735][ T24] usb 4-1: config 220 interface 76 has no altsetting 0 [ 175.820920][ T24] usb 4-1: config 220 interface 1 has no altsetting 0 [ 175.853922][ T24] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 175.864145][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.872855][ T24] usb 4-1: Product: syz [ 175.877697][ T24] usb 4-1: Manufacturer: syz [ 175.883038][ T24] usb 4-1: SerialNumber: syz [ 176.146419][ T24] usb 4-1: selecting invalid altsetting 0 [ 176.173565][ T24] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 176.182391][ T24] usb 4-1: No valid video chain found. [ 177.042371][ T24] usb 4-1: selecting invalid altsetting 0 [ 177.048540][ T24] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 177.090091][ T5836] libceph: connect (1)[c::]:6789 error -101 [ 177.135150][ T5836] libceph: mon0 (1)[c::]:6789 connect error [ 177.169196][ T24] usb 4-1: USB disconnect, device number 3 [ 177.196943][ T6575] ceph: No mds server is up or the cluster is laggy [ 177.341226][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 177.390823][ T6585] loop1: detected capacity change from 0 to 128 [ 177.818833][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 177.836753][ T9] usb 1-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 178.013779][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 178.046667][ T9] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 178.064665][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 178.079218][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 178.129904][ T9] usb 1-1: Product: syz [ 178.158333][ T9] usb 1-1: Manufacturer: syz [ 178.348197][ T9] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 180.627422][ T6605] loop4: detected capacity change from 0 to 128 [ 181.129899][ T9] usb 1-1: USB disconnect, device number 6 [ 184.535213][ T6628] loop1: detected capacity change from 0 to 128 [ 184.688963][ T6634] siw: device registration error -23 [ 188.621678][ T980] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 189.158838][ T980] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 189.183018][ T980] usb 3-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 189.243353][ T980] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 189.293471][ T980] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 190.390481][ T6672] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 191.171320][ T980] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 191.205899][ T980] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 191.225842][ T980] usb 3-1: Product: syz [ 191.235479][ T980] usb 3-1: Manufacturer: syz [ 191.340832][ T980] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 191.478075][ T43] usb 3-1: USB disconnect, device number 7 [ 194.515714][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.522228][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.828968][ T6701] loop1: detected capacity change from 0 to 128 [ 195.777778][ T6707] netlink: 4 bytes leftover after parsing attributes in process `syz.0.196'. [ 195.790928][ T6707] netlink: 4 bytes leftover after parsing attributes in process `syz.0.196'. [ 197.783923][ T6717] loop1: detected capacity change from 0 to 128 [ 197.791887][ T6717] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 197.806176][ T6717] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 198.542905][ T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 198.709635][ T6730] netlink: 8 bytes leftover after parsing attributes in process `syz.0.202'. [ 199.445300][ T24] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 199.482262][ T24] usb 4-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 199.597674][ T6732] loop1: detected capacity change from 0 to 512 [ 199.632690][ T6732] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 199.710001][ T6732] EXT4-fs (loop1): 1 truncate cleaned up [ 199.740964][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 199.750750][ T24] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 199.768157][ T6735] loop0: detected capacity change from 0 to 128 [ 199.779464][ T24] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 199.798438][ T24] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 199.806824][ T24] usb 4-1: Product: syz [ 199.811007][ T24] usb 4-1: Manufacturer: syz [ 199.844495][ T6732] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.859270][ T24] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 200.485642][ T24] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 200.963806][ T6744] loop4: detected capacity change from 0 to 2048 [ 200.984963][ T6744] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 201.055201][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 201.187974][ T6745] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 201.205796][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.297632][ T24] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 201.342685][ T6746] overlayfs: missing 'lowerdir' [ 201.450751][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=4 [ 201.780347][ T24] usb 2-1: SerialNumber: syz [ 201.825593][ T24] usb 2-1: config 0 descriptor?? [ 202.069249][ T24] usb 2-1: Found UVC 0.00 device (10c4:ea90) [ 202.866438][ T3079] usb 4-1: USB disconnect, device number 4 [ 202.875321][ T24] usb 2-1: No valid video chain found. [ 203.227297][ T6759] netlink: 4 bytes leftover after parsing attributes in process `syz.4.208'. [ 203.241155][ T6759] netlink: 4 bytes leftover after parsing attributes in process `syz.4.208'. [ 203.963654][ T43] usb 2-1: USB disconnect, device number 4 [ 204.814347][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.956322][ T6760] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 205.848575][ T43] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 206.091211][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 206.364318][ T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 206.449513][ T43] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 206.471137][ T43] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 206.479785][ T43] usb 5-1: Product: syz [ 206.491130][ T43] usb 5-1: Manufacturer: syz [ 206.495854][ T43] usb 5-1: SerialNumber: syz [ 206.506627][ T43] usb 5-1: config 0 descriptor?? [ 206.603010][ T6767] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 206.861618][ T980] usb 5-1: USB disconnect, device number 5 [ 207.451262][ T6781] loop0: detected capacity change from 0 to 16 [ 207.543484][ T6781] erofs (device loop0): mounted with root inode @ nid 36. [ 208.704464][ T6789] siw: device registration error -23 [ 210.097543][ T6793] loop0: detected capacity change from 0 to 2048 [ 210.349904][ T6793] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 211.112779][ T6804] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 211.175351][ T6803] loop4: detected capacity change from 0 to 512 [ 212.034694][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 212.040806][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 212.046851][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 212.052909][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 212.059012][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 212.071195][ T6803] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 212.525956][ T6812] loop1: detected capacity change from 0 to 40427 [ 212.692689][ T6812] F2FS-fs (loop1): quotafile must be on filesystem root [ 212.707356][ T6803] EXT4-fs (loop4): 1 truncate cleaned up [ 212.726475][ T6811] loop2: detected capacity change from 0 to 128 [ 212.744975][ T6814] overlayfs: missing 'lowerdir' [ 212.760062][ T6803] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.184367][ T5836] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 216.023478][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.291189][ T5977] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 216.511222][ T5977] usb 3-1: Using ep0 maxpacket: 32 [ 216.978229][ T5977] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 218.776679][ T5977] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 220.190835][ T5977] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 220.221260][ T5977] usb 3-1: Product: syz [ 220.225665][ T5977] usb 3-1: Manufacturer: syz [ 220.230285][ T5977] usb 3-1: SerialNumber: syz [ 220.443816][ T5977] usb 3-1: config 0 descriptor?? [ 220.474020][ T5977] usb 3-1: can't set config #0, error -71 [ 220.571275][ T5977] usb 3-1: USB disconnect, device number 8 [ 222.158751][ T6863] loop2: detected capacity change from 0 to 128 [ 222.166189][ T6863] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 222.180423][ T6864] loop1: detected capacity change from 0 to 40427 [ 222.198838][ T6863] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 222.203963][ T6864] F2FS-fs (loop1): quotafile must be on filesystem root [ 223.741688][ T6873] loop2: detected capacity change from 0 