last executing test programs: 13m0.370241277s ago: executing program 4 (id=5): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000000)=0x7) syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000020000"], &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x90004) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) 12m57.935935117s ago: executing program 4 (id=18): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000100)={[{@data_err_abort}, {@test_dummy_encryption}]}, 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x11) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000440)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000cc0)=[{0x0}], 0x1, 0xfff, 0xc, 0x4) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0xc615, 0xb51, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="550a000000000000611108000000000018000000000000000000000000000000950000"], &(0x7f0000000000)='GPL\x00'}, 0x94) 12m51.740339387s ago: executing program 4 (id=26): connect$pptp(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x20) r1 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40580) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0xfffffffffffffe7a, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'}) r3 = open(0x0, 0x44842, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r4, 0x5607, 0x2c) ioctl$EVIOCSABS2F(r3, 0x401845ef, &(0x7f0000000180)={0x2, 0x3, 0xc1a, 0x0, 0x1d4, 0x83}) dup(0xffffffffffffffff) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, 0x0, &(0x7f0000000200)) r5 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_ACTIVATE(r5, 0x5606, 0x4) ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, &(0x7f0000000000)) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0185649, &(0x7f0000000140)={0xf000000, 0x7, 0x290, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x990a96, 0x7f, '\x00', @p_u32=0x0}}) 12m47.713081003s ago: executing program 0 (id=34): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000006c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x1, 0x41, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020) 12m46.944268901s ago: executing program 4 (id=35): r0 = creat(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa02, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x5, 0x2800, 0x9, 0x2, 0xba2, 0xc, 0x30, {0x8, 0x1}, 0xd0, 0x9}}) writev(0xffffffffffffffff, &(0x7f0000000100), 0x0) ioctl$I2C_PEC(r0, 0x708, 0x1ff) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r3 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r3, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz0\x00', 0x200002, 0x0) 12m45.642443742s ago: executing program 4 (id=37): creat(&(0x7f0000000000)='./file0\x00', 0xecf86c37d53049cc) r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x59455247, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r4, 0x4000) close(r4) socketpair$unix(0x1, 0x2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc0189374, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) 12m43.873219221s ago: executing program 4 (id=40): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x9, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0xfffffffe, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0x9, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x8000, 0x8, 0x400, 0x80, 0xfffffffe, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xfd, 0xe, 0x2be, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x2, 0xea4, 0xffffffff, 0x4, 0x7, 0x4, 0x5a7c, 0x420, 0x3fd, 0x1, 0xfffffffe, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x80000004, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x1, 0x8, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93693, 0x42, 0x3], [0x2, 0x408, 0x8004, 0x5, 0x7ff, 0x100, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x710, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x9, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6cff, 0x6, 0x1, 0x800003, 0x1ff, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa6, 0x7, 0xa9, 0x3, 0x9, 0xac8, 0xbb, 0x2, 0x3, 0x803, 0x12b, 0x8, 0x1, 0xfffffffa, 0x0, 0x5, 0x1f, 0x520000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb30, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb7, 0x7, 0x9, 0x2, 0x57, 0x5, 0x4d4, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x9, 0x0, 0x2, 0x5, 0xe7, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0xd1e5, 0x226, 0x7, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x401, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ioctl$F2FS_IOC_FLUSH_DEVICE(0xffffffffffffffff, 0x4008f50a, &(0x7f0000000080)={0x1, 0x5}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) timer_create(0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) 12m43.707055403s ago: executing program 0 (id=42): connect$pptp(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x20) r1 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40580) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) io_setup(0x8, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'}) r3 = open(0x0, 0x44842, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r4, 0x5607, 0x2c) ioctl$EVIOCSABS2F(r3, 0x401845ef, &(0x7f0000000180)={0x2, 0x3, 0xc1a, 0x0, 0x1d4, 0x83}) dup(0xffffffffffffffff) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, 0x0, &(0x7f0000000200)) r5 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_ACTIVATE(r5, 0x5606, 0x4) ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, &(0x7f0000000000)) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0185649, &(0x7f0000000140)={0xf000000, 0x7, 0x290, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x990a96, 0x7f, '\x00', @p_u32=0x0}}) 12m40.357133642s ago: executing program 0 (id=46): creat(&(0x7f0000000000)='./file0\x00', 0xecf86c37d53049cc) r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x59455247, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r4, 0x4000) close(r4) socketpair$unix(0x1, 0x2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc0189374, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) 12m38.074028359s ago: executing program 0 (id=49): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x0, &(0x7f0000000100), 0x1, 0x57e, &(0x7f00000005c0)="$eJzs3U1oHGUfAPD/zGbffuV90xcUVHooKlQo3ST90OqpvYqFQg+CFw2bbSjZZEM20SbkkN6L2IOo9FJvevCoePAgXjx6ErwonoVig0LTg67MfqRpvtzUJlszvx/M7jzz7Oz/eXb2/+zMMMMGkFtHs4c04umIuJhEDKyq64t25dHW65aXFsr3lhbKSTQal35NIomIu0sL5c7rk/bzoYhYjIinIuKbYsTxdH3c+tz8+Ei1WplulwdnJqYG63PzJ65MjIxVxiqTp156+czZ02eGTw6vXu1eY3WpuL2+Xv/pxrvXv3v11o1PPzuyWH5/JIlz0d+uW92PR6n1mRTj3Jrlp3ciWA8lvW4AD6XQzvMslZ6MgSi0s34jjYFdbRqwwxr7IhpATiXyH3Kqsx+QHf92pt3c/7h9vnUAksVdbk+tmr7WuYnY3zw2Ofhb8sCRSXa8eXg3G8qetHgtIob6+tZ//5P29+/hDT2KBrKjvj7f2lDrt3+6Mv7EBuNPf+fc6T/UGf+W141/9+MXNhn/LnYZ4483fv5o0/jXIp7ZMH6yEj/ZIH4aEW91Gf/m61+e3ayu8XHEsdg4fkey9fnhwctXqpWh1uOGMb46duSVrfp/cJP4rXO2+5s/M2v6fyhr01SX/f/i28+fXdwi/gvPbb39N/r8D0TEe13G///dT17brO72teROthew3e2fLbvVZfwXzx39scuXAgAAAAAAAAAA25A2r2VL0tLKfJqWSq17eJ+Ig2m1Vp85frk2OznauubtcBTTzpVWA61ykpWH29fjdson15RPFdoBCwea5VK5Vh3tcd8BAAAAAAAAAAAAAAAAAADgcXFozf3/vxea9/+v/btqYK/a/C+/gb1O/kN+PZj/Sc/aAew+v/+QWw35D/kl/yG/5D/kl/yH/JL/kF/yH/JL/gMAAAAAAAAAAAAAAAAAAAAAAAAAwI64eOFCNjXuLS2Us/Jo39zseO3tE6OV+nhpYrZcKtemp0pjtdpYtVIq1yb+7v2SWm1qKCZnrw7OVOozg/W5+TcnarOTSXzfrK4Ud6FPAAAAAAAAAAAAAAAAAAAA8G/T35yStBQRaXM+TUuliP9GxOEoJpevVCtDEfG/iPihUNyXlYd73WgAAAAAAAAAAAAAAAAAAADYY+pz8+Mj1Wplek/O7I+IB5f0bWf1iFh8tA3L3nHbaxXb2+px+VTN5GGmxwMTAAAAAAAAAAAAAAAAAADk0P2bfrtd48+dbRAAAAAAAAAAAAAAAAAAAADkUvpLEhHZdGzg+f61tf9JlgvN54h45+alD66OzMxMD2fL76wsn/mwvfxkL9oPdKuTp508BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6rz82Pj1SrlekdnOl1HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAexl8BAAD//5aV1q4=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x280008a, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030322c726f6469722c73686f72866e616d653d6d697865642c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=0,shortname=mixed,uni_xlate=0,shortname=winnt,\x00'], 0x96, 0x2a9, &(0x7f0000000500)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) io_setup(0x281, 0x0) io_submit(0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x4001, 0x0) 12m34.401474013s ago: executing program 0 (id=52): socket$kcm(0x29, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000680)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100cc9a, &(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x1, 0x2bd, &(0x7f0000000780)="$eJzs3UFrE08Yx/Hf7KZp/v+WurYVQTxVBU+lrRcRRJG8Ay+eRG1SKIYKWkG9WD0XDx579y34IjyJZ8GbJ19AwcPKzG6a2Wx2k7Yka+r3Aw3b3Znd58lsducJhBWAf9a95o9PN37aPyOFCqW6pEBSQ6pJuqCLjZc7u9u7nXarbEeh62H/jJKeJtdmc6edLmW22X6uRyqy/9U0762r5/bVOEGyyGl8P3aXkDf/7DFxHMcD1gfSrD/aZ2Xk96oOoGLmUIearToKAEDV3Ow/mfiHUjifztGDQLqW3vbt9t79f3pvoL/jRNVxVMrd/19poVt5xcaO7zm3qVfvuTLNbg+6VWLpToPBq+vptjATwLCq0sUS/Le13Wmvbj7rtAK9152U12zZvbayB/ejfZff9cqA2rTESLkfeeudWHMuhxmbw0ZB/EunP6IzU7jFf2NiyXwxX81DE+lALTf+Vi02dpjcSEV9I5XEv6Zske5xWUZJq4Isz7vel7KFfC5LP9JQfWH46uk+a37yUS/Okl6LfVkk2a0P6bU0sNfGkF7L/b16Z3Nxz3EzH8wDs6Jf+qzm0fjb9z5MLvXDP5m2jWuZnhml+dRcy8jdT9JP3d7lgS0Lrh4Yi3090U0tvHj95unjTqf9nIXRFrrX2b8lnhMtdE+CiR89dAsfJVWR+/7q7S2btlujdIo71oMqn2moEbvXTnP07n3n5MFXcE3CxPUG/ZgdB08FMX0C9/W/q/+8emXNTdbsS1RSjQwtor09rhfUBovu9f/iCi7DuK8e5ooruFFrrivXpasFR2we5HYbpXFOtbvqfoVjmvqmR978HwAAAAAAAAAAAAAAAAAAAFPhdD9viOPezxsaKmpcdY4AAAAAAAAAAAAAAAAAAAAAAEy7/PN/dWsCz//NyDz/976S/7LP/wUwBn8CAAD///0feS4=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x107042, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) writev(r0, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x69000}], 0x1) 12m27.826802495s ago: executing program 32 (id=40): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x9, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0xfffffffe, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0x9, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x0, 0x8000, 0x8, 0x400, 0x80, 0xfffffffe, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xfd, 0xe, 0x2be, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x2, 0xea4, 0xffffffff, 0x4, 0x7, 0x4, 0x5a7c, 0x420, 0x3fd, 0x1, 0xfffffffe, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x80000004, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x1, 0x8, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93693, 0x42, 0x3], [0x2, 0x408, 0x8004, 0x5, 0x7ff, 0x100, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x710, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x9, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6cff, 0x6, 0x1, 0x800003, 0x1ff, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa6, 0x7, 0xa9, 0x3, 0x9, 0xac8, 0xbb, 0x2, 0x3, 0x803, 0x12b, 0x8, 0x1, 0xfffffffa, 0x0, 0x5, 0x1f, 0x520000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb30, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb7, 0x7, 0x9, 0x2, 0x57, 0x5, 0x4d4, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x9, 0x0, 0x2, 0x5, 0xe7, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0xd1e5, 0x226, 0x7, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x401, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ioctl$F2FS_IOC_FLUSH_DEVICE(0xffffffffffffffff, 0x4008f50a, &(0x7f0000000080)={0x1, 0x5}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) timer_create(0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) 12m21.435310662s ago: executing program 0 (id=71): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x64040, 0xd0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x18557f, 0x0) socket$inet(0x2, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r2 = syz_open_dev$usbfs(0x0, 0x75, 0x0) ioctl$USBDEVFS_CLAIM_PORT(r2, 0x80045518, &(0x7f0000000000)=0x1) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_freezer_state(r3, 0x0, 0x2, 0x0) write$cgroup_freezer_state(r4, &(0x7f0000000040)='FROZEN\x00', 0x7) mkdirat$cgroup(r3, 0x0, 0x1ff) sendfile(r4, r4, 0x0, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2000000b, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x20, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x0}, 0x94) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) 12m5.848157887s ago: executing program 33 (id=71): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x64040, 0xd0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x18557f, 0x0) socket$inet(0x2, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r2 = syz_open_dev$usbfs(0x0, 0x75, 0x0) ioctl$USBDEVFS_CLAIM_PORT(r2, 0x80045518, &(0x7f0000000000)=0x1) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_freezer_state(r3, 0x0, 0x2, 0x0) write$cgroup_freezer_state(r4, &(0x7f0000000040)='FROZEN\x00', 0x7) mkdirat$cgroup(r3, 0x0, 0x1ff) sendfile(r4, r4, 0x0, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2000000b, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x20, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x0}, 0x94) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) 22.785324293s ago: executing program 3 (id=1035): openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @remote}, 0xc) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) symlinkat(&(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x8c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {0x0, 0xfff1}, {0x0, 0x8}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0x11, 0xff, 0x0, 0x0, 0xb, 0x23, 0x0, 0x0, 0x0, 0xa, 0x7d, 0xf4, 0xa], 0x1, [0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2000, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x4000]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x40400) ioctl$SG_IO(r1, 0x2285, &(0x7f00000033c0)={0x53, 0xfffffffffffffffd, 0x0, 0x68, @buffer={0xfb, 0x8a, &(0x7f0000000500)=""/138}, &(0x7f00000001c0), 0x0, 0x0, 0x10010, 0x4, 0x0}) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2416, &(0x7f0000000580)=ANY=[@ANYBLOB="e727dc07001f391e7dd7a2d786dd609907a623e02c03cb697a653e336f000000500000000000ff0200000000000000000000000000013200001200000000020090780000000369c46dea0006ff0800000000000000000000000000000001ff0200000000000000000000000000011d000000000000000502040100000000625d0000000000000502200010d492385c3783d3afa4087aac07f72281b3b12267af7a3550aa1c3df47e5193806438916ec2e867d21394d0ececf9700962d3e17e4bb578aafd31a3f1955010879ee9079424526f222aa9e6477366d11ceda8cc0a4a1008153a04ddaa531db1dc129d6fb8f95c13d752d80f25ce2b253934d9a86bdf503653d3730ada1509d9536c165576ddde5926db915dd86eb3e2a03a7e56c01f4067638d6b7a6b4e9712c66ed550b77c6e655dc71d08ae40755d11b56963a28dce50181d34e7c4b0caae8cf4b947526eecd89735717604aec2730381ca1b51ab01ed0a4c78a4ba64a733fec74ad4071ffb454d5a4e2e167705cc70cb4551a1892279fbf20f41698d06c87d4928fab8c35581c02c8b06d25f4cfab68bc929dad45297768657d0f9e3a28e4f385d3ab4f4ebc9a48469fcc680b11ae610a658ca37f442cb8abda0ca080fbfd107f702b3f57f6c29b827a6c9cd6c1a9d010a3eacb011178887d654d395a63fb718e6da50ad25840efb4801a6182f56836a03a91927cf013f3742d1491545656fddd952bbe35611dd164de5a822333d106f767e2b1fbbda7fd780c2ba8ba487e69e259bb1b9bfe90974aea4e9496999180776a13796b9c394f54ae1f6371556443be28b730502000c05028805040116050200040be4bb69246c6dd959322a3c6381cd5ecbbb7131ac5b4c10756fddad9452625b1f85dcb2db18d954111331928b8202efd022be464387d6ab7358c74e997342ee7eb1c46a817d6708b603963384c4499ef4dbf57fb3a40f974a32c25f0f9ae3953b921ea771007c951a3ed9237fc4a068fc39022aa39e70b1af46265c180eab098a06f6fd55b9ec6890f78ea1a3d5a17cac3a3887f13eeb3d163de914bcfbaf40a4a52a94901be888d6845fd4eb61ed9eebcfafb7588f7f92a12711672e4050f36e6a8695ef98eeb35f9f8f631207ba50c041580262f52bdfc87946bc87efba2e7eba9ea2f4a7072a8d83a045895d9642a081ddef313f45aa94fc70c117653ab8ddf92747a49c5c20a771233573e692d1caa10000000000003ec7000000000000c30013ea3bcc03cbfea3899367b93bc9545a9abe3e513929efb617a5c70410c64c077ec9040cc413710e4fbcf7d971af86cdf8d5f8f04948fcbf318c7894000412d280cc4b98548f990cb11035a6d48299cd0cc0cca098cab016c66c4f871549fd045f548fb2e631ae100ac591bb8dce8bee097201382fff6d7223c0d54b4b7457fa5c36d80f8ab1f398758bde615984169b6e3d03e2531bfd350ee870c7e137616c089ec2071084c33ae93acc654d7d64d521206e3a12615d4e3dde33269c8e1c3c8f5fcf1681e98ebd5cc9abda7b74fffe10398a7f701fdde69b21c9f9a2c983b7dadaf353d13332158ee52cc7d72901b495cd2ab3b8671b8fc6327a37ac9ff77c992f76caad41c6c2dcf5e3295526e9e22d2e2915f083909e0b86cd69e3df67c50b490565ae52389abfa1acbd02658039700fc092ae68e9138bfcf72f6062ee720a0f13e2040543acffd631a2289020fa5a5751aa6d3ff187aa9ddfe45d2d12195faee7de07c60a010a35d7d51c04e1ecb8bff31f16f8386961cb06e9bdf0c4b6cdd2ec48f4b7ee27a0a27a73ed401cd18a123556cb80161e25f82b24eab61a583cef1af2139260a8ca0b5931de46721a4901c50aacade1e4e25a5e01d8330f359fc397a9128f3a3c2d521452395c09c7a2bd0926b8df488eacaba377099c3bf06f99bc14b5b16cd3ec0bbb0608936666ada99db2082b191ffc38c886c04072c9f0a6a2288f39462e087b9e5bf89d1ee2ddd303cb05074370e8dabe7c107ae212597b0cbe71d42ee14546e25266c40fcf5f98cc9e2380f19e16c30e54424ff297608d94a3e9f49028b1cd29e483cd64d3b6125d450ee34cfcfd0b83e58c8e2933e5962354766be37b1a12571aaeb287acd79e002008f77d21a7d239e79c690c60b5bccbb8338807882658a4779944bdbc8cc6c23590f1761fb318367a7800129c9ed5ab8ae6648cc82e5b9e00a6838326180990b2bdc4a9271519926e7bdc4bd16ed9b4ab3b5abdeca97315ecd0642119a8a1fbc7a87f015dfd039e5fc6915765fe7acc93d8ac78be1a8b0dfcfc2038aa2d737c102fb3e77bbc5cd39c3e6a006f0570b1ad37cc650259c99d1603241594ea5fe0b48aed88840c3ba13aea15daad41ade985b593c59f3a93b539f00f78f24ce4fb7ddd4ebbc9020e3f841cea7beaaa52eb9ed256967f84428be67e440488648a414d0a0484575b2b05d6837a4afe032ddc0a86d5a628f1e035d90c767156620eac13d8060aef01e77c3bfa167893f5dd03ae7340923dc3538f3b4d1ca37d6f754e7a201c9b92841d8804da87b7c8cc9fa8c73bd39d76f6e4bb5f0b98fa6df4ef7f18cad7eb37650d3ffc2db89de2d500e89879c7c5b45cecefaf735cc8039061f8cba474c41fb8af5dd3dc941aefeb95e9ef7e96a6a20078778c9fe262e17833d19714eeca9db646aff7b21678759947668fa3905bb287158eb1e3b0854971ca7a5d5a19b0475db8cb7649135ab5578108f243c42ab6d6218ddb97f3dc7c6a4bd3a265fd22714bdd0bbfd62cffe88c08f8b02f4a22a7d5bd154818835129944705f4caeb7593b74cc94b26f10df52e06b3d18650328cd2f987fd73a15c28d107f9e212c9468f03af5d4653ee89cbd26ecd1de806e74f36e33ae3ff09e6d72bc27b272f64dfa800d2a8d28a40b4030a0419386eb1444d60ae010bd23e5b6dda29e4b7ab87cf9a817aca48ee35cce0041844f583ad520649bd28eeafb5657481d521f08ff6e96d8695d48c197fbc7dbf5c1a2b53acfcea775d27f6189951a7b5aecb79e1f4b65aba36f3ef8cb27f01b623bdb8fca0b6f8f95546567b353d917f29fa23534cb871cb1984098d2f82f4232675b6b818055abb72a49bda6b2c03575248b172452227b97480546cee59daf737dfac4eddbc3cfc59da07df0ed62d5b0819286316c6df03a85a54b318f2569945f43dc130eecf5c5563cc703c85f7540fbb3dbf0fd53fc8743472124e4f9ed5bb8cae75d7698122b9e94e55cce0d5afcdecaa6ca3cfe95e756857cd7bf4902a17614d7dc5e463eb8bb827168fc9188e4c51233df3089f79658485861d3d5f9ab7346a8c51afc17bb753d6be5f8c2eeeb02c1cfc8d9d54eec6f8220527485a51848394312233adc116d122a8bcfd2cf30ed63b48ef3e8007ff62017ecf621d465e75064d7e6aad3e7696fe88872074f1353c878fe7d81c053952740f1818129167c273ea1900145ebbc9f765553212561cf11a2a7c37be0918468030f55b18984042c64819e722a030002037cfcfd10ec8cff39a187b7282ac508c1d57847075c298bcb9bfc84df491593e043862642114a34f5672774c8727cbade0cbf1dd795d02ff01eaa95df1ac9849b45e2e78bf7a55b46ddea87e1bf58f4aa5a774be80da1ea488d7300b2b39f2589bb0b4d6de1823"], 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010000000800000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x4008000) 20.46008883s ago: executing program 3 (id=1037): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) select(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r4 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f00000002c0)={r4, 0x0, 0x0, 0x8000}) r6 = fcntl$dupfd(r5, 0x406, r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r6}) 18.600588721s ago: executing program 1 (id=1039): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r2, &(0x7f00000083c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) syz_fuse_handle_req(r2, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) getdents64(r4, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x8, @empty, 0x2}}}, 0x108) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=""/40, 0x0) msgctl$MSG_INFO(0x0, 0xc, &(0x7f00000003c0)=""/82) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, &(0x7f0000000040)=0x2, 0x4) sync() sched_setattr(0x0, 0x0, 0x0) 17.382174832s ago: executing program 3 (id=1040): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000080), 0x10) connect$can_bcm(r0, &(0x7f0000000340), 0x10) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000040)=0x39cb, 0x4) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x11) ioctl$TIOCVHANGUP(r5, 0x5437, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x14880, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x20004041, 0x0, 0x0) connect$inet6(r4, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x618b37b523276f6c}, 0x20000000) r6 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_ERRQUEUE(r6, 0x6b, 0x3, 0x0, 0x0) 16.45230478s ago: executing program 2 (id=1041): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, 0x0) 15.217651024s ago: executing program 1 (id=1042): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_opts(r1, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) ioctl$EVIOCSMASK(r6, 0x40104593, &(0x7f0000000000)={0x1, 0x0, 0x0}) 14.487850139s ago: executing program 5 (id=1043): openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @remote}, 0xc) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) symlinkat(&(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x8c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {0x0, 0xfff1}, {0x0, 0x8}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0x11, 0xff, 0x0, 0x0, 0xb, 0x23, 0x0, 0x0, 0x0, 0xa, 0x7d, 0xf4, 0xa], 0x1, [0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2000, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x4000]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x40400) ioctl$SG_IO(r1, 0x2285, &(0x7f00000033c0)={0x53, 0xfffffffffffffffd, 0x0, 0x68, @buffer={0xfb, 0x8a, &(0x7f0000000500)=""/138}, &(0x7f00000001c0), 0x0, 0x0, 0x10010, 0x4, 0x0}) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2416, &(0x7f0000000580)=ANY=[@ANYBLOB="e727dc07001f391e7dd7a2d786dd609907a623e02c03cb697a653e336f000000500000000000ff0200000000000000000000000000013200001200000000020090780000000369c46dea0006ff0800000000000000000000000000000001ff0200000000000000000000000000011d000000000000000502040100000000625d0000000000000502200010d492385c3783d3afa4087aac07f72281b3b12267af7a3550aa1c3df47e5193806438916ec2e867d21394d0ececf9700962d3e17e4bb578aafd31a3f1955010879ee9079424526f222aa9e6477366d11ceda8cc0a4a1008153a04ddaa531db1dc129d6fb8f95c13d752d80f25ce2b253934d9a86bdf503653d3730ada1509d9536c165576ddde5926db915dd86eb3e2a03a7e56c01f4067638d6b7a6b4e9712c66ed550b77c6e655dc71d08ae40755d11b56963a28dce50181d34e7c4b0caae8cf4b947526eecd89735717604aec2730381ca1b51ab01ed0a4c78a4ba64a733fec74ad4071ffb454d5a4e2e167705cc70cb4551a1892279fbf20f41698d06c87d4928fab8c35581c02c8b06d25f4cfab68bc929dad45297768657d0f9e3a28e4f385d3ab4f4ebc9a48469fcc680b11ae610a658ca37f442cb8abda0ca080fbfd107f702b3f57f6c29b827a6c9cd6c1a9d010a3eacb011178887d654d395a63fb718e6da50ad25840efb4801a6182f56836a03a91927cf013f3742d1491545656fddd952bbe35611dd164de5a822333d106f767e2b1fbbda7fd780c2ba8ba487e69e259bb1b9bfe90974aea4e9496999180776a13796b9c394f54ae1f6371556443be28b730502000c05028805040116050200040be4bb69246c6dd959322a3c6381cd5ecbbb7131ac5b4c10756fddad9452625b1f85dcb2db18d954111331928b8202efd022be464387d6ab7358c74e997342ee7eb1c46a817d6708b603963384c4499ef4dbf57fb3a40f974a32c25f0f9ae3953b921ea771007c951a3ed9237fc4a068fc39022aa39e70b1af46265c180eab098a06f6fd55b9ec6890f78ea1a3d5a17cac3a3887f13eeb3d163de914bcfbaf40a4a52a94901be888d6845fd4eb61ed9eebcfafb7588f7f92a12711672e4050f36e6a8695ef98eeb35f9f8f631207ba50c041580262f52bdfc87946bc87efba2e7eba9ea2f4a7072a8d83a045895d9642a081ddef313f45aa94fc70c117653ab8ddf92747a49c5c20a771233573e692d1caa10000000000003ec7000000000000c30013ea3bcc03cbfea3899367b93bc9545a9abe3e513929efb617a5c70410c64c077ec9040cc413710e4fbcf7d971af86cdf8d5f8f04948fcbf318c7894000412d280cc4b98548f990cb11035a6d48299cd0cc0cca098cab016c66c4f871549fd045f548fb2e631ae100ac591bb8dce8bee097201382fff6d7223c0d54b4b7457fa5c36d80f8ab1f398758bde615984169b6e3d03e2531bfd350ee870c7e137616c089ec2071084c33ae93acc654d7d64d521206e3a12615d4e3dde33269c8e1c3c8f5fcf1681e98ebd5cc9abda7b74fffe10398a7f701fdde69b21c9f9a2c983b7dadaf353d13332158ee52cc7d72901b495cd2ab3b8671b8fc6327a37ac9ff77c992f76caad41c6c2dcf5e3295526e9e22d2e2915f083909e0b86cd69e3df67c50b490565ae52389abfa1acbd02658039700fc092ae68e9138bfcf72f6062ee720a0f13e2040543acffd631a2289020fa5a5751aa6d3ff187aa9ddfe45d2d12195faee7de07c60a010a35d7d51c04e1ecb8bff31f16f8386961cb06e9bdf0c4b6cdd2ec48f4b7ee27a0a27a73ed401cd18a123556cb80161e25f82b24eab61a583cef1af2139260a8ca0b5931de46721a4901c50aacade1e4e25a5e01d8330f359fc397a9128f3a3c2d521452395c09c7a2bd0926b8df488eacaba377099c3bf06f99bc14b5b16cd3ec0bbb0608936666ada99db2082b191ffc38c886c04072c9f0a6a2288f39462e087b9e5bf89d1ee2ddd303cb05074370e8dabe7c107ae212597b0cbe71d42ee14546e25266c40fcf5f98cc9e2380f19e16c30e54424ff297608d94a3e9f49028b1cd29e483cd64d3b6125d450ee34cfcfd0b83e58c8e2933e5962354766be37b1a12571aaeb287acd79e002008f77d21a7d239e79c690c60b5bccbb8338807882658a4779944bdbc8cc6c23590f1761fb318367a7800129c9ed5ab8ae6648cc82e5b9e00a6838326180990b2bdc4a9271519926e7bdc4bd16ed9b4ab3b5abdeca97315ecd0642119a8a1fbc7a87f015dfd039e5fc6915765fe7acc93d8ac78be1a8b0dfcfc2038aa2d737c102fb3e77bbc5cd39c3e6a006f0570b1ad37cc650259c99d1603241594ea5fe0b48aed88840c3ba13aea15daad41ade985b593c59f3a93b539f00f78f24ce4fb7ddd4ebbc9020e3f841cea7beaaa52eb9ed256967f84428be67e440488648a414d0a0484575b2b05d6837a4afe032ddc0a86d5a628f1e035d90c767156620eac13d8060aef01e77c3bfa167893f5dd03ae7340923dc3538f3b4d1ca37d6f754e7a201c9b92841d8804da87b7c8cc9fa8c73bd39d76f6e4bb5f0b98fa6df4ef7f18cad7eb37650d3ffc2db89de2d500e89879c7c5b45cecefaf735cc8039061f8cba474c41fb8af5dd3dc941aefeb95e9ef7e96a6a20078778c9fe262e17833d19714eeca9db646aff7b21678759947668fa3905bb287158eb1e3b0854971ca7a5d5a19b0475db8cb7649135ab5578108f243c42ab6d6218ddb97f3dc7c6a4bd3a265fd22714bdd0bbfd62cffe88c08f8b02f4a22a7d5bd154818835129944705f4caeb7593b74cc94b26f10df52e06b3d18650328cd2f987fd73a15c28d107f9e212c9468f03af5d4653ee89cbd26ecd1de806e74f36e33ae3ff09e6d72bc27b272f64dfa800d2a8d28a40b4030a0419386eb1444d60ae010bd23e5b6dda29e4b7ab87cf9a817aca48ee35cce0041844f583ad520649bd28eeafb5657481d521f08ff6e96d8695d48c197fbc7dbf5c1a2b53acfcea775d27f6189951a7b5aecb79e1f4b65aba36f3ef8cb27f01b623bdb8fca0b6f8f95546567b353d917f29fa23534cb871cb1984098d2f82f4232675b6b818055abb72a49bda6b2c03575248b172452227b97480546cee59daf737dfac4eddbc3cfc59da07df0ed62d5b0819286316c6df03a85a54b318f2569945f43dc130eecf5c5563cc703c85f7540fbb3dbf0fd53fc8743472124e4f9ed5bb8cae75d7698122b9e94e55cce0d5afcdecaa6ca3cfe95e756857cd7bf4902a17614d7dc5e463eb8bb827168fc9188e4c51233df3089f79658485861d3d5f9ab7346a8c51afc17bb753d6be5f8c2eeeb02c1cfc8d9d54eec6f8220527485a51848394312233adc116d122a8bcfd2cf30ed63b48ef3e8007ff62017ecf621d465e75064d7e6aad3e7696fe88872074f1353c878fe7d81c053952740f1818129167c273ea1900145ebbc9f765553212561cf11a2a7c37be0918468030f55b18984042c64819e722a030002037cfcfd10ec8cff39a187b7282ac508c1d57847075c298bcb9bfc84df491593e043862642114a34f5672774c8727cbade0cbf1dd795d02ff01eaa95df1ac9849b45e2e78bf7a55b46ddea87e1bf58f4aa5a774be80da1ea488d7300b2b39f2589bb0b4d6de1823"], 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0100000008000000000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x4008000) 13.270086872s ago: executing program 1 (id=1044): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) ioprio_get$pid(0x2, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x2) sendto$inet6(r1, 0x0, 0x0, 0x40, &(0x7f00000001c0)={0xa, 0x4e20, 0x7ff, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x1c) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a0, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x1d8, 0x2e0, 0x2e0, 0x1d8, 0x2e0, 0x3, 0x0, {[{{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_batadv\x00', 'team_slave_1\x00'}, 0x300, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2fc) r4 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f0000005fc0), &(0x7f0000006000)=0xc) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x48850) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/82, 0x28000, 0x800}, 0x20) 13.221775854s ago: executing program 2 (id=1045): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x1f}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x0, 0xf5000000}, 0x0) setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000400)=0x2, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, 0x0, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xd}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(0x3) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r8, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}}) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0) 10.321661547s ago: executing program 5 (id=1046): openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @remote}, 0xc) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) symlinkat(&(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x8c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {0x0, 0xfff1}, {0x0, 0x8}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0x11, 0xff, 0x0, 0x0, 0xb, 0x23, 0x0, 0x0, 0x0, 0xa, 0x7d, 0xf4, 0xa], 0x1, [0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2000, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x4000]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x40400) ioctl$SG_IO(r1, 0x2285, &(0x7f00000033c0)={0x53, 0xfffffffffffffffd, 0x0, 0x68, @buffer={0xfb, 0x8a, &(0x7f0000000500)=""/138}, &(0x7f00000001c0), 0x0, 0x0, 0x10010, 0x4, 