to 512 [ 223.821206][ T6873] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 224.063096][ T6873] EXT4-fs (loop2): 1 truncate cleaned up [ 224.071007][ T6873] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 224.188243][ T6882] loop0: detected capacity change from 0 to 2048 [ 224.278270][ T6883] netlink: 'syz.1.239': attribute type 12 has an invalid length. [ 224.925483][ T6884] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 225.021899][ T6882] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 225.042867][ T6885] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 226.395281][ T6886] overlayfs: missing 'lowerdir' [ 226.461383][ T3079] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 226.650301][ T3079] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 226.650421][ T3079] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.663103][ T3079] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 226.663210][ T3079] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=4 [ 226.663311][ T3079] usb 3-1: SerialNumber: syz [ 226.746928][ T3079] usb 3-1: config 0 descriptor?? [ 226.772943][ T3079] usb 3-1: Found UVC 0.00 device (10c4:ea90) [ 226.772978][ T3079] usb 3-1: No valid video chain found. [ 228.037939][ T3079] usb 3-1: USB disconnect, device number 9 [ 228.870658][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.611198][ T3079] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 230.052657][ T6913] loop1: detected capacity change from 0 to 40427 [ 230.071130][ T3079] usb 1-1: Using ep0 maxpacket: 32 [ 230.092734][ T6913] F2FS-fs (loop1): quotafile must be on filesystem root [ 230.092998][ T3079] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 230.298900][ T3079] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 230.381125][ T3079] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 230.405708][ T3079] usb 1-1: Product: syz [ 230.438644][ T3079] usb 1-1: Manufacturer: syz [ 230.499421][ T3079] usb 1-1: SerialNumber: syz [ 230.762521][ T3079] usb 1-1: config 0 descriptor?? [ 230.874310][ T6904] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 231.275479][ T5977] usb 1-1: USB disconnect, device number 7 [ 231.302461][ T5854] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 231.315666][ T5854] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 231.332980][ T5854] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 231.364113][ T5854] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 231.371972][ T5854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 231.453454][ T6922] lo speed is unknown, defaulting to 1000 [ 232.820197][ T6929] netlink: 'syz.4.252': attribute type 12 has an invalid length. [ 233.582297][ T5854] Bluetooth: hci5: command tx timeout [ 233.708465][ T6934] loop0: detected capacity change from 0 to 32768 [ 233.777130][ T6934] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,nojournal_transaction_names,read_only,version_upgrade=none [ 233.777130][ T6934] allowing incompatible features above 0.0: (unknown version) [ 233.777130][ T6934] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 233.821378][ T6934] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 233.829925][ T6934] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: bad size, fixing [ 233.847562][ T6934] bcachefs (loop0): invalid bkey in superblock btree=snapshots level=0: u64s 11 type btree_ptr_v2 18446742987082825727:U64_MAX:U32_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 233.847601][ T6934] invalid key type for btree snapshots (btree_ptr_v2), deleting [ 233.854993][ T6940] loop4: detected capacity change from 0 to 512 [ 233.869737][ T6934] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 234.061549][ T6934] bcachefs (loop0): accounting_read... [ 234.088001][ T6940] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 234.288555][ T6934] done [ 234.291602][ T6934] bcachefs (loop0): alloc_read... done [ 234.353183][ T6934] bcachefs (loop0): snapshots_read... done [ 234.642567][ T6934] bcachefs (loop0): journal_replay... done [ 234.698388][ T6934] bcachefs (loop0): resume_logged_ops... done [ 234.750120][ T6934] bcachefs (loop0): delete_dead_inodes... done [ 234.780407][ T5971] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.799499][ T6934] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 234.813620][ T6934] bcachefs (loop0): resume_logged_ops... done [ 234.820769][ T6934] bcachefs (loop0): delete_dead_inodes... done [ 234.851559][ T6934] bcachefs (loop0): done starting filesystem [ 234.864243][ T6940] EXT4-fs (loop4): 1 truncate cleaned up [ 234.937407][ T6940] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.213720][ T5832] bcachefs (loop0): shutting down [ 235.524929][ T5971] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.151475][ T5854] Bluetooth: hci5: command tx timeout [ 236.203138][ T5832] bcachefs (loop0): shutdown complete [ 237.237184][ T6948] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 237.301300][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.572332][ T5971] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.144708][ T5971] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.194658][ T5854] Bluetooth: hci5: command tx timeout [ 238.433701][ T6922] chnl_net:caif_netlink_parms(): no params data found [ 238.583577][ T980] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 238.771938][ T5971] bridge_slave_1: left allmulticast mode [ 238.781398][ T980] usb 5-1: Using ep0 maxpacket: 32 [ 238.794445][ T5971] bridge_slave_1: left promiscuous mode [ 238.815596][ T980] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 238.841641][ T5971] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.905679][ T980] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 238.934680][ T980] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 238.943703][ T980] usb 5-1: Product: syz [ 238.947917][ T980] usb 5-1: Manufacturer: syz [ 238.959916][ T980] usb 5-1: SerialNumber: syz [ 238.963217][ T5971] bridge_slave_0: left allmulticast mode [ 238.974831][ T5971] bridge_slave_0: left promiscuous mode [ 238.983671][ T5971] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.625334][ T980] usb 5-1: config 0 descriptor?? [ 239.632202][ T6967] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 239.965999][ T980] usb 5-1: USB disconnect, device number 7 [ 240.281428][ T5854] Bluetooth: hci5: command tx timeout [ 242.005476][ T6991] loop0: detected capacity change from 0 to 8 [ 242.606086][ T5971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 242.638346][ T5971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 242.657430][ T5971] bond0 (unregistering): Released all slaves [ 242.670651][ T6997] loop2: detected capacity change from 0 to 512 [ 242.711414][ T6997] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 242.749505][ T6973] netlink: 'syz.1.264': attribute type 12 has an invalid length. [ 242.906248][ T6997] EXT4-fs (loop2): 1 truncate cleaned up [ 242.964353][ T6997] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 244.651810][ T5836] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 244.848059][ T5836] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 244.893786][ T5836] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.923416][ T6922] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.958793][ T5836] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 244.969664][ T6922] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.979462][ T6922] bridge_slave_0: entered allmulticast mode [ 244.985767][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=4 [ 245.129689][ T6922] bridge_slave_0: entered promiscuous mode [ 245.141263][ T5836] usb 3-1: SerialNumber: syz [ 245.147601][ T6922] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.147730][ T6922] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.147893][ T6922] bridge_slave_1: entered allmulticast mode [ 245.159765][ T5836] usb 3-1: config 0 descriptor?? [ 245.632819][ T6922] bridge_slave_1: entered promiscuous mode [ 245.649550][ T5836] usb 3-1: Found UVC 0.00 device (10c4:ea90) [ 245.657343][ T5836] usb 3-1: No valid video chain found. [ 245.792500][ T7020] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 246.511975][ T6922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.608668][ T24] usb 3-1: USB disconnect, device number 10 [ 246.734627][ T6922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.781157][ T5836] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 246.826336][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.311278][ T5836] usb 1-1: Using ep0 maxpacket: 32 [ 247.318095][ T7039] loop1: detected capacity change from 0 to 40427 [ 247.334627][ T5836] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 247.348023][ T7039] F2FS-fs (loop1): invalid crc value [ 247.367556][ T5836] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 247.385969][ T5836] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 247.469071][ T5836] usb 1-1: Product: syz [ 247.473883][ T5836] usb 1-1: Manufacturer: syz [ 247.480613][ T5836] usb 1-1: SerialNumber: syz [ 247.502714][ T7039] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 247.523622][ T5836] usb 1-1: config 0 descriptor?? [ 247.553390][ T6922] team0: Port device team_slave_0 added [ 247.682757][ T7033] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 248.188514][ T7050] loop4: detected capacity change from 0 to 1024 [ 248.200784][ T5971] hsr_slave_0: left promiscuous mode [ 248.206162][ T3079] usb 1-1: USB disconnect, device number 8 [ 248.244756][ T7050] hfsplus: invalid btree extent records (0 size) [ 248.279683][ T7050] hfsplus: failed to load attributes file [ 248.290824][ T5971] hsr_slave_1: left promiscuous mode [ 248.310364][ T5971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 248.354698][ T5971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 248.373138][ T5971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 248.388272][ T5971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 248.519858][ T5971] veth1_macvtap: left promiscuous mode [ 248.561337][ T5971] veth0_macvtap: left promiscuous mode [ 248.578433][ T5971] veth1_vlan: left promiscuous mode [ 248.594318][ T5971] veth0_vlan: left promiscuous mode [ 251.145111][ T5833] syz-executor: attempt to access beyond end of device [ 251.145111][ T5833] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 251.176444][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) [ 251.176470][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.176480][ T5833] Call Trace: [ 251.176499][ T5833] [ 251.176508][ T5833] dump_stack_lvl+0x189/0x250 [ 251.176534][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.176549][ T5833] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 251.176578][ T5833] ? __pfx_queue_work_on+0x10/0x10 [ 251.176598][ T5833] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 251.176624][ T5833] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 251.176654][ T5833] ? f2fs_hw_is_readonly+0x39b/0x470 [ 251.176682][ T5833] f2fs_handle_critical_error+0x37c/0x540 [ 251.176712][ T5833] f2fs_write_end_io+0x495/0x810 [ 251.176735][ T5833] ? blkg_put+0x22/0x240 [ 251.176776][ T5833] __submit_merged_bio+0x27a/0x6a0 [ 251.176808][ T5833] __submit_merged_write_cond+0x255/0x530 [ 251.176837][ T5833] f2fs_write_data_pages+0x261d/0x3000 [ 251.176901][ T5833] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 251.176939][ T5833] ? arch_stack_walk+0xfc/0x150 [ 251.176989][ T5833] ? __mod_zone_page_state+0xd7/0x140 [ 251.177019][ T5833] ? folios_put_refs+0x560/0x640 [ 251.177057][ T5833] ? __lock_acquire+0xab9/0xd20 [ 251.177089][ T5833] ? do_raw_spin_lock+0x121/0x290 [ 251.177123][ T5833] ? do_raw_spin_unlock+0x122/0x240 [ 251.177140][ T5833] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 251.177164][ T5833] do_writepages+0x32b/0x550 [ 251.177204][ T5833] ? do_raw_spin_unlock+0x122/0x240 [ 251.177230][ T5833] filemap_fdatawrite+0x191/0x230 [ 251.177248][ T5833] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 251.177321][ T5833] ? do_raw_spin_unlock+0x122/0x240 [ 251.177348][ T5833] f2fs_sync_dirty_inodes+0x31f/0x830 [ 251.177391][ T5833] f2fs_write_checkpoint+0x94a/0x1de0 [ 251.177445][ T5833] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 251.177528][ T5833] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 251.177553][ T5833] ? kfree+0x18e/0x440 [ 251.177571][ T5833] ? kill_f2fs_super+0x298/0x6c0 [ 251.177602][ T5833] kill_f2fs_super+0x2c3/0x6c0 [ 251.177635][ T5833] ? __pfx_kill_f2fs_super+0x10/0x10 [ 251.177657][ T5833] ? radix_tree_delete_item+0x2b6/0x400 [ 251.177684][ T5833] ? shrinker_free+0x2ce/0x3e0 [ 251.177711][ T5833] deactivate_locked_super+0xb9/0x130 [ 251.177741][ T5833] cleanup_mnt+0x425/0x4c0 [ 251.177765][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.177795][ T5833] task_work_run+0x1d1/0x260 [ 251.177821][ T5833] ? __pfx_task_work_run+0x10/0x10 [ 251.177841][ T5833] ? __x64_sys_umount+0x122/0x160 [ 251.177864][ T5833] ? exit_to_user_mode_loop+0x40/0x110 [ 251.177894][ T5833] exit_to_user_mode_loop+0xec/0x110 [ 251.177920][ T5833] do_syscall_64+0x2bd/0x3b0 [ 251.177939][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.177958][ T5833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.177975][ T5833] ? clear_bhb_loop+0x60/0xb0 [ 251.177998][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.178015][ T5833] RIP: 0033:0x7f36f138fc57 [ 251.178032][ T5833] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 251.178047][ T5833] RSP: 002b:00007ffda7f607b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 251.178066][ T5833] RAX: 0000000000000000 RBX: 00007f36f1410925 RCX: 00007f36f138fc57 [ 251.178078][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffda7f60870 [ 251.178089][ T5833] RBP: 00007ffda7f60870 R08: 0000000000000000 R09: 0000000000000000 [ 251.178099][ T5833] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffda7f61900 [ 251.178109][ T5833] R13: 00007f36f1410925 R14: 000000000003ca57 R15: 00007ffda7f61940 [ 251.178140][ T5833] [ 251.178147][ T5833] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 252.720548][ T5971] team0 (unregistering): Port device team_slave_1 removed [ 252.825812][ T5971] team0 (unregistering): Port device team_slave_0 removed [ 253.705212][ T6922] team0: Port device team_slave_1 added [ 253.779082][ T7062] netlink: 'syz.2.281': attribute type 12 has an invalid length. [ 253.852596][ T7070] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 253.988940][ T6922] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 254.011642][ T6922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.055132][ T6922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 254.240576][ T6922] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 254.321427][ T7088] netlink: 8 bytes leftover after parsing attributes in process `syz.1.287'. [ 254.946898][ T6922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 255.020944][ T6922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 255.021661][ T3079] libceph: connect (1)[c::]:6789 error -101 [ 255.060677][ T7088] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 255.070527][ T7088] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 255.081245][ T7088] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 255.169915][ T3079] libceph: mon0 (1)[c::]:6789 connect error [ 255.265478][ T7086] ceph: No mds server is up or the cluster is laggy [ 255.846892][ T7099] loop0: detected capacity change from 0 to 1024 [ 255.954305][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.960755][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.097574][ T7099] hfsplus: invalid btree extent records (0 size) [ 256.191309][ T7099] hfsplus: failed to load attributes file [ 256.257109][ T6922] hsr_slave_0: entered promiscuous mode [ 256.719338][ T6922] hsr_slave_1: entered promiscuous mode [ 256.767630][ T6922] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 256.809040][ T6922] Cannot create hsr debugfs directory [ 259.012920][ T6922] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 259.024195][ T6922] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 259.065969][ T6922] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 259.103501][ T6922] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 259.551335][ T6922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.725759][ T6922] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.788741][ T1040] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.796081][ T1040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.002851][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.010072][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.626132][ T7150] loop2: detected capacity change from 0 to 512 [ 260.662352][ T7150] EXT4-fs: Ignoring removed orlov option [ 260.838077][ T7159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.299'. [ 261.007351][ T7150] EXT4-fs error (device loop2): dx_probe:791: inode #2: comm syz.2.298: Attempting to read directory block (0) that is past i_size (256) [ 261.544324][ T7150] EXT4-fs (loop2): Remounting filesystem read-only [ 261.597346][ T7150] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 261.616739][ T7150] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 261.907798][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.123281][ T6922] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 262.571850][ T7177] misc userio: Invalid payload size [ 262.577258][ T7177] misc userio: No port type given on /dev/userio [ 262.584247][ T7177] misc userio: The device must be registered before sending interrupts [ 262.648263][ T7177] Bluetooth: MGMT ver 1.23 [ 263.366961][ T7189] loop0: detected capacity change from 0 to 1024 [ 263.532932][ T7186] loop1: detected capacity change from 0 to 8 [ 264.111461][ T7189] hfsplus: invalid btree extent records (0 size) [ 264.152982][ T7189] hfsplus: failed to load attributes file [ 265.797563][ T5836] libceph: connect (1)[c::]:6789 error -101 [ 265.814031][ T5836] libceph: mon0 (1)[c::]:6789 connect error [ 265.951527][ T6922] veth0_vlan: entered promiscuous mode [ 265.987976][ T7220] loop1: detected capacity change from 0 to 512 [ 266.013629][ T6922] veth1_vlan: entered promiscuous mode [ 266.023714][ T7212] ceph: No mds server is up or the cluster is laggy [ 266.048942][ T7220] EXT4-fs: Ignoring removed orlov option [ 266.120640][ T7220] EXT4-fs error (device loop1): dx_probe:791: inode #2: comm syz.1.310: Attempting to read directory block (0) that is past i_size (256) [ 266.231233][ T7220] EXT4-fs (loop1): Remounting filesystem read-only [ 266.326184][ T7220] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 266.373080][ T7220] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.455691][ T6922] veth0_macvtap: entered promiscuous mode [ 266.512326][ T6922] veth1_macvtap: entered promiscuous mode [ 266.592885][ T6922] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 266.633907][ T6922] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 266.670694][ T6922] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.700074][ T6922] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.720401][ T6922] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.745738][ T6922] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.907441][ T7235] loop4: detected capacity change from 0 to 32768 [ 266.993442][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.052932][ T7235] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,nojournal_transaction_names,read_only,version_upgrade=none [ 267.052932][ T7235] allowing incompatible features above 0.0: (unknown version) [ 267.052932][ T7235] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 267.096577][ T7235] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 267.105456][ T7235] bcachefs (loop4): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: bad size, fixing [ 267.123711][ T7235] bcachefs (loop4): invalid bkey in superblock btree=snapshots level=0: u64s 11 type btree_ptr_v2 18446742987082825727:U64_MAX:U32_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 267.123736][ T7235] invalid key type for btree snapshots (btree_ptr_v2), deleting [ 267.154239][ T7235] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 267.225127][ T7235] bcachefs (loop4): accounting_read... [ 267.295546][ T7235] done [ 267.298484][ T7235] bcachefs (loop4): alloc_read... done [ 267.307997][ T7235] bcachefs (loop4): snapshots_read... done [ 267.325245][ T7235] bcachefs (loop4): journal_replay... done [ 267.341868][ T7235] bcachefs (loop4): resume_logged_ops... done [ 267.349358][ T7235] bcachefs (loop4): delete_dead_inodes... done [ 267.358971][ T7235] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean [ 267.373344][ T7235] bcachefs (loop4): resume_logged_ops... done [ 267.396217][ T7235] bcachefs (loop4): delete_dead_inodes... done [ 267.436822][ T7235] bcachefs (loop4): done starting filesystem [ 267.678077][ T7247] hub 8-0:1.0: USB hub found [ 267.684351][ T7247] hub 8-0:1.0: 1 port detected [ 268.325708][ T5835] bcachefs (loop4): shutting down [ 268.464104][ T5835] bcachefs (loop4): shutdown complete [ 268.504129][ T3021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.531105][ T3021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.712156][ T6377] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.738738][ T6377] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.077272][ T7264] loop2: detected capacity change from 0 to 1024 [ 270.161806][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 270.216017][ T7264] hfsplus: invalid btree extent records (0 size) [ 270.236304][ T7264] hfsplus: failed to load attributes file [ 270.386279][ T9] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 270.453585][ T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 270.597258][ T9] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 271.293557][ T9] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 271.331110][ T9] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 271.349565][ T9] usb 6-1: Product: syz [ 271.359713][ T9] usb 6-1: Manufacturer: syz [ 271.402882][ T9] cdc_wdm 6-1:1.0: skipping garbage [ 271.475098][ T9] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 272.786193][ T24] libceph: connect (1)[c::]:6789 error -101 [ 272.798355][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 273.084385][ T24] libceph: connect (1)[c::]:6789 error -101 [ 273.102524][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 273.216700][ T7297] loop1: detected capacity change from 0 to 512 [ 273.260577][ T7297] EXT4-fs: Ignoring removed orlov option [ 273.371775][ T7297] EXT4-fs error (device loop1): dx_probe:791: inode #2: comm syz.1.322: Attempting to read directory block (0) that is past i_size (256) [ 273.480923][ T7297] EXT4-fs (loop1): Remounting filesystem read-only [ 273.527382][ T7297] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 273.566847][ T5977] usb 6-1: USB disconnect, device number 2 [ 273.573664][ T7288] ceph: No mds server is up or the cluster is laggy [ 273.583589][ T7297] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 273.821901][ T7304] loop4: detected capacity change from 0 to 8 [ 274.464983][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.766359][ T7313] loop5: detected capacity change from 0 to 32768 [ 274.869625][ T7316] loop4: detected capacity change from 0 to 16 [ 274.882969][ T7316] erofs (device loop4): mounted with root inode @ nid 36. [ 274.911217][ T7313] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,nojournal_transaction_names,read_only,version_upgrade=none [ 274.911217][ T7313] allowing incompatible features above 0.0: (unknown version) [ 274.911217][ T7313] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 274.956049][ T7313] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0 [ 274.964660][ T7313] bcachefs (loop5): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: bad size, fixing [ 274.980693][ T7313] bcachefs (loop5): invalid bkey in superblock btree=snapshots level=0: u64s 11 type btree_ptr_v2 18446742987082825727:U64_MAX:U32_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 274.980718][ T7313] invalid key type for btree snapshots (btree_ptr_v2), deleting [ 275.011167][ T7313] bcachefs (loop5): recovering from clean shutdown, journal seq 10 [ 275.118033][ T7313] bcachefs (loop5): accounting_read... done [ 275.134789][ T7313] bcachefs (loop5): alloc_read... done [ 275.167735][ T7313] bcachefs (loop5): snapshots_read... done [ 275.191610][ T7313] bcachefs (loop5): journal_replay... done [ 275.247364][ T7313] bcachefs (loop5): resume_logged_ops... done [ 275.265563][ T7313] bcachefs (loop5): delete_dead_inodes... done [ 275.292637][ T7313] bcachefs (loop5): Fixed errors, running fsck a second time to verify fs is clean [ 275.307508][ T7313] bcachefs (loop5): resume_logged_ops... done [ 275.359092][ T7313] bcachefs (loop5): delete_dead_inodes... done [ 275.417740][ T7313] bcachefs (loop5): done starting filesystem [ 276.008737][ T7319] loop1: detected capacity change from 0 to 2048 [ 276.056671][ T7319] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 276.153126][ T6922] bcachefs (loop5): shutting down [ 276.885539][ T6922] bcachefs (loop5): shutdown complete [ 277.325056][ T7334] netlink: 161716 bytes leftover after parsing attributes in process `syz.4.332'. [ 277.442333][ T7334] netlink: zone id is out of range [ 277.461442][ T7334] netlink: zone id is out of range [ 278.717722][ T3079] libceph: connect (1)[c::]:6789 error -101 [ 278.900319][ T3079] libceph: mon0 (1)[c::]:6789 connect error [ 279.870567][ T7356] loop0: detected capacity change from 0 to 40427 [ 279.878885][ T7346] ceph: No mds server is up or the cluster is laggy [ 279.923284][ T7356] F2FS-fs (loop0): quotafile must be on filesystem root [ 280.514185][ T7361] loop4: detected capacity change from 0 to 512 [ 280.528983][ T7371] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 280.559126][ T7361] EXT4-fs: Ignoring removed orlov option [ 280.675761][ T7361] EXT4-fs error (device loop4): dx_probe:791: inode #2: comm syz.4.336: Attempting to read directory block (0) that is past i_size (256) [ 280.743134][ T7370] loop2: detected capacity change from 0 to 1024 [ 280.827923][ T7370] hfsplus: invalid btree extent records (0 size) [ 280.828146][ T7370] hfsplus: failed to load attributes file [ 280.854419][ T7361] EXT4-fs (loop4): Remounting filesystem read-only [ 280.854516][ T7361] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 280.856544][ T7361] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 281.096914][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 