0x0}) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2416, &(0x7f0000000580)=ANY=[@ANYBLOB="e727dc07001f391e7dd7a2d786dd609907a623e02c03cb697a653e336f000000500000000000ff0200000000000000000000000000013200001200000000020090780000000369c46dea0006ff0800000000000000000000000000000001ff0200000000000000000000000000011d000000000000000502040100000000625d0000000000000502200010d492385c3783d3afa4087aac07f72281b3b12267af7a3550aa1c3df47e5193806438916ec2e867d21394d0ececf9700962d3e17e4bb578aafd31a3f1955010879ee9079424526f222aa9e6477366d11ceda8cc0a4a1008153a04ddaa531db1dc129d6fb8f95c13d752d80f25ce2b253934d9a86bdf503653d3730ada1509d9536c165576ddde5926db915dd86eb3e2a03a7e56c01f4067638d6b7a6b4e9712c66ed550b77c6e655dc71d08ae40755d11b56963a28dce50181d34e7c4b0caae8cf4b947526eecd89735717604aec2730381ca1b51ab01ed0a4c78a4ba64a733fec74ad4071ffb454d5a4e2e167705cc70cb4551a1892279fbf20f41698d06c87d4928fab8c35581c02c8b06d25f4cfab68bc929dad45297768657d0f9e3a28e4f385d3ab4f4ebc9a48469fcc680b11ae610a658ca37f442cb8abda0ca080fbfd107f702b3f57f6c29b827a6c9cd6c1a9d010a3eacb011178887d654d395a63fb718e6da50ad25840efb4801a6182f56836a03a91927cf013f3742d1491545656fddd952bbe35611dd164de5a822333d106f767e2b1fbbda7fd780c2ba8ba487e69e259bb1b9bfe90974aea4e9496999180776a13796b9c394f54ae1f6371556443be28b730502000c05028805040116050200040be4bb69246c6dd959322a3c6381cd5ecbbb7131ac5b4c10756fddad9452625b1f85dcb2db18d954111331928b8202efd022be464387d6ab7358c74e997342ee7eb1c46a817d6708b603963384c4499ef4dbf57fb3a40f974a32c25f0f9ae3953b921ea771007c951a3ed9237fc4a068fc39022aa39e70b1af46265c180eab098a06f6fd55b9ec6890f78ea1a3d5a17cac3a3887f13eeb3d163de914bcfbaf40a4a52a94901be888d6845fd4eb61ed9eebcfafb7588f7f92a12711672e4050f36e6a8695ef98eeb35f9f8f631207ba50c041580262f52bdfc87946bc87efba2e7eba9ea2f4a7072a8d83a045895d9642a081ddef313f45aa94fc70c117653ab8ddf92747a49c5c20a771233573e692d1caa10000000000003ec7000000000000c30013ea3bcc03cbfea3899367b93bc9545a9abe3e513929efb617a5c70410c64c077ec9040cc413710e4fbcf7d971af86cdf8d5f8f04948fcbf318c7894000412d280cc4b98548f990cb11035a6d48299cd0cc0cca098cab016c66c4f871549fd045f548fb2e631ae100ac591bb8dce8bee097201382fff6d7223c0d54b4b7457fa5c36d80f8ab1f398758bde615984169b6e3d03e2531bfd350ee870c7e137616c089ec2071084c33ae93acc654d7d64d521206e3a12615d4e3dde33269c8e1c3c8f5fcf1681e98ebd5cc9abda7b74fffe10398a7f701fdde69b21c9f9a2c983b7dadaf353d13332158ee52cc7d72901b495cd2ab3b8671b8fc6327a37ac9ff77c992f76caad41c6c2dcf5e3295526e9e22d2e2915f083909e0b86cd69e3df67c50b490565ae52389abfa1acbd02658039700fc092ae68e9138bfcf72f6062ee720a0f13e2040543acffd631a2289020fa5a5751aa6d3ff187aa9ddfe45d2d12195faee7de07c60a010a35d7d51c04e1ecb8bff31f16f8386961cb06e9bdf0c4b6cdd2ec48f4b7ee27a0a27a73ed401cd18a123556cb80161e25f82b24eab61a583cef1af2139260a8ca0b5931de46721a4901c50aacade1e4e25a5e01d8330f359fc397a9128f3a3c2d521452395c09c7a2bd0926b8df488eacaba377099c3bf06f99bc14b5b16cd3ec0bbb0608936666ada99db2082b191ffc38c886c04072c9f0a6a2288f39462e087b9e5bf89d1ee2ddd303cb05074370e8dabe7c107ae212597b0cbe71d42ee14546e25266c40fcf5f98cc9e2380f19e16c30e54424ff297608d94a3e9f49028b1cd29e483cd64d3b6125d450ee34cfcfd0b83e58c8e2933e5962354766be37b1a12571aaeb287acd79e002008f77d21a7d239e79c690c60b5bccbb8338807882658a4779944bdbc8cc6c23590f1761fb318367a7800129c9ed5ab8ae6648cc82e5b9e00a6838326180990b2bdc4a9271519926e7bdc4bd16ed9b4ab3b5abdeca97315ecd0642119a8a1fbc7a87f015dfd039e5fc6915765fe7acc93d8ac78be1a8b0dfcfc2038aa2d737c102fb3e77bbc5cd39c3e6a006f0570b1ad37cc650259c99d1603241594ea5fe0b48aed88840c3ba13aea15daad41ade985b593c59f3a93b539f00f78f24ce4fb7ddd4ebbc9020e3f841cea7beaaa52eb9ed256967f84428be67e440488648a414d0a0484575b2b05d6837a4afe032ddc0a86d5a628f1e035d90c767156620eac13d8060aef01e77c3bfa167893f5dd03ae7340923dc3538f3b4d1ca37d6f754e7a201c9b92841d8804da87b7c8cc9fa8c73bd39d76f6e4bb5f0b98fa6df4ef7f18cad7eb37650d3ffc2db89de2d500e89879c7c5b45cecefaf735cc8039061f8cba474c41fb8af5dd3dc941aefeb95e9ef7e96a6a20078778c9fe262e17833d19714eeca9db646aff7b21678759947668fa3905bb287158eb1e3b0854971ca7a5d5a19b0475db8cb7649135ab5578108f243c42ab6d6218ddb97f3dc7c6a4bd3a265fd22714bdd0bbfd62cffe88c08f8b02f4a22a7d5bd154818835129944705f4caeb7593b74cc94b26f10df52e06b3d18650328cd2f987fd73a15c28d107f9e212c9468f03af5d4653ee89cbd26ecd1de806e74f36e33ae3ff09e6d72bc27b272f64dfa800d2a8d28a40b4030a0419386eb1444d60ae010bd23e5b6dda29e4b7ab87cf9a817aca48ee35cce0041844f583ad520649bd28eeafb5657481d521f08ff6e96d8695d48c197fbc7dbf5c1a2b53acfcea775d27f6189951a7b5aecb79e1f4b65aba36f3ef8cb27f01b623bdb8fca0b6f8f95546567b353d917f29fa23534cb871cb1984098d2f82f4232675b6b818055abb72a49bda6b2c03575248b172452227b97480546cee59daf737dfac4eddbc3cfc59da07df0ed62d5b0819286316c6df03a85a54b318f2569945f43dc130eecf5c5563cc703c85f7540fbb3dbf0fd53fc8743472124e4f9ed5bb8cae75d7698122b9e94e55cce0d5afcdecaa6ca3cfe95e756857cd7bf4902a17614d7dc5e463eb8bb827168fc9188e4c51233df3089f79658485861d3d5f9ab7346a8c51afc17bb753d6be5f8c2eeeb02c1cfc8d9d54eec6f8220527485a51848394312233adc116d122a8bcfd2cf30ed63b48ef3e8007ff62017ecf621d465e75064d7e6aad3e7696fe88872074f1353c878fe7d81c053952740f1818129167c273ea1900145ebbc9f765553212561cf11a2a7c37be0918468030f55b18984042c64819e722a030002037cfcfd10ec8cff39a187b7282ac508c1d57847075c298bcb9bfc84df491593e043862642114a34f5672774c8727cbade0cbf1dd795d02ff01eaa95df1ac9849b45e2e78bf7a55b46ddea87e1bf58f4aa5a774be80da1ea488d7300b2b39f2589bb0b4d6de1823"], 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010000000800000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x4008000) 10.31964393s ago: executing program 2 (id=1056): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) fsopen(0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r1, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4) recvmmsg(r1, &(0x7f00000002c0), 0x220, 0x100, 0x0) 9.463242937s ago: executing program 5 (id=1047): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file1\x00', 0x2000040, &(0x7f0000000000)={[{@codepage={'codepage', 0x3d, 'cp949'}}, {@uid}, {@iocharset={'iocharset', 0x3d, 'cp936'}}]}, 0x1, 0x302, &(0x7f00000008c0)="$eJzs3c9qE0EcB/DvTDZt+oe6thXBi6Va0Eux6qF4iUiu3j2J2qQQXCq2FdSLrXgUH8C7r+DFN/Ci+AJ6EgQfoLeR+e1sskl2J6Yk2bT9fiDpZnZm9zfsbHZ+C82CiM6se7Wfn279ti8FlFACcAfQACpAAOACLlZe7Ow396NG3behkrSwL4W4peqps7XTyGpq20kLJ7SfAsyny9JU75bpmIwxd38VHQQVTs7+DBqYduehrK+MOa5ROQAuFx3DuKUPsDrCEV5iocBwiIhoArjrv3aXiXkpUtAaWHOX/VN1/T8qOoDhuh31FBlvg9T1X2Z3Rtnje05WtfM9SbTsep1kif0CseOj3FU2hXhkdUwwVb+sUmLRM9vNAOtbh6hrvEXVSVVblvd6PHQTfaJdzchNPfK3Vsb92bg3MqPsloS03Ywa03YhFX8SwdJge/T44l/9x/1VX9V39VCF+Ih6a/4XGGUPkxypsOtI6bKN/0b+luekla0F17Fqtao7qpyXnVxye3D69LKSnZGkt5ncIDhoReCLU/a9iM7bCnHvNvq0WspqFbY+5bRa7mhVciNhfetZ5L2VMhpJF9UH9UCt4i8+o5aa/2sb3xpSZ6bvq15JTTcy4v5MZdcMpGbYc+Vony4rrQic6YH7RkDe3bIc7/EEm1jYe/X6aSmKGrt24XHGwvP5XeVKyu+AzDpDXgiize5VJXha4aBdYqw3xvzvvswou3N9qBu03x+7G4hL7OmTVdmeZa0SPdLDdIYXat/gG5CTtXCYHhJdC8YAOatG9j1FE2RPJQddPgaYKToiGjM771Jx/iczeTerkwTFvoWeebo/yUTHFjdaGVznVHBR3mcHyuDm8jM4t0fVjBo3c3JGybmuXAOupgoVvHsMXZynhKrhBx7x/j8RERERERERERERERERERERERER0Ukzjn9CKLqPREREREREREREREREREREREREREREREQn3bGe/5v1G/Hy/N9wwOf/xk+Kkp8DX2mX9nv+LxENx78AAAD//1Lod7w=") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x0) mount$nfs(&(0x7f00000001c0)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) 9.438224958s ago: executing program 1 (id=1048): syz_usb_connect(0x3, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff], 0x1, 0x0, 0x1}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a09040000000006000000020000000900010073797a3000e2ff000900020073797a"], 0x90}}, 0x0) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 9.148283826s ago: executing program 3 (id=1049): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x301f}, 0x3}) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000000)='.dead\x00', &(0x7f0000000080)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) mount(0x0, &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x2, 0x0) 8.420754578s ago: executing program 5 (id=1050): syz_usb_connect(0x3, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3}, 0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300), 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff], 0x1, 0x0, 0x1}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000002140)='maps\x00') read$FUSE(r5, &(0x7f0000000000)={0x2020}, 0xfffffc7a) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) statx(0xffffffffffffffff, &(0x7f00000045c0)='./file0\x00', 0x6000, 0x0, &(0x7f0000004600)) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a09040000000006000000020000000900010073797a3000e2ff000900020073797a"], 0x90}}, 0x0) 7.601374282s ago: executing program 3 (id=1051): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file1\x00', 0x2000040, &(0x7f0000000000)={[{@codepage={'codepage', 0x3d, 'cp949'}}, {@uid}, {@iocharset={'iocharset', 0x3d, 'cp936'}}]}, 0x1, 0x302, &(0x7f00000008c0)="$eJzs3c9qE0EcB/DvTDZt+oe6thXBi6Va0Eux6qF4iUiu3j2J2qQQXCq2FdSLrXgUH8C7r+DFN/Ci+AJ6EgQfoLeR+e1sskl2J6Yk2bT9fiDpZnZm9zfsbHZ+C82CiM6se7Wfn279ti8FlFACcAfQACpAAOACLlZe7Ow396NG3behkrSwL4W4peqps7XTyGpq20kLJ7SfAsyny9JU75bpmIwxd38VHQQVTs7+DBqYduehrK+MOa5ROQAuFx3DuKUPsDrCEV5iocBwiIhoArjrv3aXiXkpUtAaWHOX/VN1/T8qOoDhuh31FBlvg9T1X2Z3Rtnje05WtfM9SbTsep1kif0CseOj3FU2hXhkdUwwVb+sUmLRM9vNAOtbh6hrvEXVSVVblvd6PHQTfaJdzchNPfK3Vsb92bg3MqPsloS03Ywa03YhFX8SwdJge/T44l/9x/1VX9V39VCF+Ih6a/4XGGUPkxypsOtI6bKN/0b+luekla0F17Fqtao7qpyXnVxye3D69LKSnZGkt5ncIDhoReCLU/a9iM7bCnHvNvq0WspqFbY+5bRa7mhVciNhfetZ5L2VMhpJF9UH9UCt4i8+o5aa/2sb3xpSZ6bvq15JTTcy4v5MZdcMpGbYc+Vony4rrQic6YH7RkDe3bIc7/EEm1jYe/X6aSmKGrt24XHGwvP5XeVKyu+AzDpDXgiize5VJXha4aBdYqw3xvzvvswou3N9qBu03x+7G4hL7OmTVdmeZa0SPdLDdIYXat/gG5CTtXCYHhJdC8YAOatG9j1FE2RPJQddPgaYKToiGjM771Jx/iczeTerkwTFvoWeebo/yUTHFjdaGVznVHBR3mcHyuDm8jM4t0fVjBo3c3JGybmuXAOupgoVvHsMXZynhKrhBx7x/j8RERERERERERERERERERERERER0Ukzjn9CKLqPREREREREREREREREREREREREREREREQn3bGe/5v1G/Hy/N9wwOf/xk+Kkp8DX2mX9nv+LxENx78AAAD//1Lod7w=") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001400), 0x1, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 5.813693697s ago: executing program 3 (id=1052): pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5760, 0x1) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000680)={'wlan0\x00'}) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x4, 0x0, 0x8000}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2}}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc54f3efb3ed3f6e5}, 0x51) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) connect$can_bcm(r4, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000100)={'vcan0\x00', 0x400}) close(r5) close(0x3) sendmmsg$inet6(r1, &(0x7f0000001580)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x6a3, @private1, 0x2}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000040)="1b", 0x1}], 0x1}}], 0x1, 0x40881) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) fstat(r5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, 0x0, &(0x7f0000000300), 0x4004, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@afid={'afid', 0x3d, 0x3f}}, {@version_u}, {@dfltuid={'dfltuid', 0x3d, r7}}, {@posixacl}, {@noextend}, {@aname={'aname', 0x3d, '(\\#'}}, {@access_client}, {@privport}], [{@subj_type={'subj_type', 0x3d, '{{\')'}}, {@measure}, {@fowner_gt={'fowner>', r8}}]}}) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000180)={'rti800\x00', [0x4f27, 0x5, 0x200009, 0x2, 0x5, 0x200, 0x6, 0x7, 0xa, 0x5000000, 0x1002, 0x80000, 0x1001, 0x8, 0x1e, 0x1, 0x0, 0x1a445, 0x3, 0x6, 0x81, 0xcaa7, 0x0, 0x1e58, 0x10000200, 0x3, 0x3c, 0x8, 0x7, 0x0, 0x5]}) 5.100336083s ago: executing program 5 (id=1053): recvmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@hci, 0x80, &(0x7f0000000280)=[{&(0x7f0000000200)=""/6, 0x6}, {&(0x7f0000000580)=""/132, 0x84}], 0x2}, 0x22) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1000008, &(0x7f0000000000)={[{@errors_remount}, {@bsdgroups}]}, 0x4, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3cGBgY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//TwTJNg==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) setxattr$incfs_size(&(0x7f0000000240)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340)=0x3, 0x8, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000d40)=ANY=[@ANYRES8=r5]) r6 = socket$key(0xf, 0x3, 0x2) sendmmsg(r6, &(0x7f00000000c0), 0x2c8, 0x0) 4.912346319s ago: executing program 1 (id=1054): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) select(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r4 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f00000002c0)={r4, 0x0, 0x0, 0x8000}) r6 = fcntl$dupfd(r5, 0x406, r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r6}) 4.796381099s ago: executing program 2 (id=1055): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, 0x0) 2.619003858s ago: executing program 5 (id=1057): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x1f}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x0, 0xf5000000}, 0x0) setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000400)=0x2, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, 0x0, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xd}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) close(0x3) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r8, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}}) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0) 2.528483234s ago: executing program 2 (id=1058): ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140)) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r1, 0x0, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = dup(r2) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r3, 0x0) syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000006480)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x6213, &(0x7f0000000240)="$eJzs3U9vHGcdB/Df7D//KW2jHqoSIeS2AVpK87eEQIG2Bzj0wgHlihK5bhWRAkoCSquIuMqFAy8ChMQREEdOvIAeuHLjBRApQQJ66qCxn8cZL96s43R31n4+H8md+c0z432m3x3vbmZmnwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4u3v//BMFRGXfpEWHIv4XPQjehErTb0WEStrx/L6g4h4Lraa49mIGC5FVLnx6YjXIuLjpyLu3b+13iw6u89+fO9Pf//dj574wd/+MDz1nz/f6L8+ab2bN3/977/cPvj+AgAAQInquq6r9DH/ePp83+u6UwDAXOTX/zrJy9ULV28uWH/UarVafQjrtnpvt9tFRGy2t2neMzgdDwCHzGZ80nUX6JD8izaIiCe67gSw0KquO8BM3Lt/a71K+Vbt14O17fZ8Lciu/Dernfs7Jk2nGb/GZF7PrzvRj2cm9GdlTn1YJDn/3nj+l7bbR2m9Wec/L5PyH23f+lScnH9/PP8xRyf/3p75lyrnP3ik/PvyBwAAAACABZb//f9Yx+d/lx5/V/blYed/1+bUBwAAAAAAAAD4rD3u+H87KuP/AQAAwKJqPqs3fvPUg2WTvoutWX6xinhybH2gMOlmmdWu+wEAAAAAAAAAAAAAJRlsX8N7sYoYRsSTq6t1XTc/beP1o3rc7Q+70vcfStb1H3kAANj28VNj9/JXEcsRcTF9199wdXW1rpdXVuvVemUpv58dLS3XK63PtXnaLFsa7eMN8WBUN79subVd27TPy9Pax39f81ijur+Pjs1Hh4EDQERsvxrd84p0xNT109H1uxwOB8f/0eP4Zz+6fp4CAAAAs1fXdV2lr/M+ns7597ruFAAwF/n1f/y8gFqtVqvV6qNXt9V7u90uImKzvU3znsFw/ABwyGzGJ113gQ7Jv2iDiHiu604AC63qugPMxL37t9arlG/Vfj1I47vna0F25b9ZbW2Xt99rOs34NSbzen7diX48M6E/z86pD4sk598bz//SdvsorTfr/OdlUv7Nfh7roD9dy/n3x/Mfc3Ty7+2Zf6ly/oNHyr8vfwAAAAAAWGD53/+PLdT539FBd2eqh53/XZvZowIAAAAAAADAbN27f2s93/eaz/9/YY/13P95NOX8K/kXKeef7v/fufDmpbH1+q35u289yP9f92+t//7GPz+fp/vNfynPVOmZVaVnRJUeqRqk6QF3bII7w/6oeaRh1esP0jU/9fDduBJXYyNO71q3l46HB+1ndrU3PR1utdf97fazu9oHO+15+3O72ofpSqd6JbefjPX4aVyNd7bam7alKfu/PKW9ntKe8+87/ouU8x+0fpr8V1N7NTZt3P2o93/HfXu61+O8eeWLvzo9+92Z6k70d/atrdm/Fzroz9b/kydG8fPrG9dO3rx848a1M5Emu5aejTT5jOX8h+kn5//Si9vt+e9++3i9+9HokfNfFHdiMDH/F1vzzf6+POe+dSHnP0o/Of93Uvvex/9hzn/y8f9KB/0BAAAAAAAAAAAAAACAh6nreusW0Tcj4ny6/6erezMBgPnKr/91kpfPq+4fdPs/7t6PrvqvVs+5rhasP3OtP61n/XhvL9T+qg9U/3fB+rNwdVu9tzfaRUT8tb1N857hl3v9MgBgkX0aEf/ouhN0Rv4Fy9/310xPdN0ZYK6uf/Dhjy9fvbpx7XrXPQEAAAAAAAAADiqP/7nWGv/5RF3Xt8fW2zX+61ux9rjjfw7yzM4AoxMGqu4/+j49TC+i32sNN/58TBr/e7gz97DxvwdTHm84pX00pX1pSvvylPY9b/Royfk/3xrv/EREHB8bfr2E8V/Hx7wvQc7/hdbzucn/K2PrtfOvf3uY8+/tyv/Ujfd/dur6Bx++euX9y+9tvLfxk3Nnzpw+d/78hQsXTr175erG6e3/dtjj2cr557GvXQdalpx/zlz+Zcn5fynV8i9Lzv/LqZZ/WXL++f2e/MuS88+ffeRflpz/y6mWf1ly/l9NtfzLkvN/JdXyL0vO/2upln9Zcv6vplr+Zcn5n0y1/MuS8z+V6n3mvzLrfjEfOf98hsvxX5acf76yQf5lyfmfTbX8y5LzP5dq+Zcl5/9aquVflpz/11Mt/7Lk/M+nWv5lyfl/I9XyL0vO/0Kq5V+WnP83Uy3/suT8v5Vq+Zcl5/96quVflpz/t1Mt/7Lk/L+TavmXJef/3VTLvyw5/zdSLf+yPPj+fzNmzJjJM13/ZQIAAAAAAAAAAAAAxs3jcuKu9xEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLevcXIddd3AD+zN28cSAyE1ElN2DjGGGeTXV/iC62LCdeGW0kIhV6wXe/aLPiG1y6BRrWjQImEUVFF2/DQFhBq81JhVTzQClAeUKtKlaB9oC+ICpWHqAooIFWlFWSrmfP//3dmdnZm1zvenDnn85GSX3bmzJwzZ/4zu1873x0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmt35htlP1bIsq9Vq+QWbsuxF9XnDxKbGJa99YY8PAAAAWLtfNP793M3pgsMruFHTNv90x7e/urCwsJC9b/hPRz+3sJCumMiy0Q1Z1rguuvqD99eatwkez8ZrQ01fD/XY/XCP60d6XD/a4/qxHtdv6HH9eI/rl5yAJW7IaunOtjX+c1N+SrNbstHGdds63Orx2oah+rlLt81qjdssjJ7I5rJT2Ww23bJ9vm2tsf3X76zv661Z3NdQ07621FfITx49Ho+hFs7xtpZ9Ld5n9KPXZxM//cmjx//6wrO3dZo9T0PL/eXHuWNr/Tg/ES7Jj7WWbUjnJB7nUNNxbunwnAy3HGetcbv6f7cf53MrPM7hxcNcV+3P+Xg21Pjv7zTO00gt63CetoTLfnZXlmWXFw+7fZsl+8qGso0tlwwtPj/j+Yqs30d9Kb00G1nVOr1zBeu0Pme2ta7T9tdEfP7vDLcbWeYYmp+mHz021vS8/3zhWtZpVH/Uy71W2tdgv18rRVmDcV18p/Ggn+i4BreFx//o9uXXYMe102ENpsfdtAa39lqDQ2PDjWNOT0KtcZvFNbirZfvhxp5qjfnM9u5rcOrC6XNT8x/7+D1zp4+dnD05e2bPrl3Te/btO3DgwNSJuVOz0/m/r/FsF9/GbCi9BraGcxdfA69u27Z5qS58cWzJ+++1vg7Hu7wON7Vt2+/X4Uj7g6utzwty6ZrOXxvvqZ/08StD2TKvscbzs3Ptr8P0uJtehyNNr8OO31M6vA5HVvA6rG9zbufKfmYZafqn0zEs/71gbWtwU9MabP95pH0N9vvnkaKswfGwLr63c/nvBVvC8T4xudqfR4aXrMH0cMN7T/2S9PP++IHG6LQub69fceNYdnF+9vy9jxy7cOH8riyMdfGyprXSvl43Nj2mbMl6HVr1ej08d8cTt3e4fFM4V+P31P81vuxzVd9m773dn6vGd7fO57Pl0t1ZGH223uez03fz+vkcy7LPf+uxB7/x6OffsOz5rOfNT0yt/WfxlEub3n9Hl3n/jbn/+Xx/6a4eHx4dyV+/w+nsjLa8H7c+VSON965aY9/PTa3s/Xg0/LPe78e3dHk/3ty2bb/fj0fbH1x8P671+tOOtWl/PsfDOjk13f39uL7N5t2rXZMjXd+P7wqzFs7/a0JSSLmoae0st27TvkZGRsPjGol7aF2ne1q2Hw3ZrL6vp3Zf2zrdcVd+X8Pp0S1ar3U60bZtv9dp+rOv5dZprdefvl2b9udzPKyLW/Z0X6f1bZ7eu/b3zhvifza9d471WoOjw2P1Yx5Ni7Dxfp8t3BDX4L3Z8exsdiqbaVw71lhPtca+Ju9b2RocC/+s93vl5i5rcEfbtv1eg+n72HJrrzay9MH3QfvzOR7WxZP3dV+D9W3euL+/P7vuCJekbZp+dm3/87Xl/szr9rbTdL3Wykg4zm/t7/5ns/VtTh1Ybc7sfp7uDpfc2OE8tb9+l3tNzWTrc542h+N89sDy56l+PPVtPndwhevpcJZllz5yf+PPe8Pfr/zdxe9+teXvXTr9nc6lj9z/4xef+MfVHD8Ag+/5fGzMv9c1/c3USv7+HwAAABgIMfcPhZnI/wAAAFAaMffH/ys8kf8BAACgNGLuHwkzqUj+3/zGZ+eev5SlZv5CEK9Pp+GBfLvYcZ0OX08sLKpffv+XZ//7Hy6tbN9DWZb9/IE/6Lj95gficeUmwnFefVPr5Ut89Z4V7fvow5fSfpv7618I9x8fz0qXQacK7nSWZV+/+TON/Uy8/0pjPv3A0cZ88PITj9e3ee5g/nW8/TMvy7f/i1D+PXziWMvtnwnn4YdhTr+t8/mIt/vKldds2f/exf3F29W23tR42E9+IL/f+HtyPvt4vn08z8sd/zc+/dRX6ts/8qrOx39pqPPxPxXu98th/u8r8u2bn4P61/F2nwzHH/cXb3fvl77Z8fivfirf/tyb8+2Ohhn3vyN8ve3Nz841n69HasdaHlf2lny7uP/p7/5x4/p4f/H+249//MiVlvPRvj6e/rf8fqbato+Xx/1Ef9+2//r9NK/PuP+n/uhoy3nutf+rDz7zivr9tu//7rbtzn1kZ2P/i/fX+hub/vKTn+m4v3g8h//2XMvjOfzu8DoO+3/yA2E9huv/72p+f+2/XeHou1vff+L2X9h0qeXxRG/9ab7/q6872Zgbxm/YeOOLXnzT5VfWz12WfWdDfn+99n/yr862HP8Xb83PR7w+dvTb97+cuP/zH508c3b+4txMOquP3tz43Tlvz48nHu/N4b21/esjZy98cPb8xPTEdJZNlPdX6F2zL4X543xc7r71wpJ30J0Ph+fz9j//+sbt//rpePm/vye//Mrb8u9brw7bfTZcvik8f6vb/1JP3nlr4/Vdezoc4cLS3xe8Flu2/deBFW0YHn/7zwVxvZ97+Qcb56F+XeP7Rnxdr/H4vz+T38/XwnldCL+Zeeuti/tr3j7+boQrD+Wv9zWfv/A2F5/XvwnP9zt+mN9/PK74eL8ffo755ubW97u4Pr52aaj9/hu/xeNyeD/JLufXx63i+b7y3K0dDy/+HpLs8m2Nr/8k3c9tq3qYy5n/2PzUqbkzFx+ZujA7f2Fq/mMfP3L67MUzF440fpfnkQ/1uv3i+9PGxvvTzOy+vVnj3epsPq6zF/r4zz18fGb/9PaZ2RPHLp648PC52fMnj8/PH5+dmd9+7MSJ2Y/2uv3czKFduw/u2b978uTczKEDBw/uOTg5d+Zs/TDyg+ph3/SHJ8+cP9K4yfyhvQd33Xff3unJ02dnZg/tn56evNjr9o3vTZP1W//+5PnZU8cuzJ2enZyf+/jsoV0H9+3b3fO3AZ4+d2J+Yur8xTNTF+dnz0/lj2XiQuPi+ve+XrennOb/I/95tl0t/0V82bvu3pd+P2vdlx9b9q7yTdp+geiz4XfR/PNLzh1Yydcx94+GmVQk/wMAAEAVxNw/FmYi/wMAAEBpxNy/IcxE/gcAAIDSiLl/PMykIvm/dP3/zZdWtH/9f/3/5vOl/1+x/v9DRev/5+8X+v/9sdb+vf5/oP+v/6//r/+v/08fFK3/H3P/DVlWyfwPAAAAVRBz/8YwE/kfAAAASiPm/hvDTOR/AAAAKI2Y+18UZlKR/K//r/+v/6//r//fef/6/4NJ/787/f8e9P+nsmr1/y/38/j1//X/Wapo/f+Y+18cZlKR/A8AAABVEHP/TWEm8j8AAACURsz9N4eZyP8AAABQGjH3bwozqUj+1//X/9f/1//X/++8f/3/waT/353+fw/6/z7/X/9f/5++Klr/P+b+l4SZVCT/AwAAQBXE3P/SMBP5HwAAAIpn5NpuFnP/y8JMluT/a9wBAAAA8IKLuf+WrK0IXpG//9f/1/8vfv9/Q7pO/1//Pytk/3840/8vDv3/7vT/e9D/1//X/9f/p6+K1v9v5P5sPHt5mElF8j8AAABUQcz9t4aZyP8AAABQGjH3/1KYifwPAAAApRFz/+Ywk4rkf/1//f/i9/99/r/+f9H7/z7/v0j0/7vT/+9B/1//X/9f/5++Klr/P+b+28JMKpL/AQAAoApi7r89zET+BwAAgNKIuf+Xw0zkfwAAACiNmPu3hJlUJP/r/xe8/x+bo/r/+v/6//r/+v8rov/fnf5/D/r/+v/6//r/9FXR+v8x978izKQi+R8AAACqIOb+O8JM5H8AAAAojZj7XxlmIv8DAABAacTcPxFmUpH8r/9f8P5/3oMf8/n/+v/6//r/+v8ro//fnf5/D/r/+v996f8vXNL/1/8nV7T+f8z9d4aZVCT/AwAAQBXE3L81zET+BwAAgNKIuf+uMBP5HwAAAEoj5v5tYSYVyf/6/wPR/8/0//X/9f/1//X/V0b/vzv9/x70//X/ff6//j99VbT+f8z9rwozqUj+BwAAgCqIuX97mIn8DwAAAKURc/+rw0zkfwAAACiNmPt3hJlUJP/r/+v/6//r/+v/d96//v9g0v/vTv+/B/1//X/9f/1/+qpo/f+Y+18TZlKR/A8AAABVEHP/zjAT+R8AAABKI+b+u8NM5H8AAAAojZj7J8NMKpL/9f/1//X/9f/1/zvvX/9/MOn/d6f/34P+v/6//r/+P31VtP5/zP33hJlUJP8DAABAFcTcf2+YifwPAAAApRFz/1SYifwPAAAApRFz/3SYSUXyv/6//r/+v/7/qvr/r1y8X/3/nP5/sej/d6f/34P+v/7/C97/H9X/p1SK1v+PuX9XmElF8j8AAABUQcz9u8NM5H8AAAAojZj794SZyP8AAABQGjH37w0zqUj+1//X/9f/1//3+f+d96//P5j0/7vrf/8/PkT9f/1//X+f/6//z1JF6//H3H9fmElF8j8AAABUQcz9+8JM5H8AAAAojZj794eZyP8AAABQGjH3HwgzqUj+1//X/9f/1//X/++8f/3/waT/353P/+9B/1//X/9f/581eugPm78qWv8/5v6DYSYVyf8AAABQBTH3vzbMRP4HAACA0oi5/1fCTOR/AAAAKI2Y+381zKQi+V//v6V7Xn+4+v/6//r/+v8N+v+DSf+/O/3/HvT/9f/1//X/6atl+/8heq93/z/m/kNhJhXJ/wAAAFAFMff/WpiJ/A8AAAClEXP/68JM5H8AAAAojZj7D4eZVCT/6//7/H/9f/1//f/O+1/v/v9YvF/9/zXR/+9O/78H/X/9f/1//X/6qmif/x9z/+vDTCqS/wEAAKAKYu6/P8xE/gcAAIDSiLn/DWEm8j8AAACURsz9bwwzqUj+1//X/x+U/v+N+v/6/22Pp2z9f5//3x/6/93p//eg/6//r/+v/09fFa3/H3P/m8JMKpL/AQAAoApi7n9zmIn8DwAAAKURc/9bwkzkfwAAACiNmPvfGmZSkfyv/6//Pyj9/0z/X/+/7fHo/+v/d6L/353+fw/6//r/+v/6//RV0fr/Mff/ephJRfI/AAAAVEHM/Q+Emcj/AAAAUBox978tzET+BwAAgNKIuf/tYSYVyf/6//r/+v/6//r/nfev/z+Y9P+7G7D+/y9uCpfr/+f0/4t9/Kvt/4+0fX1d+v8/WK7/v7Ch/fb6/1wPRev/x9z/jjCTiuR/AAAAqIKY+98ZZiL/AwAAQGnE3P+uMBP5HwAAAEoj5v7fCDOpSP7X/68fx2J7Wf+/rP3/If1//X/9/4rQ/+9uwPr/Pv+/jf5/sY/f5//r/7NU0fr/Mfe/O8ykIvkfAAAAqiDm/gfDTOR/AAAAKI2Y+x8KM5H/AQAAoDRi7n9PmElF8r/+v8//r0b/3+f/Z/r/+v8Vof/fnf5/D/r/+v9F6///p/4/g61o/f+Y+x8OM6lI/gcAAIAqiLn/vWEm8j8AAACURsz9vxlmIv8DAABAacTc/74wk4rkf/3/Qen/Twxo//8x/f/r2P+/46Z8O/1//X8W6f93p//fg/6//n/R+v8+/58BV7T+f8z97w8zWXn+H1/xlgAAAMALIub+3wozqcjf/wMAAEAVxNz/22Em8j8AAACURsz9vxNmUpH8r/8/KP1/n/+f6f/7/P+2x6P/r//fyfr1/+M7j/6//r/+f6T/r/+v/0+7ovX/Y+7/3TCTiuR/AAAAqIKY+z8QZiL/AwAAwEDo9P9kt4u5/0iYifwPAAAApRFz/9Ewk4rkf/1//X/9/4L2//9s679879vvPLpL/1//X/9/Vdb18//rL36f/6//r/+f6P/r/+v/065o/f+Y+4+FmVQk/wMAAEAVxNz/e2Em8j8AAACURsz9x8NM5H8AAAAojZj7Z8JMKpL/9f/1//X/C9r/H+DP/4/nQ/+/Vd/6//FNV/+/o7x/n1bR9e3/v3exJ67/v9r+/1jHS/X/9f8H+fj1//X/Wapo/f+Y+2fDTCqS/wEAAKAKQu4fOpHPxSvkfwAAACiNmPtPhpnI/wAAAFAaMfd/MMykIvlf/1//X/9f/9/n/3fef7f+f23E5/8XVerf/6zxQtH/b1Oc/n9n+v/6/4N8/Pr/+v8sVbT+f8z9c2EmFcn/AAAAUAUx938ozET+BwAAgNKIuf/DYSbyPwAAAJRGzP2nwkwqkv/1//X/9f/1//X/O++/sJ//r//f1Vr79/r/gf5/tfv//6P/r/+v/09/FK3/H3P/6TCTiuR/AAAAqIKY+8+Emcj/8P/s3UmTXfV5x/HTiUCtIovsssgmVVnmJbBI1skLyCKbbFKVyiITSciMyDySQELmhEDm2GAbDMbYBs8D2MbYeAbbeJ4HPGFsSi5az/NI3X363G717b7n/P+fz0KPaau515RK4qfW1wcAAKAZuft/IW6x/wEAAKAZuft/MW7pZP/r/4/T/1+qlPX/u9//6v4/X/EE+/8f1f8f9Pr6f/1/y/T/0/T/K4z3/1cPw9BX/+/5//p//T9rMrf+P3f/L8Utnex/AAAA6EHu/l+OW+x/AAAAaEbu/uviFvsfAAAAmpG7/1filk72/57+f2vos//PjNfz/z3/X/+v/9f/L9zp9v83Pv8zn/7/0P3/XbesetmZ9v8tPv//6rEPbrqfP65Nv/9D9v9nD/p8/T8tmlv/n7v/V+OWTvY/AAAA9CB3/6/FLfY/AAAANCN3//Vxi/0PAAAAzcjd/+txSyf7f33P/z+38/GF9v9F/6//3/mA/l//r/9fLM//n9bT8/+ve/yan3/6vh+8/yiv31H/P2rT/fzS37/n/+v/2W9u/X/u/t+IWzrZ/wAAANCD3P2/GbfY/wAAANCM3P2/FbfY/wAAANCM3P2/Hbd0sv/X1/8v+vn/Rf+v/9/5gP5f/6//Xyz9/7Se+v8reX39v/5f/6//Z73m1v/n7v+duKWT/Q8AAAA9yN3/u3GL/Q8AAADNyN1/Q9xi/wMAAEAzcvefj1s62f/6/5Pv/5/T/+v/4+r/9f/6/5On/5+m/19B/6//1//r/1mrufX/uftvjFs62f8AAADQg9z9vxe32P8AAADQjNz9vx+32P8AAADQjNz9fxC3dLL/9f+e/6//1//r/8dfX/+/TPr/afr/FfT/x+3nr9L/6//1/1zuiP3/sxM/ba+l/8/d/4dxSyf7HwAAAHqQu/+P4hb7HwAAAJqRu/+P4xb7HwAAAJqRu/9P4pZO9r/+X/+v/9f/X3H/v/+H3g79/zj9/+nQ/0+bTf+/dWb0w/r/xff/nv+v/9f/s8vcnv+fu/9P45ZO9j8AAAD0IHf/n8UtE/v/yL+ZDwAAAGxU7v4/j1t8/R8AAAAWL6uz3P1/Ebd0sv/1//p//b/+3/P/x19/qv+//7L3p/+fF/3/tNn0/wfQ/+v/l/z+9f/6f/abW/+fu/8v45ZO9j8AAAD0IHf/TXGL/Q8AAADNyN3/V3GL/Q8AAADNyN3/13FLJ/t/vP+/9N/r/w9H/7/7/ev/x398rKv/z7+j/n+y//8xz//vk/5/2un3/2f1/7v//vr/E7Tp9994/39u1efr/xkzt/4/d//NcUsn+x8AAAB6kLv/lrjF/gcAAIBm5O7/m7jF/gcAAIBm5O7/27ilk/3v+f/6f/3/8vp/z/+/aJPP/x9Ovf8/o/8/JP3/NM//X0H/r//X/3v+P2s1t/4/d/+tcUsn+x8AAAB6cOszw87u/7thsP8BAABgiS7/swN7/0BpyN3/93GL/Q8AAADNyN3/D3FLJ/tf/6//1//r//X/469/1P5/1YORPf//dOj/p+n/V9D/n0Q/f6ax/v+2gz5/Dv3/Dfp/ZmZX///gpY9vqv/P3f+PcUsn+x8AAAB6kLv/n+IW+x8AAACakbv/n+MW+x8AAACakbv/X+KWTvb/iff/E0Gs/l//r//X/7fU/6+i/z8d+v9p+v8V9P+e/+/5//p/1upS/7/758NN9f+5+/81bulk/wMAAEAPcvf/W9xi/wMAAEAzcvffFrfY/wAAANCM3P3/Hrd0sv89/1//r//X/+v/x19f/79M+v9p+v8V9P/6f/2//p+12vX8/8tsqv/P3X973NLJ/gcAAIAe5O6/I26x/wEAAKAZufv/I26x/wEAAKAZufv/M27pZP/r/0+2/8+P6//1/4P+X/+v/z8V3fb/W2O/Eu13QP//yM+e/4ndH9H/6//1//p//T9rMIv+/8Klf7vM3f9fcUsn+x8AAAB6kLv/v+MW+x8AAACakbv/f+IW+x8AAACakbv/f+OWI+7/71/ruzo9+n/P/9f/6//1/+Ovr/9fpm77/0Py/P8V9P/6f/2//p+1mkX/f9lf5+7/v7jF1/8BAACgGbn7/z9usf8BAACgGbn7XxC32P8AAADQjNz9L4xbOtn/+n/9v/5f/6//H3/9K+3/t4dx+v/Tof+fpv9fQf+v/9f/6/9Zq7n1/7n774xbOtn/AAAA0IPc/XfFLfY/AAAANCN3/4viFvsfAAAAmpG7/8VxSyf7X/+v/9f/6//1/+Ov7/n/y6T/n6b/H4bh7ok3MNb/Xzir/9f/6//1/1yhufX/uftfErd0sv8BAACgB7n7745b7H8AAABoRu7+e+IW+x8AAACakbv/pXFLJ/tf/6//1//r//X/46+v/18m/f80/f8Knv+v/9f/6/9Zq7n1/7n7741bOtn/AAAA0IPc/ffFLfY/AAAANCN3/8viFvsfAAAAmpG7//64pZP9r//X/+v/9f8n0v+f1//vpf8/HSfX/w/6f/2//n8F/b/+X//PXqfV/z8bP9+v6v9z9788bulk/wMAAEAPcvc/ELfY/wAAANCM3P2viFvsfwAAAGhG7v5Xxi2d7H/9v/5f/6//9/z/8dfX/y+T5/9P0/+voP/X/+v/9f+s1Wn1/wf1/nv/Onf/q+KWTvY/AAAA9CB3/4Nxi/0PAAAAzcjd/1DcYv8DAABAM3L3vzpu6WT/6//1/7v7/2HQ/+v/9f8XnUL/vz3o/9dO/z9N/7+C/r/N/v97hob6/3MHfr7+nzmaW/+fu/81cUsn+x8AAAB6kLv/tXGL/Q8AAADNyN3/urjF/gcAAIBm5O5/fdzS0v5/7uD0bfn9/9k9n6j/H4bhies9/1//P/H6+v/Z9P/1T1X/vz76/2n6/xX0/232/57/r/9nY+bW/+fuf0Pc0tL+BwAAgM7l7n9j3GL/AwAAQDNy978pbrH/AQAAoBm5+98ct3Sy/5ff/+/9RP3/cKzn/+v/dz6g/9f/6/8X67j9/e3b8Wua/l//r/8f7ee3Dvj3nkH/r//X/zNibv1/7v63xC2d7H8AAADoQe7+h+MW+x8AAACakbv/kbjF/gcAAIBm5O5/a9zSyf7X/+v/9f/L7P+39f/6f/3/qLk8///aa3/8Mf2//r/F/n+K/l//r/9nr7n1/7n73xa3dLL/AQAAoAe5+98et9j/AAAA0Izc/Y/GLfY/AAAANOPRnZBze3jHMHS5//f3/1cNFwvVi8b6/2jU9P+X0f/vfv/6//EfH57/r//X/5+8ufT/nv9/Ze9f/6//X/L7P1L//0P7P1//T4vm1v/n7n8sbulk/wMAAEAPcve/M26x/wEAAKAZufvfFbfY/wAAANCM3P2Pxy2d7H/P/9f/6//1//r/8dfX/y+T/n+a/n8F/f/x+/n8WVX/v9zn/3+v/p/1mVv/n7v/3XHLzvD74e+7wv+ZAAAAwIzk7n9P3NLJ1/8BAACgB7n73xu32P8AAADQjNz974tbOtn/+n/9v/5f/6//H399/f8y6f+n6f9X6Kf/3x774Kb7+ePa9Ptvpv/3/H/WaG79f+7+98ctnex/AAAAaNszO9/m7v9A3GL/AwAAQDNy938wbrH/AQAAoBm5+5+IWzrZ//p//X/7/f9P6//3vL7+X//fMv1//oo+Tv+/Qj/9/6hN9/NLf//6f/0/+82t/8/d/2Tc0sn+BwAAgB7k7v9Q3GL/AwAAQDNy9384brH/AQAAoBm5+z8StzSx/8+s/B76/776/62hx/7f8//1//r/niyn/79j9Bdpz//X/+v/l/v+9f/6f/abW/+fu/+prTMN7n8AAABo10/+yM89edjv+9TOt9vDR+MW+x8AAACakbv/Y3GL/Q8AAADNyN3/8bilk/2v/++r/+/z+f/6f/2//r8ny+n/x+n/9f/6/+W+f/2//p/95tb/5+7/RNxy2fBb/f+iBwAAAJyqq4/23XP3fzJu6eTr/wAAANCD3P2filv27f8Lh/xT7QAAAMDc5O7/dNzSydf/9f8z7/+HE+r/4/vp/y/S/+v/x15f/79M+v9px+z/L2zp//X/E/T/+n/9P3vNrf/P3f/AvUOX+x8AAAAatet3FD6z8+328Nm4xf4HAACAZuTu/1zcYv8DAABAM3L3fz5u6WT/6/9n3v9f0fP/z9V/8vz/zvv/m7ZHX1//r/9vmf5/muf/r6D/1//r//X/rNUR+v+dQXrS/X/u/i/ELZ3sfwAAAOhB7v4vxi32PwAAADQjd/+X4hb7HwAAAJqRu//LcUsn+1//v4H+/+azw3Ci/f8hnv+v/++j/z/g9dvp/3/gmvMP/9TP3HOn/p9LTrP/zx8L+n/9v/7/Iv2//l//z15ze/5/7v6vxC2d7H8AAADoQe7+p+MW+x8AAACakbv/q3HL8/v/oU29KwAAAGCdcvd/LW7p5Ov/+v8Wn/+/zP4//1lvoP8/v7z+P5vi3vt/z//X/+/n+f/T9P8r6P/1//p//T9rNbf+P3f/1+OWTvY/AAAA9CB3/zfiltz/W0f+rXsAAABgZnL3fzNu8fV/AAAAaEbu/mfilk72v/5f/z+X/j95/v+lz/P8/4v0//r/o9D/T9P/r6D/1//r//X/rNXc+v/c/d+KWzrZ/wAAANCD3P3Pxi32PwAAADQjd/+34xb7HwAAAJqRu/87cUsn+1//r//X/+v/9f/jr6//Xyb9/zT9/wr6f/2//l//z1rNrf/P3f/dAAAA//9ky21Q") creat(&(0x7f00000000c0)='./file1\x00', 0x19) 1.050003ms ago: executing program 2 (id=1059): openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @remote}, 0xc) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) symlinkat(&(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00') sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x8c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {0x0, 0xfff1}, {0x0, 0x8}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0x11, 0xff, 0x0, 0x0, 0xb, 0x23, 0x0, 0x0, 0x0, 0xa, 0x7d, 0xf4, 0xa], 0x1, [0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2000, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x4000]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x40400) ioctl$SG_IO(r1, 0x2285, &(0x7f00000033c0)={0x53, 0xfffffffffffffffd, 0x0, 0x68, @buffer={0xfb, 0x8a, &(0x7f0000000500)=""/138}, &(0x7f00000001c0), 0x0, 0x0, 0x10010, 0x4, 0x0}) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2416, &(0x7f0000000580)=ANY=[@ANYBLOB="e727dc07001f391e7dd7a2d786dd609907a623e02c03cb697a653e336f000000500000000000ff0200000000000000000000000000013200001200000000020090780000000369c46dea0006ff0800000000000000000000000000000001ff0200000000000000000000000000011d000000000000000502040100000000625d0000000000000502200010d492385c3783d3afa4087aac07f72281b3b12267af7a3550aa1c3df47e5193806438916ec2e867d21394d0ececf9700962d3e17e4bb578aafd31a3f1955010879ee9079424526f222aa9e6477366d11ceda8cc0a4a1008153a04ddaa531db1dc129d6fb8f95c13d752d80f25ce2b253934d9a86bdf503653d3730ada1509d9536c165576ddde5926db915dd86eb3e2a03a7e56c01f4067638d6b7a6b4e9712c66ed550b77c6e655dc71d08ae40755d11b56963a28dce50181d34e7c4b0caae8cf4b947526eecd89735717604aec2730381ca1b51ab01ed0a4c78a4ba64a733fec74ad4071ffb454d5a4e2e167705cc70cb4551a1892279fbf20f41698d06c87d4928fab8c35581c02c8b06d25f4cfab68bc929dad45297768657d0f9e3a28e4f385d3ab4f4ebc9a48469fcc680b11ae610a658ca37f442cb8abda0ca080fbfd107f702b3f57f6c29b827a6c9cd6c1a9d010a3eacb011178887d654d395a63fb718e6da50ad25840efb4801a6182f56836a03a91927cf013f3742d1491545656fddd952bbe35611dd164de5a822333d106f767e2b1fbbda7fd780c2ba8ba487e69e259bb1b9bfe90974aea4e9496999180776a13796b9c394f54ae1f6371556443be28b730502000c05028805040116050200040be4bb69246c6dd959322a3c6381cd5ecbbb7131ac5b4c10756fddad9452625b1f85dcb2db18d954111331928b8202efd022be464387d6ab7358c74e997342ee7eb1c46a817d6708b603963384c4499ef4dbf57fb3a40f974a32c25f0f9ae3953b921ea771007c951a3ed9237fc4a068fc39022aa39e70b1af46265c180eab098a06f6fd55b9ec6890f78ea1a3d5a17cac3a3887f13eeb3d163de914bcfbaf40a4a52a94901be888d6845fd4eb61ed9eebcfafb7588f7f92a12711672e4050f36e6a8695ef98eeb35f9f8f631207ba50c041580262f52bdfc87946bc87efba2e7eba9ea2f4a7072a8d83a045895d9642a081ddef313f45aa94fc70c117653ab8ddf92747a49c5c20a771233573e692d1caa10000000000003ec7000000000000c30013ea3bcc03cbfea3899367b93bc9545a9abe3e513929efb617a5c70410c64c077ec9040cc413710e4fbcf7d971af86cdf8d5f8f04948fcbf318c7894000412d280cc4b98548f990cb11035a6d48299cd0cc0cca098cab016c66c4f871549fd045f548fb2e631ae100ac591bb8dce8bee097201382fff6d7223c0d54b4b7457fa5c36d80f8ab1f398758bde615984169b6e3d03e2531bfd350ee870c7e137616c089ec2071084c33ae93acc654d7d64d521206e3a12615d4e3dde33269c8e1c3c8f5fcf1681e98ebd5cc9abda7b74fffe10398a7f701fdde69b21c9f9a2c983b7dadaf353d13332158ee52cc7d72901b495cd2ab3b8671b8fc6327a37ac9ff77c992f76caad41c6c2dcf5e3295526e9e22d2e2915f083909e0b86cd69e3df67c50b490565ae52389abfa1acbd02658039700fc092ae68e9138bfcf72f6062ee720a0f13e2040543acffd631a2289020fa5a5751aa6d3ff187aa9ddfe45d2d12195faee7de07c60a010a35d7d51c04e1ecb8bff31f16f8386961cb06e9bdf0c4b6cdd2ec48f4b7ee27a0a27a73ed401cd18a123556cb80161e25f82b24eab61a583cef1af2139260a8ca0b5931de46721a4901c50aacade1e4e25a5e01d8330f359fc397a9128f3a3c2d521452395c09c7a2bd0926b8df488eacaba377099c3bf06f99bc14b5b16cd3ec0bbb0608936666ada99db2082b191ffc38c886c04072c9f0a6a2288f39462e087b9e5bf89d1ee2ddd303cb05074370e8dabe7c107ae212597b0cbe71d42ee14546e25266c40fcf5f98cc9e2380f19e16c30e54424ff297608d94a3e9f49028b1cd29e483cd64d3b6125d450ee34cfcfd0b83e58c8e2933e5962354766be37b1a12571aaeb287acd79e002008f77d21a7d239e79c690c60b5bccbb8338807882658a4779944bdbc8cc6c23590f1761fb318367a7800129c9ed5ab8ae6648cc82e5b9e00a6838326180990b2bdc4a9271519926e7bdc4bd16ed9b4ab3b5abdeca97315ecd0642119a8a1fbc7a87f015dfd039e5fc6915765fe7acc93d8ac78be1a8b0dfcfc2038aa2d737c102fb3e77bbc5cd39c3e6a006f0570b1ad37cc650259c99d1603241594ea5fe0b48aed88840c3ba13aea15daad41ade985b593c59f3a93b539f00f78f24ce4fb7ddd4ebbc9020e3f841cea7beaaa52eb9ed256967f84428be67e440488648a414d0a0484575b2b05d6837a4afe032ddc0a86d5a628f1e035d90c767156620eac13d8060aef01e77c3bfa167893f5dd03ae7340923dc3538f3b4d1ca37d6f754e7a201c9b92841d8804da87b7c8cc9fa8c73bd39d76f6e4bb5f0b98fa6df4ef7f18cad7eb37650d3ffc2db89de2d500e89879c7c5b45cecefaf735cc8039061f8cba474c41fb8af5dd3dc941aefeb95e9ef7e96a6a20078778c9fe262e17833d19714eeca9db646aff7b21678759947668fa3905bb287158eb1e3b0854971ca7a5d5a19b0475db8cb7649135ab5578108f243c42ab6d6218ddb97f3dc7c6a4bd3a265fd22714bdd0bbfd62cffe88c08f8b02f4a22a7d5bd154818835129944705f4caeb7593b74cc94b26f10df52e06b3d18650328cd2f987fd73a15c28d107f9e212c9468f03af5d4653ee89cbd26ecd1de806e74f36e33ae3ff09e6d72bc27b272f64dfa800d2a8d28a40b4030a0419386eb1444d60ae010bd23e5b6dda29e4b7ab87cf9a817aca48ee35cce0041844f583ad520649bd28eeafb5657481d521f08ff6e96d8695d48c197fbc7dbf5c1a2b53acfcea775d27f6189951a7b5aecb79e1f4b65aba36f3ef8cb27f01b623bdb8fca0b6f8f95546567b353d917f29fa23534cb871cb1984098d2f82f4232675b6b818055abb72a49bda6b2c03575248b172452227b97480546cee59daf737dfac4eddbc3cfc59da07df0ed62d5b0819286316c6df03a85a54b318f2569945f43dc130eecf5c5563cc703c85f7540fbb3dbf0fd53fc8743472124e4f9ed5bb8cae75d7698122b9e94e55cce0d5afcdecaa6ca3cfe95e756857cd7bf4902a17614d7dc5e463eb8bb827168fc9188e4c51233df3089f79658485861d3d5f9ab7346a8c51afc17bb753d6be5f8c2eeeb02c1cfc8d9d54eec6f8220527485a51848394312233adc116d122a8bcfd2cf30ed63b48ef3e8007ff62017ecf621d465e75064d7e6aad3e7696fe88872074f1353c878fe7d81c053952740f1818129167c273ea1900145ebbc9f765553212561cf11a2a7c37be0918468030f55b18984042c64819e722a030002037cfcfd10ec8cff39a187b7282ac508c1d57847075c298bcb9bfc84df491593e043862642114a34f5672774c8727cbade0cbf1dd795d02ff01eaa95df1ac9849b45e2e78bf7a55b46ddea87e1bf58f4aa5a774be80da1ea488d7300b2b39f2589bb0b4d6de1823"], 