281.387638][ T7379] loop4: detected capacity change from 0 to 128 [ 284.206796][ T7403] netlink: 161716 bytes leftover after parsing attributes in process `syz.4.344'. [ 284.449216][ T7403] netlink: zone id is out of range [ 284.472264][ T7403] netlink: zone id is out of range [ 285.311846][ T43] libceph: connect (1)[c::]:6789 error -101 [ 285.318008][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 285.427362][ T7423] loop5: detected capacity change from 0 to 16 [ 285.482650][ T7423] erofs (device loop5): mounted with root inode @ nid 36. [ 285.669988][ T43] libceph: connect (1)[c::]:6789 error -101 [ 285.714028][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 286.420266][ T3079] libceph: connect (1)[c::]:6789 error -101 [ 286.426979][ T7415] ceph: No mds server is up or the cluster is laggy [ 286.497302][ T3079] libceph: mon0 (1)[c::]:6789 connect error [ 286.765407][ T7430] loop2: detected capacity change from 0 to 16 [ 286.831795][ T7430] erofs (device loop2): mounted with root inode @ nid 36. [ 288.022608][ T7438] loop5: detected capacity change from 0 to 512 [ 288.030002][ T7438] EXT4-fs: Ignoring removed orlov option [ 288.238109][ T7438] EXT4-fs error (device loop5): dx_probe:791: inode #2: comm syz.5.350: Attempting to read directory block (0) that is past i_size (256) [ 289.378789][ T7438] EXT4-fs (loop5): Remounting filesystem read-only [ 289.436373][ T7438] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 289.493621][ T7438] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.825046][ T7459] netlink: 161716 bytes leftover after parsing attributes in process `syz.2.356'. [ 289.890198][ T7459] netlink: zone id is out of range [ 289.908208][ T7459] netlink: zone id is out of range [ 290.341399][ T6922] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.021406][ T7478] loop1: detected capacity change from 0 to 1024 [ 291.103557][ T3079] libceph: connect (1)[c::]:6789 error -101 [ 291.123196][ T3079] libceph: mon0 (1)[c::]:6789 connect error [ 291.452163][ T3079] libceph: connect (1)[c::]:6789 error -101 [ 291.658166][ T7478] hfsplus: invalid btree extent records (0 size) [ 292.149397][ T7487] ceph: No mds server is up or the cluster is laggy [ 292.273138][ T3079] libceph: mon0 (1)[c::]:6789 connect error [ 292.301973][ T7478] hfsplus: failed to load attributes file [ 295.790008][ T7524] netlink: 161716 bytes leftover after parsing attributes in process `syz.0.370'. [ 295.872268][ T7524] netlink: zone id is out of range [ 295.887006][ T7524] netlink: zone id is out of range [ 296.240086][ T7530] loop5: detected capacity change from 0 to 512 [ 296.336768][ T7530] EXT4-fs: Ignoring removed orlov option [ 296.507903][ T7530] EXT4-fs error (device loop5): dx_probe:791: inode #2: comm syz.5.372: Attempting to read directory block (0) that is past i_size (256) [ 296.698945][ T7530] EXT4-fs (loop5): Remounting filesystem read-only [ 296.776024][ T7530] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 296.837820][ T7530] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 297.741992][ T6922] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.219627][ T43] libceph: connect (1)[c::]:6789 error -101 [ 298.236760][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 299.389691][ T43] libceph: connect (1)[c::]:6789 error -101 [ 299.397023][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 299.543471][ T7554] ceph: No mds server is up or the cluster is laggy [ 300.030647][ T3079] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 300.430145][ T3079] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 300.957725][ T3079] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 300.999959][ T7578] loop2: detected capacity change from 0 to 128 [ 301.016464][ T3079] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 301.032339][ T3079] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 301.052949][ T3079] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 301.069243][ T3079] usb 2-1: Product: syz [ 301.076261][ T3079] usb 2-1: Manufacturer: syz [ 301.146089][ T3079] cdc_wdm 2-1:1.0: skipping garbage [ 301.151373][ T3079] cdc_wdm 2-1:1.0: skipping garbage [ 301.180301][ T3079] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 301.522109][ T7589] loop0: detected capacity change from 0 to 32768 [ 301.980699][ T7589] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,nojournal_transaction_names,read_only,version_upgrade=none [ 301.980699][ T7589] allowing incompatible features above 0.0: (unknown version) [ 301.980699][ T7589] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 302.024352][ T7589] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 302.033210][ T7589] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: bad size, fixing [ 302.049784][ T7589] bcachefs (loop0): invalid bkey in superblock btree=snapshots level=0: u64s 11 type btree_ptr_v2 18446742987082825727:U64_MAX:U32_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 302.049811][ T7589] invalid key type for btree snapshots (btree_ptr_v2), deleting [ 302.079914][ T7589] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 302.894511][ T7589] bcachefs (loop0): accounting_read... [ 303.072034][ T7599] loop2: detected capacity change from 0 to 2048 [ 303.107400][ T7589] done [ 303.112649][ T7589] bcachefs (loop0): alloc_read... done [ 303.124649][ T7589] bcachefs (loop0): snapshots_read... done [ 303.144997][ T7589] bcachefs (loop0): journal_replay... [ 303.147223][ T7599] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 303.174483][ T7589] done [ 303.178360][ T7589] bcachefs (loop0): resume_logged_ops... done [ 303.185677][ T7589] bcachefs (loop0): delete_dead_inodes... done [ 303.196955][ T7589] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 303.207588][ T7589] bcachefs (loop0): resume_logged_ops... done [ 303.219437][ T7589] bcachefs (loop0): delete_dead_inodes... done [ 303.237362][ T7589] bcachefs (loop0): done starting filesystem [ 303.318776][ T7604] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 303.358228][ T7599] overlayfs: missing 'lowerdir' [ 303.368219][ T5832] bcachefs (loop0): shutting down [ 303.540037][ T5832] bcachefs (loop0): shutdown complete [ 303.584202][ T3079] usb 2-1: USB disconnect, device number 5 [ 304.905407][ T24] libceph: connect (1)[c::]:6789 error -101 [ 304.911874][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 305.206678][ T24] libceph: connect (1)[c::]:6789 error -101 [ 305.573678][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 305.634513][ T7621] ceph: No mds server is up or the cluster is laggy [ 306.076156][ T7638] loop2: detected capacity change from 0 to 128 [ 306.313797][ T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 306.579746][ T24] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 306.718315][ T24] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 306.737994][ T7643] loop4: detected capacity change from 0 to 512 [ 306.762979][ T24] usb 2-1: config 220 has an invalid descriptor of length 101, skipping remainder of the config [ 306.827959][ T24] usb 2-1: config 220 has no interface number 2 [ 306.842941][ T7643] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.902733][ T24] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 306.911027][ T7643] ext4 filesystem being mounted at /80/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 307.023174][ T24] usb 2-1: config 220 interface 0 has no altsetting 0 [ 307.036795][ T24] usb 2-1: config 220 interface 76 has no altsetting 0 [ 307.052389][ T24] usb 2-1: config 220 interface 1 has no altsetting 0 [ 307.538295][ T24] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 308.135642][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.153648][ T24] usb 2-1: Product: syz [ 308.157879][ T24] usb 2-1: Manufacturer: syz [ 308.162504][ T24] usb 2-1: SerialNumber: syz [ 308.631641][ T24] usb 2-1: selecting invalid altsetting 0 [ 308.654945][ T24] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 308.785057][ T7662] loop5: detected capacity change from 0 to 32768 [ 308.965940][ T24] usb 2-1: No valid video chain found. [ 309.030688][ T7662] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,nojournal_transaction_names,read_only,version_upgrade=none [ 309.030688][ T7662] allowing incompatible features above 0.0: (unknown version) [ 309.030688][ T7662] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 309.074381][ T7662] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0 [ 309.082912][ T7662] bcachefs (loop5): invalid journal entry, version=1.7: mi_btree_bitmap type=data_usage in superblock: invalid journal entry usage: bad size, fixing [ 309.099693][ T7662] bcachefs (loop5): invalid bkey in superblock btree=snapshots level=0: u64s 11 type btree_ptr_v2 18446742987082825727:U64_MAX:U32_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 309.099716][ T7662] invalid