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010000000800000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x4008000) 0s ago: executing program 1 (id=1060): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x3c) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = dup2(0xffffffffffffffff, r2) r4 = syz_io_uring_setup(0x5988, &(0x7f00000005c0)={0x0, 0xfec4, 0x8, 0x1, 0x2d3}, &(0x7f00000000c0)=0x0, &(0x7f0000000180)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="0100b11b700000feffff1a000000180001801400020064756d6d7930"], 0x2c}}, 0x0) io_uring_enter(r4, 0x75fa, 0xe475, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000500)={0x0, @in={{0x2, 0x4, @loopback}}}, &(0x7f0000000400)=0x84) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x0, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r1, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r1}) kernel console output (not intermixed with test programs): 32 req 04 val 1300 [ 507.282456][ T5937] pwc: recv_control_msg error -71 req 04 val 1400 [ 507.328890][ T5937] pwc: recv_control_msg error -71 req 02 val 2000 [ 507.382137][ T5937] pwc: recv_control_msg error -71 req 02 val 2100 [ 507.888318][ T5937] pwc: recv_control_msg error -71 req 04 val 1500 [ 508.879258][ T5937] pwc: recv_control_msg error -71 req 02 val 2500 [ 508.972854][ T5937] pwc: recv_control_msg error -71 req 02 val 2400 [ 509.360881][ T5937] pwc: recv_control_msg error -71 req 02 val 2600 [ 509.584822][ T5937] pwc: recv_control_msg error -71 req 02 val 2900 [ 509.643595][ T5937] pwc: recv_control_msg error -71 req 02 val 2800 [ 509.720275][ T5937] pwc: recv_control_msg error -71 req 04 val 1100 [ 509.801355][ T5937] pwc: recv_control_msg error -71 req 04 val 1200 [ 510.104248][ T5937] pwc: Registered as video103. [ 510.166656][ T5937] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input15 [ 510.518920][ T8642] loop2: detected capacity change from 0 to 512 [ 511.065147][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.071827][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 511.205504][ T8642] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 511.284033][ T8642] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 511.422833][ T5937] usb 3-1: USB disconnect, device number 4 [ 511.527977][ T36] team0 (unregistering): Port device team_slave_1 removed [ 511.770967][ T36] team0 (unregistering): Port device team_slave_0 removed [ 511.828864][ T8642] EXT4-fs (loop2): shut down requested (0) [ 512.773470][ T8663] netlink: 60 bytes leftover after parsing attributes in process `syz.3.560'. [ 513.338699][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 514.484004][ T8668] loop2: detected capacity change from 0 to 64 [ 514.542191][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 514.542216][ T30] audit: type=1800 audit(1752250898.852:112): pid=8668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.562" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 514.686312][ T8669] syz.2.562: attempt to access beyond end of device [ 514.686312][ T8669] loop2: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 514.701115][ T8669] syz.2.562: attempt to access beyond end of device [ 514.701115][ T8669] loop2: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 514.716669][ T8669] syz.2.562: attempt to access beyond end of device [ 514.716669][ T8669] loop2: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 515.704563][ T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 516.370598][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 516.414911][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 516.426293][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.483918][ T10] usb 2-1: config 0 descriptor?? [ 516.625410][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 516.840820][ T8361] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.874311][ T8361] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.881659][ T8361] bridge_slave_0: entered allmulticast mode [ 516.923048][ T8361] bridge_slave_0: entered promiscuous mode [ 517.011581][ T8361] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.034168][ T8361] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.042398][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 517.086741][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 517.122369][ T8361] bridge_slave_1: entered allmulticast mode [ 517.144555][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 517.185941][ T8361] bridge_slave_1: entered promiscuous mode [ 517.186626][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 517.265114][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 517.285149][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 517.300659][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 517.311792][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 517.331944][ T8463] chnl_net:caif_netlink_parms(): no params data found [ 517.341875][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 517.350131][ T10] pwc: recv_control_msg error -32 req 02 val 2500 [ 517.358388][ T10] pwc: recv_control_msg error -32 req 02 val 2400 [ 517.366957][ T10] pwc: recv_control_msg error -32 req 02 val 2600 [ 517.374377][ T10] pwc: recv_control_msg error -32 req 02 val 2900 [ 517.382525][ T10] pwc: recv_control_msg error -32 req 02 val 2800 [ 517.477381][ T8692] loop2: detected capacity change from 0 to 64 [ 517.856796][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 517.876077][ T10] pwc: Registered as video103. [ 518.595134][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input16 [ 518.756524][ T10] usb 2-1: USB disconnect, device number 5 [ 519.834992][ T5842] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 520.827233][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.692744][ T8463] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.864478][ T8463] bridge_slave_0: entered allmulticast mode [ 521.920683][ T8463] bridge_slave_0: entered promiscuous mode [ 521.995307][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 522.052093][ T8463] bridge0: port 2(bridge_slave_1) entered disabled state [ 522.104087][ T8463] bridge_slave_1: entered allmulticast mode [ 522.122661][ T8463] bridge_slave_1: entered promiscuous mode [ 522.152267][ T8731] loop3: detected capacity change from 0 to 64 [ 522.212737][ T30] audit: type=1800 audit(1752250906.522:113): pid=8731 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.577" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 522.423045][ T8734] netlink: 60 bytes leftover after parsing attributes in process `syz.2.575'. [ 522.720268][ T8731] syz.3.577: attempt to access beyond end of device [ 522.720268][ T8731] loop3: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 522.733950][ T8731] syz.3.577: attempt to access beyond end of device [ 522.733950][ T8731] loop3: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 522.747932][ T8731] syz.3.577: attempt to access beyond end of device [ 522.747932][ T8731] loop3: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 523.806454][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 523.819194][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 523.832160][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 523.844580][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 523.852542][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 524.739669][ T8463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 524.867278][ T8463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 525.459942][ T8757] loop2: detected capacity change from 0 to 64 [ 525.913988][ T5852] Bluetooth: hci2: command tx timeout [ 527.319924][ T8756] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 528.012104][ T5852] Bluetooth: hci2: command tx timeout [ 528.283938][ T5923] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 528.310113][ T8463] team0: Port device team_slave_0 added [ 528.373593][ T8463] team0: Port device team_slave_1 added [ 528.433951][ T36] bridge_slave_1: left allmulticast mode [ 528.439674][ T36] bridge_slave_1: left promiscuous mode [ 528.456635][ T5923] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 528.682053][ T5923] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 528.714531][ T5923] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.734823][ T5923] usb 6-1: config 0 descriptor?? [ 528.973181][ T5923] pwc: Askey VC010 type 2 USB webcam detected. [ 529.409861][ T5923] pwc: recv_control_msg error -32 req 02 val 2b00 [ 529.424917][ T5923] pwc: recv_control_msg error -32 req 02 val 2700 [ 529.442640][ T5923] pwc: recv_control_msg error -32 req 02 val 2c00 [ 529.450509][ T5923] pwc: recv_control_msg error -32 req 04 val 1000 [ 529.464804][ T5923] pwc: recv_control_msg error -32 req 04 val 1300 [ 529.487907][ T5923] pwc: recv_control_msg error -32 req 04 val 1400 [ 529.505090][ T5923] pwc: recv_control_msg error -32 req 02 val 2000 [ 529.522967][ T5923] pwc: recv_control_msg error -32 req 02 val 2100 [ 529.532050][ T5923] pwc: recv_control_msg error -32 req 04 val 1500 [ 529.553166][ T5923] pwc: recv_control_msg error -32 req 02 val 2500 [ 529.593704][ T5923] pwc: recv_control_msg error -32 req 02 val 2400 [ 529.625260][ T5923] pwc: recv_control_msg error -32 req 02 val 2600 [ 529.640792][ T5923] pwc: recv_control_msg error -32 req 02 val 2900 [ 529.655769][ T5923] pwc: recv_control_msg error -32 req 02 val 2800 [ 529.739517][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.881941][ T5923] pwc: recv_control_msg error -71 req 04 val 1200 [ 529.901434][ T5923] pwc: Registered as video103. [ 529.915800][ T5923] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input17 [ 529.969481][ T5923] usb 6-1: USB disconnect, device number 5 [ 530.058581][ T36] bridge_slave_0: left allmulticast mode [ 530.082636][ T5852] Bluetooth: hci2: command tx timeout [ 530.193440][ T36] bridge_slave_0: left promiscuous mode [ 530.208007][ T8771] loop3: detected capacity change from 0 to 512 [ 530.260620][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.319922][ T8771] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 530.440422][ T8771] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 532.234012][ T5852] Bluetooth: hci2: command tx timeout [ 533.085423][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 533.244262][ T36] bond0 (unregistering): Released all slaves [ 534.148986][ T8788] loop3: detected capacity change from 0 to 32768 [ 534.169375][ T8788] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.587 (8788) [ 534.230011][ T8788] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 534.240333][ T8788] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 534.249168][ T8788] BTRFS info (device loop3): disk space caching is enabled [ 534.256416][ T8788] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 534.323620][ T8787] loop1: detected capacity change from 0 to 64 [ 534.372342][ T8788] BTRFS info (device loop3): rebuilding free space tree [ 534.409152][ T8788] BTRFS info (device loop3): disabling free space tree [ 534.416228][ T8788] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 534.425962][ T8788] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 534.543965][ T30] audit: type=1800 audit(1752250918.852:114): pid=8787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.589" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 534.629199][ T8787] syz.1.589: attempt to access beyond end of device [ 534.629199][ T8787] loop1: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 534.699664][ T8787] syz.1.589: attempt to access beyond end of device [ 534.699664][ T8787] loop1: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 535.068267][ T8787] syz.1.589: attempt to access beyond end of device [ 535.068267][ T8787] loop1: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 535.373517][ T5850] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 536.058394][ T8819] loop5: detected capacity change from 0 to 512 [ 536.813088][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 536.852417][ T8819] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 536.884504][ T8819] ext4 filesystem being mounted at /147/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 536.983901][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 537.332185][ T8463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 537.540457][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 537.780373][ T8830] loop1: detected capacity change from 0 to 32768 [ 537.799514][ T8830] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.594 (8830) [ 537.831994][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 537.858224][ T8830] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 537.869702][ T8830] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm [ 537.878535][ T8830] BTRFS info (device loop1): disk space caching is enabled [ 537.885806][ T8830] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 537.947835][ T8463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 538.226176][ T8830] BTRFS info (device loop1): rebuilding free space tree [ 538.249731][ T8830] BTRFS info (device loop1): disabling free space tree [ 538.256750][ T8830] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 538.266535][ T8830] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 538.482815][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.476600][ T5844] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 540.195759][ T8858] netlink: 60 bytes leftover after parsing attributes in process `syz.2.599'. [ 540.609929][ T8463] hsr_slave_0: entered promiscuous mode [ 540.640220][ T8860] slcan: can't register candev [ 540.645404][ T8860] Falling back ldisc for ttyS3. [ 540.773819][ T8463] hsr_slave_1: entered promiscuous mode [ 540.780742][ T8463] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 540.788428][ T8463] Cannot create hsr debugfs directory [ 542.303529][ T8738] chnl_net:caif_netlink_parms(): no params data found [ 545.435850][ T8884] loop1: detected capacity change from 0 to 64 [ 545.476494][ T30] audit: type=1800 audit(1752250929.772:115): pid=8884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.603" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 545.499973][ T8884] syz.1.603: attempt to access beyond end of device [ 545.499973][ T8884] loop1: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 545.513564][ T8884] syz.1.603: attempt to access beyond end of device [ 545.513564][ T8884] loop1: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 545.527467][ T8884] syz.1.603: attempt to access beyond end of device [ 545.527467][ T8884] loop1: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 547.076681][ T8900] loop1: detected capacity change from 0 to 64 [ 547.557581][ T30] audit: type=1800 audit(1752250931.872:116): pid=8900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.605" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 547.637505][ T8908] syz.1.605: attempt to access beyond end of device [ 547.637505][ T8908] loop1: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 547.758320][ T8908] syz.1.605: attempt to access beyond end of device [ 547.758320][ T8908] loop1: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 547.843400][ T8908] syz.1.605: attempt to access beyond end of device [ 547.843400][ T8908] loop1: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 548.038559][ T8738] bridge0: port 1(bridge_slave_0) entered blocking state [ 548.094590][ T8738] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.148163][ T8738] bridge_slave_0: entered allmulticast mode [ 548.195113][ T8738] bridge_slave_0: entered promiscuous mode [ 548.238955][ T8738] bridge0: port 2(bridge_slave_1) entered blocking state [ 548.282615][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 548.294582][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 548.305507][ T8738] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.317025][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 548.324834][ T8738] bridge_slave_1: entered allmulticast mode [ 548.337814][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 548.344996][ T8738] bridge_slave_1: entered promiscuous mode [ 548.351537][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 550.401888][ T5842] Bluetooth: hci4: command tx timeout [ 550.473699][ T5993] bridge_slave_1: left allmulticast mode [ 551.297852][ T5937] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 551.433918][ T5993] bridge_slave_1: left promiscuous mode [ 551.454457][ T5993] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.527911][ T5993] bridge_slave_0: left allmulticast mode [ 551.574063][ T5993] bridge_slave_0: left promiscuous mode [ 551.580904][ T5993] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.669198][ T5937] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 551.728124][ T5937] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 551.806395][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.474206][ T5852] Bluetooth: hci4: command tx timeout [ 552.479612][ T8942] loop3: detected capacity change from 0 to 64 [ 552.761526][ T5937] usb 2-1: config 0 descriptor?? [ 553.445355][ T30] audit: type=1800 audit(1752250937.762:117): pid=8942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.616" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 553.492304][ T5937] pwc: Askey VC010 type 2 USB webcam detected. [ 553.507831][ T8942] syz.3.616: attempt to access beyond end of device [ 553.507831][ T8942] loop3: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 553.521572][ T8942] syz.3.616: attempt to access beyond end of device [ 553.521572][ T8942] loop3: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 553.536823][ T8942] syz.3.616: attempt to access beyond end of device [ 553.536823][ T8942] loop3: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 553.573117][ T5937] pwc: send_video_command error -71 [ 553.593711][ T5937] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 553.602009][ T5937] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 554.012872][ T5937] usb 2-1: USB disconnect, device number 6 [ 554.933908][ T5852] Bluetooth: hci4: command 0x040f tx timeout [ 554.988493][ T5993] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 555.074493][ T8957] slcan: can't register candev [ 555.079546][ T8957] Falling back ldisc for ttyS3. [ 555.613049][ T5993] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 555.664580][ T5993] bond0 (unregistering): Released all slaves [ 555.716880][ T8738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 556.840395][ T8738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 556.954011][ T5842] Bluetooth: hci4: command 0x040f tx timeout [ 557.278406][ T8976] loop1: detected capacity change from 0 to 128 [ 559.354162][ T5842] Bluetooth: hci4: command 0x040f tx timeout [ 559.616570][ T8976] EXT4-fs (loop1): Test dummy encryption mode enabled [ 559.772247][ T8976] EXT4-fs (loop1): can't mount with data_err=abort, fs mounted w/o journal [ 560.640132][ T8989] loop2: detected capacity change from 0 to 64 [ 561.745265][ T8738] team0: Port device team_slave_0 added [ 562.145121][ T5993] hsr_slave_0: left promiscuous mode [ 562.188956][ T5993] hsr_slave_1: left promiscuous mode [ 562.215481][ T5993] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 562.254726][ T5993] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 562.512183][ T8999] loop3: detected capacity change from 0 to 64 [ 562.810040][ T8999] syz.3.630: attempt to access beyond end of device [ 562.810040][ T8999] loop3: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 562.823691][ T8999] syz.3.630: attempt to access beyond end of device [ 562.823691][ T8999] loop3: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 562.837748][ T8999] syz.3.630: attempt to access beyond end of device [ 562.837748][ T8999] loop3: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 562.854265][ T30] audit: type=1800 audit(1752250947.112:118): pid=8999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.630" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 563.511380][ T9013] loop3: detected capacity change from 0 to 64 [ 563.694574][ T5993] team0 (unregistering): Port device team_slave_1 removed [ 564.330787][ T30] audit: type=1800 audit(1752250948.642:119): pid=9013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.634" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 564.566606][ T9013] syz.3.634: attempt to access beyond end of device [ 564.566606][ T9013] loop3: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 565.450966][ T5993] team0 (unregistering): Port device team_slave_0 removed [ 565.925516][ T9013] syz.3.634: attempt to access beyond end of device [ 565.925516][ T9013] loop3: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 566.014439][ T9013] syz.3.634: attempt to access beyond end of device [ 566.014439][ T9013] loop3: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 567.046104][ T8738] team0: Port device team_slave_1 added [ 567.329270][ T8738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 568.997493][ T9041] slcan: can't register candev [ 569.002619][ T9041] Falling back ldisc for ttyS3. [ 569.004701][ T8738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 569.076449][ T8738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 569.370848][ T8738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 569.441065][ T8738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 569.708036][ T8738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 572.122757][ T9061] loop5: detected capacity change from 0 to 64 [ 572.137561][ T30] audit: type=1800 audit(1752250956.452:120): pid=9061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.644" name="file1" dev="loop5" ino=18 res=0 errno=0 [ 572.173937][ T9061] syz.5.644: attempt to access beyond end of device [ 572.173937][ T9061] loop5: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 572.187532][ T9061] syz.5.644: attempt to access beyond end of device [ 572.187532][ T9061] loop5: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 572.201371][ T9061] syz.5.644: attempt to access beyond end of device [ 572.201371][ T9061] loop5: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 572.373862][ T5827] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 572.483979][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 572.490364][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 572.560110][ T8738] hsr_slave_0: entered promiscuous mode [ 572.581541][ T5827] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 572.616517][ T8738] hsr_slave_1: entered promiscuous mode [ 572.653515][ T5827] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 572.662228][ T8738] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 572.674304][ T8738] Cannot create hsr debugfs directory [ 572.715171][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 572.737703][ T5827] usb 4-1: config 0 descriptor?? [ 572.755183][ T5827] pwc: Askey VC010 type 2 USB webcam detected. [ 572.797617][ T9073] loop1: detected capacity change from 0 to 64 [ 572.844185][ T30] audit: type=1800 audit(1752250957.162:121): pid=9073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.649" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 573.904938][ T5827] pwc: recv_control_msg error -32 req 02 val 2b00 [ 573.920584][ T5827] pwc: recv_control_msg error -32 req 02 val 2700 [ 573.926828][ T9073] syz.1.649: attempt to access beyond end of device [ 573.926828][ T9073] loop1: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 574.431519][ T5827] pwc: recv_control_msg error -32 req 02 val 2c00 [ 574.433619][ T9076] slcan: can't register candev [ 574.443808][ T9076] Falling back ldisc for ttyS3. [ 574.582880][ T9073] syz.1.649: attempt to access beyond end of device [ 574.582880][ T9073] loop1: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 574.586012][ T5827] pwc: recv_control_msg error -32 req 04 val 1000 [ 574.642477][ T9073] syz.1.649: attempt to access beyond end of device [ 574.642477][ T9073] loop1: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 574.685352][ T5827] pwc: recv_control_msg error -32 req 04 val 1300 [ 574.712516][ T5827] pwc: recv_control_msg error -32 req 04 val 1400 [ 574.784399][ T5827] pwc: recv_control_msg error -32 req 02 val 2000 [ 574.886655][ T5827] pwc: recv_control_msg error -32 req 02 val 2100 [ 574.980998][ T5827] pwc: recv_control_msg error -32 req 04 val 1500 [ 575.077819][ T5827] pwc: recv_control_msg error -32 req 02 val 2500 [ 575.198602][ T5827] pwc: recv_control_msg error -32 req 02 val 2400 [ 575.320166][ T5827] pwc: recv_control_msg error -32 req 02 val 2600 [ 575.470683][ T5827] pwc: recv_control_msg error -32 req 02 val 2900 [ 575.935298][ T9087] loop2: detected capacity change from 0 to 32768 [ 575.954861][ T9087] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.651 (9087) [ 575.975348][ T5827] pwc: recv_control_msg error -32 req 02 val 2800 [ 576.064608][ T9087] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 576.075105][ T9087] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 576.083947][ T9087] BTRFS info (device loop2): disk space caching is enabled [ 576.091174][ T9087] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 576.206949][ T5827] pwc: recv_control_msg error -71 req 04 val 1200 [ 576.226073][ T5827] pwc: Registered as video103. [ 576.252837][ T5827] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input18 [ 576.274349][ T5827] usb 4-1: USB disconnect, device number 5 [ 576.340879][ T9105] netlink: 60 bytes leftover after parsing attributes in process `syz.5.652'. [ 576.441472][ T9087] BTRFS info (device loop2): rebuilding free space tree [ 576.459501][ T9087] BTRFS info (device loop2): disabling free space tree [ 576.466483][ T9087] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 576.476577][ T9087] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 577.495319][ T5847] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 579.882502][ T8916] chnl_net:caif_netlink_parms(): no params data found [ 580.135321][ T9137] netlink: 16 bytes leftover after parsing attributes in process `syz.2.655'. [ 580.734665][ T9144] loop5: detected capacity change from 0 to 64 [ 580.756885][ T30] audit: type=1800 audit(1752250965.072:122): pid=9144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.659" name="file1" dev="loop5" ino=18 res=0 errno=0 [ 582.994062][ T9158] can0: slcan on ttyS3. [ 583.179083][ T5852] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 583.194621][ T5852] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 583.209552][ T5852] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 583.231325][ T5852] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 583.241449][ T5852] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 583.255881][ T9159] can0 (unregistered): slcan off ttyS3. [ 583.698955][ T9170] loop2: detected capacity change from 0 to 64 [ 583.767040][ T9172] loop3: detected capacity change from 0 to 64 [ 584.781710][ T30] audit: type=1800 audit(1752250969.082:123): pid=9170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.665" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 584.810951][ T9170] syz.2.665: attempt to access beyond end of device [ 584.810951][ T9170] loop2: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 585.126673][ T9170] syz.2.665: attempt to access beyond end of device [ 585.126673][ T9170] loop2: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 585.680591][ T5852] Bluetooth: hci6: command tx timeout [ 585.705295][ T9170] syz.2.665: attempt to access beyond end of device [ 585.705295][ T9170] loop2: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 585.731903][ T8916] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.874005][ T8916] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.881315][ T8916] bridge_slave_0: entered allmulticast mode [ 586.197432][ T8916] bridge_slave_0: entered promiscuous mode [ 586.255985][ T8916] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.285623][ T9182] netlink: 60 bytes leftover after parsing attributes in process `syz.5.666'. [ 586.295104][ T8916] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.302871][ T8916] bridge_slave_1: entered allmulticast mode [ 586.322334][ T8916] bridge_slave_1: entered promiscuous mode [ 586.463237][ T36] bridge_slave_1: left allmulticast mode [ 586.491710][ T36] bridge_slave_1: left promiscuous mode [ 586.524594][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.569182][ T36] bridge_slave_0: left allmulticast mode [ 586.595083][ T36] bridge_slave_0: left promiscuous mode [ 587.396529][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.771664][ T5852] Bluetooth: hci6: command tx timeout [ 589.278407][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 589.350158][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 589.474983][ T36] bond0 (unregistering): Released all slaves [ 589.834006][ T5852] Bluetooth: hci6: command tx timeout [ 589.913904][ T36] hsr_slave_0: left promiscuous mode [ 590.013579][ T36] hsr_slave_1: left promiscuous mode [ 590.061484][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 590.093714][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 590.191195][ T9199] netlink: 16 bytes leftover after parsing attributes in process `syz.3.671'. [ 590.712502][ T9201] loop2: detected capacity change from 0 to 64 [ 590.861775][ T30] audit: type=1800 audit(1752250975.092:124): pid=9201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.672" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 591.999211][ T9209] loop2: detected capacity change from 0 to 512 [ 592.034698][ T5852] Bluetooth: hci6: command tx timeout [ 593.529765][ T9218] loop1: detected capacity change from 0 to 64 [ 594.074205][ T9209] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 594.144493][ T30] audit: type=1800 audit(1752250978.432:125): pid=9218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.678" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 594.174296][ T9209] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 594.494494][ T9218] syz.1.678: attempt to access beyond end of device [ 594.494494][ T9218] loop1: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 594.524017][ T9218] syz.1.678: attempt to access beyond end of device [ 594.524017][ T9218] loop1: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 