key type for btree snapshots (btree_ptr_v2), deleting [ 309.130016][ T7662] bcachefs (loop5): recovering from clean shutdown, journal seq 10 [ 309.235107][ T7662] bcachefs (loop5): accounting_read... done [ 309.247324][ T7662] bcachefs (loop5): alloc_read... done [ 309.256643][ T7662] bcachefs (loop5): snapshots_read... done [ 309.285668][ T7662] bcachefs (loop5): journal_replay... done [ 309.293168][ T7662] bcachefs (loop5): resume_logged_ops... done [ 309.300811][ T7662] bcachefs (loop5): delete_dead_inodes... done [ 309.310488][ T7662] bcachefs (loop5): Fixed errors, running fsck a second time to verify fs is clean [ 309.323977][ T7662] bcachefs (loop5): resume_logged_ops... done [ 309.340881][ T7662] bcachefs (loop5): delete_dead_inodes... done [ 309.351853][ T7662] bcachefs (loop5): done starting filesystem [ 309.383930][ T5850] Bluetooth: hci5: command 0x0405 tx timeout [ 309.513258][ T24] usb 2-1: selecting invalid altsetting 0 [ 309.519310][ T24] usbtest 2-1:220.1: probe with driver usbtest failed with error -22 [ 309.530452][ T24] usb 2-1: USB disconnect, device number 6 [ 309.560440][ T6922] bcachefs (loop5): shutting down [ 309.637335][ T7667] loop2: detected capacity change from 0 to 256 [ 309.717388][ T7667] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 309.727587][ T6922] bcachefs (loop5): shutdown complete [ 309.758898][ T7667] FAT-fs (loop2): Filesystem has been set read-only [ 309.929260][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.748505][ T7669] loop0: detected capacity change from 0 to 8192 [ 312.016823][ T7699] loop4: detected capacity change from 0 to 128 [ 313.731253][ T7713] loop1: detected capacity change from 0 to 16 [ 314.083452][ T7717] netlink: 8 bytes leftover after parsing attributes in process `syz.2.410'. [ 314.093017][ T7717] netlink: 'syz.2.410': attribute type 5 has an invalid length. [ 314.100982][ T7717] netlink: 28 bytes leftover after parsing attributes in process `syz.2.410'. [ 314.119437][ T7717] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 314.128335][ T7717] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 314.137212][ T7717] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 314.145980][ T7717] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 314.154866][ T7717] geneve2: entered promiscuous mode [ 314.160184][ T7717] geneve2: entered allmulticast mode [ 314.712734][ T7713] erofs (device loop1): mounted with root inode @ nid 36. [ 315.624648][ T5836] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 316.082753][ T7727] affs: No valid root block on device nullb0 [ 316.400577][ T5836] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 317.495975][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.507289][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.047454][ T5836] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 318.071116][ T5836] usb 5-1: config 220 has an invalid descriptor of length 101, skipping remainder of the config [ 318.087166][ T5836] usb 5-1: config 220 has no interface number 2 [ 318.093819][ T5836] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 318.107359][ T5836] usb 5-1: config 220 interface 0 has no altsetting 0 [ 318.114297][ T5836] usb 5-1: config 220 interface 76 has no altsetting 0 [ 318.121388][ T5836] usb 5-1: config 220 interface 1 has no altsetting 0 [ 318.146589][ T5836] usb 5-1: string descriptor 0 read error: -71 [ 318.153071][ T5836] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 318.162802][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.177194][ T5836] usb 5-1: can't set config #220, error -71 [ 318.186466][ T5836] usb 5-1: USB disconnect, device number 8 [ 320.030075][ T7764] loop0: detected capacity change from 0 to 128 [ 320.053186][ T7754] loop2: detected capacity change from 0 to 8192 [ 320.122152][ T7764] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 320.743267][ T7768] loop5: detected capacity change from 0 to 2048 [ 320.896268][ T5977] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 320.911130][ T7772] lo speed is unknown, defaulting to 1000 [ 321.014204][ T7768] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 321.195245][ T5977] usb 5-1: Using ep0 maxpacket: 32 [ 321.230654][ T5977] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 321.249764][ T7777] loop1: detected capacity change from 0 to 2048 [ 321.282243][ T5977] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 321.327220][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 321.336148][ T7780] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 321.378502][ T5977] usb 5-1: Product: syz [ 321.382830][ T5977] usb 5-1: Manufacturer: syz [ 321.392934][ T7777] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 321.413857][ T5977] usb 5-1: SerialNumber: syz [ 321.422761][ T7768] overlayfs: missing 'lowerdir' [ 321.459195][ T5977] usb 5-1: config 0 descriptor?? [ 321.505541][ T7759] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 321.652073][ T5896] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 321.864304][ T5896] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 321.902928][ T5896] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 321.951365][ T5896] usb 1-1: config 220 has an invalid descriptor of length 101, skipping remainder of the config [ 322.003980][ T5896] usb 1-1: config 220 has no interface number 2 [ 322.849975][ T5896] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 322.863495][ T5896] usb 1-1: config 220 interface 0 has no altsetting 0 [ 322.870455][ T5896] usb 1-1: config 220 interface 76 has no altsetting 0 [ 322.878353][ T5896] usb 1-1: config 220 interface 1 has no altsetting 0 [ 322.909412][ T5896] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 322.926690][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.934742][ T5896] usb 1-1: Product: syz [ 322.939058][ T5896] usb 1-1: Manufacturer: syz [ 322.943788][ T5896] usb 1-1: SerialNumber: syz [ 323.075663][ T5977] usb 5-1: USB disconnect, device number 9 [ 323.296296][ T5896] usb 1-1: selecting invalid altsetting 0 [ 323.302509][ T5896] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 324.071933][ T5896] usb 1-1: No valid video chain found. [ 324.107326][ T5896] usb 1-1: selecting invalid altsetting 0 [ 324.113387][ T5896] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 324.177639][ T5896] usb 1-1: USB disconnect, device number 9 [ 324.625904][ T5896] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 325.000242][ T7826] loop5: detected capacity change from 0 to 1024 [ 325.054862][ T7826] hfsplus: invalid btree extent records (0 size) [ 325.061543][ T7826] hfsplus: failed to load attributes file [ 325.087767][ T7827] netlink: 'syz.4.437': attribute type 12 has an invalid length. [ 325.170876][ T5896] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 325.207619][ T5896] usb 1-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 325.229183][ T7829] loop1: detected capacity change from 0 to 64 [ 325.245472][ T5896] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 326.153297][ T5896] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 326.169915][ T5896] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 326.180004][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 326.195144][ T5896] usb 1-1: Product: syz [ 326.205857][ T5896] usb 1-1: Manufacturer: syz [ 326.216849][ T5896] cdc_wdm 1-1:1.0: skipping garbage [ 326.228436][ T5896] cdc_wdm 1-1:1.0: skipping garbage [ 326.233904][ T5896] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 328.397678][ T5962] usb 1-1: USB disconnect, device number 10 [ 328.967627][ T7868] loop0: detected capacity change from 0 to 16 [ 328.979963][ T7868] erofs (device loop0): mounted with root inode @ nid 36. [ 330.326631][ T5836] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 330.357116][ T5962] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 330.526260][ T5836] usb 2-1: Using ep0 maxpacket: 32 [ 330.615043][ T5836] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 331.301777][ T5836] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 331.317046][ T5962] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 331.325718][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 331.334323][ T5836] usb 2-1: Product: syz [ 331.437887][ T5962] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 331.776009][ T5836] usb 2-1: Manufacturer: syz [ 331.786310][ T5836] usb 2-1: SerialNumber: syz [ 331.926741][ T5836] usb 2-1: config 0 descriptor?? [ 331.940003][ T5962] usb 3-1: config 220 has an invalid descriptor of length 101, skipping remainder of the config [ 331.987816][ T7887] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 332.021840][ T5962] usb 3-1: config 220 has no interface number 2 [ 332.055980][ T5962] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 332.170854][ T5836] usb 2-1: can't set config #0, error -71 [ 332.201428][ T5836] usb 2-1: USB disconnect, device number 7 [ 332.967420][ T5962] usb 3-1: config 220 interface 0 has no altsetting 0 [ 332.974270][ T5962] usb 3-1: config 220 interface 76 has no altsetting 0 [ 333.031099][ T5962] usb 3-1: config 220 interface 1 has no altsetting 0 [ 333.035162][ T5962] usb 3-1: string descriptor 0 read error: -71 [ 333.035322][ T5962] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 333.035347][ T5962] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.067757][ T5962] usb 3-1: can't set config #220, error -71 [ 333.070470][ T5962] usb 3-1: USB disconnect, device number 11 [ 334.136088][ T7903] tty tty1: ldisc open failed (-12), clearing slot 0 [ 336.692591][ T7941] loop1: detected capacity change from 0 to 16 [ 337.181840][ T7941] erofs (device loop1): mounted with root inode @ nid 36. [ 337.292203][ T7941] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 337.430030][ T7941] erofs (device loop1): failed to decompress -29 in[58, 4038] out[1851] [ 337.516356][ T7949] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 337.740661][ T7941] erofs (device loop1): read error -117 @ 43 of nid 36 [ 338.152837][ T7949] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 338.833186][ T7949] erofs (device loop1): readahead error at folio 42 @ nid 36 [ 339.640442][ T7949] erofs (device loop1): bogus lookback distance 774 @ lcn 40 of nid 36 [ 339.984261][ T7949] erofs (device loop1): readahead error at folio 41 @ nid 36 [ 340.006134][ T7949] erofs (device loop1): bogus lookback distance 774 @ lcn 40 of nid 36 [ 340.129613][ T7949] erofs (device loop1): readahead error at folio 40 @ nid 36 [ 340.194700][ T7949] erofs (device loop1): readahead error at folio 39 @ nid 36 [ 340.208724][ T7949] erofs (device loop1): readahead error at folio 38 @ nid 36 [ 340.227588][ T7949] erofs (device loop1): readahead error at folio 36 @ nid 36 [ 340.262036][ T7949] erofs (device loop1): bogus lookback distance 1468 @ lcn 31 of nid 36 [ 340.270677][ T7949] erofs (device loop1): readahead error at folio 31 @ nid 36 [ 340.287186][ T7949] erofs (device loop1): readahead error at folio 25 @ nid 36 [ 340.295244][ T7949] erofs (device loop1): readahead error at folio 24 @ nid 36 [ 340.305966][ T7949] erofs (device loop1): readahead error at folio 19 @ nid 36 [ 340.320466][ T7949] syz.1.463: attempt to access beyond end of device [ 340.320466][ T7949] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 340.337376][ T7949] syz.1.463: attempt to access beyond end of device [ 340.337376][ T7949] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 340.404769][ T7949] syz.1.463: attempt to access beyond end of device [ 340.404769][ T7949] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 340.609463][ T7949] erofs (device loop1): failed to decompress -29 in[58, 4038] out[2639] [ 340.755208][ T7949] erofs (device loop1): bogus lookback distance 1586 @ lcn 46 of nid 36 [ 340.882517][ T7949] erofs (device loop1): readahead error at folio 47 @ nid 36 [ 341.026444][ T7949] erofs (device loop1): bogus lookback distance 1586 @ lcn 46 of nid 36 [ 341.120634][ T7949] erofs (device loop1): readahead error at folio 46 @ nid 36 [ 341.128331][ T7949] erofs (device loop1): readahead error at folio 45 @ nid 36 [ 341.136094][ T7949] syz.1.463: attempt to access beyond end of device [ 341.136094][ T7949] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 341.153399][ T7949] erofs (device loop1): failed to decompress -29 in[58, 4038] out[3537] [ 343.660224][ T7996] loop4: detected capacity change from 0 to 2048 [ 343.815737][ T7996] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 343.907656][ T8010] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 343.976661][ T5836] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 345.054175][ T5836] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 345.060864][ T8016] overlayfs: missing 'lowerdir' [ 345.458503][ T5836] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 345.818998][ T8020] ucma_write: process 410 (syz.1.481) changed security contexts after opening file descriptor, this is not allowed. [ 346.199950][ T5836] usb 3-1: config 220 has an invalid descriptor of length 101, skipping remainder of the config [ 346.231807][ T5836] usb 3-1: config 220 has no interface number 2 [ 346.239179][ T5836] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 346.252406][ T5836] usb 3-1: config 220 interface 0 has no altsetting 0 [ 346.260125][ T5836] usb 3-1: config 220 interface 76 has no altsetting 0 [ 346.267493][ T5836] usb 3-1: config 220 interface 1 has no altsetting 0 [ 346.276286][ T5836] usb 3-1: string descriptor 0 read error: -71 [ 346.282651][ T5836] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 346.292136][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.316793][ T5836] usb 3-1: can't set config #220, error -71 [ 346.479270][ T5836] usb 3-1: USB disconnect, device number 12 [ 349.489467][ T8061] loop5: detected capacity change from 0 to 4096 [ 349.506245][ T8061] EXT4-fs: Ignoring removed mblk_io_submit option [ 351.067488][ T8069] loop2: detected capacity change from 0 to 1024 [ 351.178378][ T8061] EXT4-fs (loop5): Test dummy encryption mode enabled [ 351.192533][ T8069] hfsplus: invalid btree extent records (0 size) [ 351.377175][ T8069] hfsplus: failed to load attributes file [ 352.370722][ T8061] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 352.635784][ T5962] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 353.569708][ T6922] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.604099][ T8093] loop2: detected capacity change from 0 to 2048 [ 353.618938][ T5962] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 353.675934][ T5962] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 353.684889][ T5962] usb 5-1: config 220 has an invalid descriptor of length 101, skipping remainder of the config [ 353.715577][ T5962] usb 5-1: config 220 has no interface number 2 [ 353.742720][ T5962] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 353.779203][ T8093] UDF-fs: error (device loop2): udf_read_inode: (ino 832) failed !bh [ 353.820029][ T5962] usb 5-1: config 220 interface 0 has no altsetting 0 [ 353.827712][ T8093] UDF-fs: error (device loop2): udf_fill_super: Error in udf_iget, block=48, partition=0 [ 353.847532][ T5962] usb 5-1: config 220 interface 76 has no altsetting 0 [ 353.854643][ T5962] usb 5-1: config 220 interface 1 has no altsetting 0 [ 353.855073][ T8106] loop0: detected capacity change from 0 to 16 [ 353.953381][ T5962] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 353.975693][ T5962] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.230686][ T8106] erofs (device loop0): mounted with root inode @ nid 36. [ 354.971188][ T5962] usb 5-1: Product: syz [ 355.017839][ T5962] usb 5-1: Manufacturer: syz [ 355.022605][ T5962] usb 5-1: SerialNumber: syz [ 355.309657][ T5854] Bluetooth: hci5: command 0x0405 tx timeout [ 355.668464][ T8093] loop2: detected capacity change from 0 to 256 [ 355.676204][ T8093] exfat: Unknown parameter '' [ 355.684832][ T5962] usb 5-1: can't set config #220, error -71 [ 355.754445][ T5962] usb 5-1: USB disconnect, device number 10 [ 358.829847][ T8137] loop2: detected capacity change from 0 to 1024 [ 359.263133][ T8137] hfsplus: invalid btree extent records (0 size) [ 359.280044][ T8137] hfsplus: failed to load attributes file [ 359.370840][ T8141] loop0: detected capacity change from 0 to 16 [ 359.456737][ T8141] erofs (device loop0): mounted with root inode @ nid 36. [ 362.052603][ T8168] loop4: detected capacity change from 0 to 8 [ 362.176429][ T8174] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 362.327134][ T5896] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 362.408728][ T8174] ------------[ cut here ]------------ [ 362.408840][ T8174] WARNING: CPU: 0 PID: 8174 at drivers/gpu/drm/vkms/vkms_crtc.c:97 vkms_get_vblank_timestamp+0x137/0x160 [ 362.408904][ T8174] Modules linked in: [ 362.409019][ T8174] CPU: 0 UID: 0 PID: 8174 Comm: syz.1.515 Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) [ 362.409064][ T8174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 362.409079][ T8174] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160 [ 362.409106][ T8174] Code: 42 80 3c 28 00 74 08 48 89 df e8 b4 05 34 fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d0 c7 79 05 cc e8 ca 8c d0 fb 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7 [ 362.409150][ T8174] RSP: 0018:ffffc900033472a8 EFLAGS: 00010287 [ 362.409230][ T8174] RAX: ffffffff85efd216 RBX: ffffc90003347420 RCX: 0000000000080000 [ 362.409270][ T8174] RDX: ffffc9000dd1a000 RSI: 000000000000477a RDI: 000000000000477b [ 362.409307][ T8174] RBP: 1ffff92000668e84 R08: ffffc900037a9000 R09: 0000000000000000 [ 362.409345][ T8174] R10: ffffc900037a9000 R11: ffffffff85efd0e0 R12: 000000545d818054 [ 362.409383][ T8174] R13: dffffc0000000000 