595.455793][ T9218] syz.1.678: attempt to access beyond end of device [ 595.455793][ T9218] loop1: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 595.498166][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 596.532468][ T9233] loop2: detected capacity change from 0 to 64 [ 596.912953][ T36] team0 (unregistering): Port device team_slave_1 removed [ 597.859872][ T36] team0 (unregistering): Port device team_slave_0 removed [ 598.049347][ T9246] loop2: detected capacity change from 0 to 64 [ 598.126482][ T30] audit: type=1800 audit(1752250982.442:126): pid=9246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.685" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 600.092233][ T9257] netlink: 16 bytes leftover after parsing attributes in process `syz.1.687'. [ 600.574136][ T8916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 600.761178][ T8916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 602.680370][ T9265] can0: slcan on ttyS3. [ 602.695201][ T9269] netlink: 60 bytes leftover after parsing attributes in process `syz.1.689'. [ 602.835088][ T9265] can0 (unregistered): slcan off ttyS3. [ 604.988912][ T9162] chnl_net:caif_netlink_parms(): no params data found [ 606.633240][ T9304] loop2: detected capacity change from 0 to 64 [ 606.657780][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 606.673611][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 606.684482][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 606.693390][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 606.701210][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 606.744869][ T9311] loop3: detected capacity change from 0 to 64 [ 606.819456][ T30] audit: type=1800 audit(1752250991.092:127): pid=9311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.696" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 607.271625][ T30] audit: type=1800 audit(1752250991.172:128): pid=9304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.695" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 607.310811][ T9304] syz.2.695: attempt to access beyond end of device [ 607.310811][ T9304] loop2: rw=34817, sector=18, nr_sectors = 400 limit=64 [ 607.337723][ T9304] syz.2.695: attempt to access beyond end of device [ 607.337723][ T9304] loop2: rw=34817, sector=420, nr_sectors = 20 limit=64 [ 607.545019][ T9304] syz.2.695: attempt to access beyond end of device [ 607.545019][ T9304] loop2: rw=34817, sector=441, nr_sectors = 64 limit=64 [ 607.795094][ T6299] bridge_slave_1: left allmulticast mode [ 607.800822][ T6299] bridge_slave_1: left promiscuous mode [ 607.904156][ T6299] bridge0: port 2(bridge_slave_1) entered disabled state [ 607.973891][ T6299] bridge_slave_0: left allmulticast mode [ 607.979609][ T6299] bridge_slave_0: left promiscuous mode [ 608.029606][ T6299] bridge0: port 1(bridge_slave_0) entered disabled state [ 609.213867][ T5852] Bluetooth: hci2: command tx timeout [ 610.159366][ T9333] netlink: 60 bytes leftover after parsing attributes in process `syz.2.699'. [ 610.232885][ T6299] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 610.280464][ T6299] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 610.303179][ T6299] bond0 (unregistering): Released all slaves [ 611.273858][ T5852] Bluetooth: hci2: command 0x041b tx timeout [ 611.863500][ T9162] bridge0: port 1(bridge_slave_0) entered blocking state [ 611.871076][ T9162] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.894740][ T9162] bridge_slave_0: entered allmulticast mode [ 612.589376][ T9162] bridge_slave_0: entered promiscuous mode [ 613.009007][ T9162] bridge0: port 2(bridge_slave_1) entered blocking state [ 613.016807][ T9162] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.025801][ T9162] bridge_slave_1: entered allmulticast mode [ 613.034149][ T9162] bridge_slave_1: entered promiscuous mode [ 613.992566][ T5842] Bluetooth: hci2: command 0x041b tx timeout [ 614.449293][ T9362] loop5: detected capacity change from 0 to 64 [ 614.506925][ T30] audit: type=1800 audit(1752250998.782:129): pid=9362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.708" name="file1" dev="loop5" ino=18 res=0 errno=0 [ 615.085298][ T9364] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 615.308736][ T9368] loop5: detected capacity change from 0 to 8 [ 616.743976][ T5842] Bluetooth: hci2: command 0x041b tx timeout [ 617.402245][ T9369] slcan: can't register candev [ 617.407407][ T9369] Falling back ldisc for ttyS3. [ 618.052277][ T9381] loop2: detected capacity change from 0 to 64 [ 618.793853][ T5842] Bluetooth: hci2: command 0x041b tx timeout [ 619.028965][ T9385] netlink: 60 bytes leftover after parsing attributes in process `syz.5.712'. [ 620.130718][ T9162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 620.232068][ T9162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 620.393838][ T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 621.405566][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 621.562466][ T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 621.633822][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.685955][ T10] usb 3-1: config 0 descriptor?? [ 621.974156][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 622.873537][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 623.027797][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 623.035244][ T9162] team0: Port device team_slave_0 added [ 623.094427][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 623.109867][ T9162] team0: Port device team_slave_1 added [ 623.121352][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 623.145323][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 623.183351][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 623.214733][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 623.244293][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 623.252529][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 623.259776][ T10] pwc: recv_control_msg error -32 req 02 val 2500 [ 623.267739][ T10] pwc: recv_control_msg error -32 req 02 val 2400 [ 623.275090][ T10] pwc: recv_control_msg error -32 req 02 val 2600 [ 623.282270][ T10] pwc: recv_control_msg error -32 req 02 val 2900 [ 623.289521][ T10] pwc: recv_control_msg error -32 req 02 val 2800 [ 623.469579][ T9162] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 623.498406][ T9404] loop3: detected capacity change from 0 to 64 [ 623.498490][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 623.515240][ T30] audit: type=1800 audit(1752251007.832:130): pid=9404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.719" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 623.528016][ T10] pwc: Registered as video103. [ 623.649191][ T9162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.059089][ T9162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 624.126971][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input19 [ 624.178361][ T9162] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 624.333408][ T9162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.919879][ T10] usb 3-1: USB disconnect, device number 5 [ 624.942749][ T9162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 627.690599][ T9417] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 629.033659][ T9424] can0: slcan on ttyS3. [ 629.323965][ T9433] netlink: 16 bytes leftover after parsing attributes in process `syz.3.726'. [ 629.885714][ T9426] can0 (unregistered): slcan off ttyS3. [ 630.851176][ T9162] hsr_slave_0: entered promiscuous mode [ 630.906173][ T9162] hsr_slave_1: entered promiscuous mode [ 630.912604][ T9162] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 631.029869][ T9162] Cannot create hsr debugfs directory [ 633.067620][ T9454] loop5: detected capacity change from 0 to 64 [ 633.084035][ T9456] loop3: detected capacity change from 0 to 64 [ 633.543859][ T30] audit: type=1800 audit(1752251017.412:131): pid=9454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.732" name="file1" dev="loop5" ino=18 res=0 errno=0 [ 633.704039][ T30] audit: type=1800 audit(1752251017.962:132): pid=9456 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.733" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 633.943689][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 633.950144][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.103150][ T9465] loop1: detected capacity change from 0 to 512 [ 634.445446][ T9465] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 634.544818][ T9465] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 636.097421][ T5844] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 636.232118][ T9480] netlink: 60 bytes leftover after parsing attributes in process `syz.5.736'. [ 639.775208][ T9495] slcan: can't register candev [ 639.780312][ T9495] Falling back ldisc for ttyS3. [ 641.239253][ T9305] chnl_net:caif_netlink_parms(): no params data found [ 643.396874][ T9523] loop3: detected capacity change from 0 to 128 [ 643.475875][ T9523] EXT4-fs (loop3): Test dummy encryption mode enabled [ 643.578734][ T9523] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal [ 643.963001][ T9522] can0: slcan on ttyS3. [ 644.638299][ T9525] can0 (unregistered): slcan off ttyS3. [ 644.886872][ T9531] loop2: detected capacity change from 0 to 64 [ 644.903707][ T30] audit: type=1800 audit(1752251029.212:133): pid=9531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.746" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 646.226785][ T9540] loop1: detected capacity change from 0 to 64 [ 646.290428][ T5852] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 646.299763][ T5852] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 646.308765][ T5852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 646.345939][ T5852] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 646.487688][ T5852] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 646.769694][ T9305] bridge0: port 1(bridge_slave_0) entered blocking state [ 646.885638][ T9305] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.643876][ T9305] bridge_slave_0: entered allmulticast mode [ 647.651968][ T9305] bridge_slave_0: entered promiscuous mode [ 648.016086][ T9305] bridge0: port 2(bridge_slave_1) entered blocking state [ 648.023551][ T9305] bridge0: port 2(bridge_slave_1) entered disabled state [ 648.324054][ T9305] bridge_slave_1: entered allmulticast mode [ 648.555904][ T5852] Bluetooth: hci4: command tx timeout [ 649.194519][ T9305] bridge_slave_1: entered promiscuous mode [ 650.651620][ T5852] Bluetooth: hci4: command tx timeout [ 650.936842][ T9573] loop3: detected capacity change from 0 to 64 [ 651.674152][ T30] audit: type=1800 audit(1752251035.772:134): pid=9573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.755" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 652.731972][ T5852] Bluetooth: hci4: command tx timeout [ 652.748768][ T9305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 653.057925][ T9305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 654.793931][ T5852] Bluetooth: hci4: command tx timeout [ 656.900830][ T9594] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 657.592895][ T9605] loop2: detected capacity change from 0 to 64 [ 657.709004][ T9608] netlink: 16 bytes leftover after parsing attributes in process `syz.1.763'. [ 657.752845][ T9305] team0: Port device team_slave_0 added [ 657.760690][ T30] audit: type=1800 audit(1752251042.082:135): pid=9605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.761" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 658.638646][ T9305] team0: Port device team_slave_1 added [ 658.708916][ T9610] netlink: 60 bytes leftover after parsing attributes in process `syz.5.762'. [ 660.014559][ T9616] slcan: can't register candev [ 660.019795][ T9616] Falling back ldisc for ttyS3. [ 660.481611][ T9305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 660.582430][ T9305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 661.090002][ T9305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 661.604581][ T49] bridge_slave_1: left allmulticast mode [ 661.642964][ T49] bridge_slave_1: left promiscuous mode [ 662.089532][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.216216][ T49] bridge_slave_0: left allmulticast mode [ 663.221950][ T49] bridge_slave_0: left promiscuous mode [ 663.272271][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.278997][ T9634] slcan: can't register candev [ 663.286602][ T9634] Falling back ldisc for ttyS3. [ 664.144736][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 664.199397][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 664.222526][ T49] bond0 (unregistering): Released all slaves [ 664.394852][ T9305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.401907][ T9305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.477195][ T9646] loop1: detected capacity change from 0 to 64 [ 664.555039][ T9305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 664.597896][ T30] audit: type=1800 audit(1752251048.912:136): pid=9646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.770" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 664.766376][ T49] hsr_slave_0: left promiscuous mode [ 664.793940][ T5971] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 664.818898][ T49] hsr_slave_1: left promiscuous mode [ 664.855701][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 664.909736][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 664.975596][ T5971] usb 4-1: Using ep0 maxpacket: 16 [ 665.013093][ T5971] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 665.072487][ T5971] usb 4-1: config 0 interface 0 has no altsetting 0 [ 665.123610][ T5971] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 665.178994][ T5971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.245158][ T5971] usb 4-1: config 0 descriptor?? [ 666.463937][ T5971] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0 [ 666.963905][ T5971] usb 4-1: USB disconnect, device number 6 [ 667.369099][ T9660] loop3: detected capacity change from 0 to 512 [ 667.384264][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 667.393571][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 667.398012][ T9657] fido_id[9657]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 667.402433][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 667.425223][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 667.433404][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 667.500971][ T9664] loop5: detected capacity change from 0 to 64 [ 667.543967][ T30] audit: type=1800 audit(1752251051.852:137): pid=9664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.775" name="file1" dev="loop5" ino=18 res=0 errno=0 [ 668.475945][ T9660] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 668.716066][ T49] team0 (unregistering): Port device team_slave_1 removed [ 668.720848][ T9660] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 669.429810][ T49] team0 (unregistering): Port device team_slave_0 removed [ 669.527867][ T5842] Bluetooth: hci2: command tx timeout [ 670.830379][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 671.241342][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 671.601043][ T5842] Bluetooth: hci2: command tx timeout [ 672.346370][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 672.357057][ T24] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 672.366322][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.389998][ T24] usb 3-1: config 0 descriptor?? [ 672.418830][ T24] pwc: Askey VC010 type 