R14: ffff88801b30c028 R15: 000000545d818054 [ 362.409421][ T8174] FS: 00007f36ef1f66c0(0000) GS:ffff888125c4d000(0000) knlGS:0000000000000000 [ 362.409464][ T8174] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 362.409516][ T8174] CR2: 00007f3055ce56c0 CR3: 000000002ebde000 CR4: 00000000003526f0 [ 362.409559][ T8174] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 362.409595][ T8174] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 362.409632][ T8174] Call Trace: [ 362.409667][ T8174] [ 362.409704][ T8174] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 362.409756][ T8174] drm_crtc_next_vblank_start+0x223/0x470 [ 362.409847][ T8174] ? __pfx_drm_crtc_next_vblank_start+0x10/0x10 [ 362.409902][ T8174] ? drm_gem_fb_vmap+0x230/0x8d0 [ 362.409986][ T8174] drm_atomic_helper_wait_for_fences+0x265/0x8c0 [ 362.410072][ T8174] ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10 [ 362.410121][ T8174] ? drm_atomic_helper_prepare_planes+0x670/0xb60 [ 362.410192][ T8174] drm_atomic_helper_commit+0x5c7/0xb10 [ 362.410256][ T8174] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 362.410305][ T8174] drm_atomic_commit+0x262/0x2c0 [ 362.410357][ T8174] ? __pfx_drm_atomic_commit+0x10/0x10 [ 362.410404][ T8174] ? __pfx___drm_printfn_info+0x10/0x10 [ 362.410481][ T8174] ? drm_client_rotation+0x47c/0x5b0 [ 362.410557][ T8174] drm_client_modeset_commit_atomic+0x620/0x760 [ 362.410668][ T8174] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 362.410788][ T8174] ? __pfx___mutex_lock+0x10/0x10 [ 362.410836][ T8174] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 362.410919][ T8174] drm_client_modeset_commit_locked+0xcb/0x4d0 [ 362.410970][ T8174] drm_fb_helper_pan_display+0x3e7/0xbd0 [ 362.411089][ T8174] fb_pan_display+0x39b/0x680 [ 362.411137][ T8174] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 362.411227][ T8174] fb_set_var+0x85a/0xf50 [ 362.411273][ T8174] ? lockdep_hardirqs_on+0x9c/0x150 [ 362.411313][ T8174] ? __pfx_fb_set_var+0x10/0x10 [ 362.411393][ T8174] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 362.411446][ T8174] ? irqentry_exit+0x74/0x90 [ 362.411491][ T8174] ? lockdep_hardirqs_on+0x9c/0x150 [ 362.411647][ T8174] do_fb_ioctl+0x63b/0x750 [ 362.411704][ T8174] ? __pfx_do_fb_ioctl+0x10/0x10 [ 362.411825][ T8174] ? rcu_is_watching+0x15/0xb0 [ 362.411881][ T8174] ? trace_irq_disable+0x37/0x110 [ 362.411928][ T8174] ? preempt_schedule_irq+0xde/0x150 [ 362.411989][ T8174] ? irqentry_exit+0x74/0x90 [ 362.412032][ T8174] ? lockdep_hardirqs_on+0x9c/0x150 [ 362.412146][ T8174] ? __pfx_fb_ioctl+0x10/0x10 [ 362.412205][ T8174] __se_sys_ioctl+0xf9/0x170 [ 362.412263][ T8174] do_syscall_64+0xfa/0x3b0 [ 362.412312][ T8174] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.412355][ T8174] ? asm_sysvec_call_function_single+0x1a/0x20 [ 362.412377][ T8174] ? clear_bhb_loop+0x60/0xb0 [ 362.412404][ T8174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.412426][ T8174] RIP: 0033:0x7f36f138e929 [ 362.412491][ T8174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.412533][ T8174] RSP: 002b:00007f36ef1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 362.412606][ T8174] RAX: ffffffffffffffda RBX: 00007f36f15b6080 RCX: 00007f36f138e929 [ 362.412645][ T8174] RDX: 0000200000000240 RSI: 0000000000004601 RDI: 0000000000000006 [ 362.412683][ T8174] RBP: 00007f36f1410b39 R08: 0000000000000000 R09: 0000000000000000 [ 362.412721][ T8174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.412757][ T8174] R13: 0000000000000000 R14: 00007f36f15b6080 R15: 00007ffda7f61528 [ 362.412867][ T8174] [ 362.412905][ T8174] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 362.412922][ T8174] CPU: 0 UID: 0 PID: 8174 Comm: syz.1.515 Not tainted 6.15.0-next-20250606-syzkaller #0 PREEMPT(full) [ 362.412945][ T8174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 362.412958][ T8174] Call Trace: [ 362.412967][ T8174] [ 362.412976][ T8174] dump_stack_lvl+0x99/0x250 [ 362.412998][ T8174] ? __asan_memcpy+0x40/0x70 [ 362.413028][ T8174] ? __pfx_dump_stack_lvl+0x10/0x10 [ 362.413048][ T8174] ? __pfx__printk+0x10/0x10 [ 362.413089][ T8174] panic+0x2db/0x790 [ 362.413126][ T8174] ? __pfx_panic+0x10/0x10 [ 362.413152][ T8174] ? show_trace_log_lvl+0x4fb/0x550 [ 362.413237][ T8174] __warn+0x31b/0x4b0 [ 362.413265][ T8174] ? vkms_get_vblank_timestamp+0x137/0x160 [ 362.413294][ T8174] ? vkms_get_vblank_timestamp+0x137/0x160 [ 362.413317][ T8174] report_bug+0x2be/0x4f0 [ 362.413338][ T8174] ? vkms_get_vblank_timestamp+0x137/0x160 [ 362.413362][ T8174] ? vkms_get_vblank_timestamp+0x137/0x160 [ 362.413385][ T8174] ? vkms_get_vblank_timestamp+0x139/0x160 [ 362.413408][ T8174] handle_bug+0x84/0x160 [ 362.413433][ T8174] exc_invalid_op+0x1a/0x50 [ 362.413456][ T8174] asm_exc_invalid_op+0x1a/0x20 [ 362.413475][ T8174] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160 [ 362.413498][ T8174] Code: 42 80 3c 28 00 74 08 48 89 df e8 b4 05 34 fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d0 c7 79 05 cc e8 ca 8c d0 fb 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7 [ 362.413513][ T8174] RSP: 0018:ffffc900033472a8 EFLAGS: 00010287 [ 362.413531][ T8174] RAX: ffffffff85efd216 RBX: ffffc90003347420 RCX: 0000000000080000 [ 362.413545][ T8174] RDX: ffffc9000dd1a000 RSI: 000000000000477a RDI: 000000000000477b [ 362.413558][ T8174] RBP: 1ffff92000668e84 R08: ffffc900037a9000 R09: 0000000000000000 [ 362.413571][ T8174] R10: ffffc900037a9000 R11: ffffffff85efd0e0 R12: 000000545d818054 [ 362.413586][ T8174] R13: dffffc0000000000 R14: ffff88801b30c028 R15: 000000545d818054 [ 362.413606][ T8174] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 362.413629][ T8174] ? vkms_get_vblank_timestamp+0x136/0x160 [ 362.413657][ T8174] ? vkms_get_vblank_timestamp+0x136/0x160 [ 362.413676][ T8174] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 362.413700][ T8174] drm_crtc_next_vblank_start+0x223/0x470 [ 362.413736][ T8174] ? __pfx_drm_crtc_next_vblank_start+0x10/0x10 [ 362.413767][ T8174] ? drm_gem_fb_vmap+0x230/0x8d0 [ 362.413801][ T8174] drm_atomic_helper_wait_for_fences+0x265/0x8c0 [ 362.413838][ T8174] ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10 [ 362.413860][ T8174] ? drm_atomic_helper_prepare_planes+0x670/0xb60 [ 362.413899][ T8174] drm_atomic_helper_commit+0x5c7/0xb10 [ 362.413932][ T8174] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 362.413956][ T8174] drm_atomic_commit+0x262/0x2c0 [ 362.413984][ T8174] ? __pfx_drm_atomic_commit+0x10/0x10 [ 362.414007][ T8174] ? __pfx___drm_printfn_info+0x10/0x10 [ 362.414035][ T8174] ? drm_client_rotation+0x47c/0x5b0 [ 362.414082][ T8174] drm_client_modeset_commit_atomic+0x620/0x760 [ 362.414119][ T8174] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 362.414166][ T8174] ? __pfx___mutex_lock+0x10/0x10 [ 362.414196][ T8174] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 362.414231][ T8174] drm_client_modeset_commit_locked+0xcb/0x4d0 [ 362.414259][ T8174] drm_fb_helper_pan_display+0x3e7/0xbd0 [ 362.414301][ T8174] fb_pan_display+0x39b/0x680 [ 362.414325][ T8174] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 362.414355][ T8174] fb_set_var+0x85a/0xf50 [ 362.414376][ T8174] ? lockdep_hardirqs_on+0x9c/0x150 [ 362.414412][ T8174] ? __pfx_fb_set_var+0x10/0x10 [ 362.414441][ T8174] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 362.414469][ T8174] ? irqentry_exit+0x74/0x90 [ 362.414490][ T8174] ? lockdep_hardirqs_on+0x9c/0x150 [ 362.414550][ T8174] do_fb_ioctl+0x63b/0x750 [ 362.414579][ T8174] ? __pfx_do_fb_ioctl+0x10/0x10 [ 362.414621][ T8174] ? rcu_is_watching+0x15/0xb0 [ 362.414649][ T8174] ? trace_irq_disable+0x37/0x110 [ 362.414674][ T8174] ? preempt_schedule_irq+0xde/0x150 [ 362.414708][ T8174] ? irqentry_exit+0x74/0x90 [ 362.414729][ T8174] ? lockdep_hardirqs_on+0x9c/0x150 [ 362.414773][ T8174] ? __pfx_fb_ioctl+0x10/0x10 [ 362.414801][ T8174] __se_sys_ioctl+0xf9/0x170 [ 362.414836][ T8174] do_syscall_64+0xfa/0x3b0 [ 362.414860][ T8174] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.414879][ T8174] ? asm_sysvec_call_function_single+0x1a/0x20 [ 362.414899][ T8174] ? clear_bhb_loop+0x60/0xb0 [ 362.414925][ T8174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.414944][ T8174] RIP: 0033:0x7f36f138e929 [ 362.414963][ T8174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.414981][ T8174] RSP: 002b:00007f36ef1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 362.415003][ T8174] RAX: ffffffffffffffda RBX: 00007f36f15b6080 RCX: 00007f36f138e929 [ 362.415017][ T8174] RDX: 0000200000000240 RSI: 0000000000004601 RDI: 0000000000000006 [ 362.415031][ T8174] RBP: 00007f36f1410b39 R08: 0000000000000000 R09: 0000000000000000 [ 362.415045][ T8174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.415057][ T8174] R13: 0000000000000000 R14: 00007f36f15b6080 R15: 00007ffda7f61528 [ 362.415094][ T8174] [ 362.415408][ T8174] Kernel Offset: disabled