2 USB webcam detected. [ 672.838907][ T24] pwc: recv_control_msg error -32 req 02 val 2b00 [ 672.855817][ T24] pwc: recv_control_msg error -32 req 02 val 2700 [ 672.864247][ T24] pwc: recv_control_msg error -32 req 02 val 2c00 [ 673.251122][ T24] pwc: recv_control_msg error -32 req 04 val 1000 [ 673.282302][ T24] pwc: recv_control_msg error -32 req 04 val 1300 [ 673.333124][ T24] pwc: recv_control_msg error -32 req 04 val 1400 [ 673.371937][ T24] pwc: recv_control_msg error -32 req 02 val 2000 [ 673.394731][ T24] pwc: recv_control_msg error -32 req 02 val 2100 [ 673.403058][ T9703] netlink: 60 bytes leftover after parsing attributes in process `syz.5.783'. [ 673.413410][ T24] pwc: recv_control_msg error -32 req 04 val 1500 [ 673.425129][ T9697] can0: slcan on ttyS3. [ 673.452595][ T24] pwc: recv_control_msg error -32 req 02 val 2500 [ 673.482263][ T24] pwc: recv_control_msg error -32 req 02 val 2400 [ 673.488820][ T9699] can0 (unregistered): slcan off ttyS3. [ 673.511503][ T24] pwc: recv_control_msg error -32 req 02 val 2600 [ 673.532938][ T24] pwc: recv_control_msg error -32 req 02 val 2900 [ 673.557162][ T24] pwc: recv_control_msg error -32 req 02 val 2800 [ 673.673863][ T5842] Bluetooth: hci2: command tx timeout [ 673.869708][ T24] pwc: recv_control_msg error -71 req 04 val 1200 [ 673.912028][ T24] pwc: Registered as video103. [ 673.936795][ T24] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input20 [ 674.058978][ T24] usb 3-1: USB disconnect, device number 6 [ 674.100388][ T9712] loop1: detected capacity change from 0 to 64 [ 674.114031][ T49] bridge_slave_1: left allmulticast mode [ 674.119730][ T49] bridge_slave_1: left promiscuous mode [ 674.160723][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.226303][ T49] bridge_slave_0: left allmulticast mode [ 674.232087][ T49] bridge_slave_0: left promiscuous mode [ 674.263182][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.831625][ T5842] Bluetooth: hci2: command tx timeout [ 677.593622][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 677.644710][ T9734] loop3: detected capacity change from 0 to 64 [ 678.067842][ T30] audit: type=1800 audit(1752251062.002:138): pid=9734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.788" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 678.074738][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 678.167610][ T49] bond0 (unregistering): Released all slaves [ 678.816644][ T9541] chnl_net:caif_netlink_parms(): no params data found [ 680.056466][ T9747] loop2: detected capacity change from 0 to 64 [ 680.198937][ T30] audit: type=1800 audit(1752251064.492:139): pid=9747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.791" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 680.251810][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 680.286748][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 683.262630][ T49] team0 (unregistering): Port device team_slave_1 removed [ 684.361780][ T9755] slcan: can't register candev [ 684.366951][ T9755] Falling back ldisc for ttyS3. [ 684.962603][ T9767] loop5: detected capacity change from 0 to 8 [ 684.970628][ T49] team0 (unregistering): Port device team_slave_0 removed [ 685.361610][ T9762] slcan: can't register candev [ 685.372721][ T9762] Falling back ldisc for ttyS3. [ 687.859367][ T9783] loop5: detected capacity change from 0 to 64 [ 687.875162][ T30] audit: type=1800 audit(1752251072.192:140): pid=9783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.800" name="file1" dev="loop5" ino=18 res=0 errno=0 [ 692.383516][ T9658] chnl_net:caif_netlink_parms(): no params data found [ 692.445695][ T9541] bridge0: port 1(bridge_slave_0) entered blocking state [ 692.456024][ T9541] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.464320][ T9541] bridge_slave_0: entered allmulticast mode [ 692.472323][ T9541] bridge_slave_0: entered promiscuous mode [ 692.520547][ T9541] bridge0: port 2(bridge_slave_1) entered blocking state [ 692.587640][ T9541] bridge0: port 2(bridge_slave_1) entered disabled state [ 692.626737][ T9541] bridge_slave_1: entered allmulticast mode [ 692.787984][ T9541] bridge_slave_1: entered promiscuous mode [ 695.363021][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 695.369603][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.172021][ T9541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 696.206320][ T9541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 696.511137][ T5949] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 697.423872][ T5949] usb 4-1: Using ep0 maxpacket: 16 [ 697.475052][ T5949] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 697.515106][ T5949] usb 4-1: config 0 interface 0 has no altsetting 0 [ 697.524296][ T5949] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 697.533383][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.579128][ T5949] usb 4-1: config 0 descriptor?? [ 698.905008][ T5949] usbhid 4-1:0.0: can't add hid device: -71 [ 698.911107][ T5949] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 698.931169][ T5949] usb 4-1: USB disconnect, device number 7 [ 699.099913][ T9541] team0: Port device team_slave_0 added [ 699.157783][ T9541] team0: Port device team_slave_1 added [ 699.203080][ T9658] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.242918][ T9658] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.268566][ T9658] bridge_slave_0: entered allmulticast mode [ 699.312485][ T9658] bridge_slave_0: entered promiscuous mode [ 699.694698][ T9864] loop3: detected capacity change from 0 to 512 [ 700.710697][ T9864] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 700.819438][ T9864] ext4 filesystem being mounted at /197/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 701.091826][ T9658] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.141505][ T9658] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.159536][ T9658] bridge_slave_1: entered allmulticast mode [ 701.185994][ T9658] bridge_slave_1: entered promiscuous mode [ 702.089553][ T9541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 702.109750][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 702.115831][ T9541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 702.145157][ T9541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 702.200325][ T9541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 702.735566][ T9541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 702.920734][ T9541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 703.645528][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 703.647520][ T9888] can0: slcan on ttyS3. [ 703.657391][ T9658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 703.725883][ T9658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 703.794392][ T9891] can0 (unregistered): slcan off ttyS3. [ 703.837795][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 703.878251][ T10] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 703.938338][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 704.061776][ T10] usb 4-1: config 0 descriptor?? [ 704.242810][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 704.264406][ T9658] team0: Port device team_slave_0 added [ 704.796908][ T9658] team0: Port device team_slave_1 added [ 705.114884][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 705.142136][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 705.160127][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 705.169857][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 705.205249][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 705.235180][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 705.263939][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 705.314660][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 705.343161][ T9658] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 705.363326][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 705.395063][ T9658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 705.421053][ C1] vkms_vblank_simulate: vblank timer overrun [ 705.422354][ T10] pwc: recv_control_msg error -32 req 02 val 2500 [ 705.484706][ T10] pwc: recv_control_msg error -32 req 02 val 2400 [ 705.505154][ T10] pwc: recv_control_msg error -32 req 02 val 2600 [ 705.532788][ T10] pwc: recv_control_msg error -32 req 02 val 2900 [ 705.551177][ T9658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 705.563240][ T10] pwc: recv_control_msg error -32 req 02 val 2800 [ 705.624742][ T9658] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 705.631784][ T9658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 705.845471][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 706.017179][ T9658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 706.220284][ T10] pwc: Registered as video103. [ 707.370464][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input21 [ 708.485839][ T9911] loop5: detected capacity change from 0 to 32768 [ 709.026903][ T9914] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 709.057418][ T9911] [ 709.057418][ T9911] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 709.057418][ T9911] [ 709.200236][ T9910] [ 709.200236][ T9910] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 709.200236][ T9910] [ 709.211647][ T9910] [ 709.211647][ T9910] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 709.211647][ T9910] [ 709.227574][ T9910] [ 709.227574][ T9910] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 709.227574][ T9910] [ 709.240904][ T9910] [ 709.240904][ T9910] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 709.240904][ T9910] [ 709.253639][ T9910] [ 709.253639][ T9910] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 709.253639][ T9910] [ 709.605213][ T111] [ 709.605213][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 709.605213][ T111] [ 709.808738][ T10] usb 4-1: USB disconnect, device number 8 [ 710.290688][ T49] [ 710.290688][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 710.290688][ T49] [ 710.637080][ T49] [ 710.637080][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 710.637080][ T49] [ 710.875777][ T5841] [ 710.875777][ T5841] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 710.875777][ T5841] [ 711.247816][ T111] [ 711.247816][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 711.247816][ T111] [ 711.484993][ T9922] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 711.494952][ T5841] [ 711.494952][ T5841] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 711.494952][ T5841] [ 711.595020][ T9921] loop1: detected capacity change from 0 to 32768 [ 712.284324][ T9921] [ 712.284324][ T9921] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.284324][ T9921] [ 712.375941][ T9921] [ 712.375941][ T9921] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.375941][ T9921] [ 712.386637][ T9921] [ 712.386637][ T9921] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.386637][ T9921] [ 712.397457][ T9921] [ 712.397457][ T9921] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.397457][ T9921] [ 712.408182][ T9921] [ 712.408182][ T9921] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.408182][ T9921] [ 712.418805][ T9921] [ 712.418805][ T9921] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.418805][ T9921] [ 712.778116][ T110] [ 712.778116][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.778116][ T110] [ 712.869343][ T12] [ 712.869343][ T12] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.869343][ T12] [ 712.919663][ T12] [ 712.919663][ T12] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 712.919663][ T12] [ 713.187727][ T111] [ 713.187727][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 713.187727][ T111] [ 713.198952][ T5844] [ 713.198952][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 713.198952][ T5844] [ 713.220460][ T5844] [ 713.220460][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 713.220460][ T5844] [ 713.224502][ T5852] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 713.244591][ T5852] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 713.253868][ T5852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 713.263064][ T5852] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 713.271027][ T5852] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 714.315372][ T9658] hsr_slave_0: entered promiscuous mode [ 714.361150][ T9658] hsr_slave_1: entered promiscuous mode [ 714.420927][ T9658] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 714.451989][ T9658] Cannot create hsr debugfs directory [ 714.489576][ T9938] can0: slcan on ttyS3. [ 714.634209][ T9939] can0 (unregistered): slcan off ttyS3. [ 714.887547][ T2971] bridge_slave_1: left allmulticast mode [ 714.943846][ T2971] bridge_slave_1: left promiscuous mode [ 714.972927][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.373843][ T5852] Bluetooth: hci4: command tx timeout [ 715.449997][ T2971] bridge_slave_0: left allmulticast mode [ 715.483809][ T2971] bridge_slave_0: left promiscuous mode [ 715.705293][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 717.065863][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 717.087432][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 717.113209][ T2971] bond0 (unregistering): Released all slaves [ 717.276506][ T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 717.317670][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 717.340385][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 717.432537][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 717.448737][ T5852] Bluetooth: hci4: command tx timeout [ 717.456522][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 717.467320][ T10] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 717.487976][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.498810][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 717.504566][ T10] usb 6-1: config 0 descriptor?? [ 717.522228][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 717.565660][ T9958] netlink: 60 bytes leftover after parsing attributes in process `syz.2.838'. [ 718.089518][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 718.105521][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 718.133620][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 718.156654][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 718.176553][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 718.326215][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 718.434135][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 718.620428][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 718.779855][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 718.793135][ T10] pwc: recv_control_msg error -32 req 02 val 2500 [ 718.811551][ T10] pwc: recv_control_msg error -32 req 02 val 2400 [ 719.256913][ T10] pwc: recv_control_msg error -32 req 02 val 2600 [ 719.267956][ T10] pwc: recv_control_msg error -32 req 02 val 2900 [ 719.324604][ T10] pwc: recv_control_msg error -32 req 02 val 2800 [ 719.524821][ T5852] Bluetooth: hci4: command tx timeout [ 719.554090][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 719.674030][ T9975] netlink: 16 bytes leftover after parsing attributes in process `syz.3.843'. [ 720.044498][ T10] pwc: Registered as video103. [ 720.412335][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input22 [ 720.695090][ T10] usb 6-1: USB disconnect, device number 6 [ 721.481406][ T9983] can0: slcan on ttyS3. [ 721.596151][ T5852] Bluetooth: hci4: command tx timeout [ 721.627624][ T9984] can0 (unregistered): slcan off ttyS3. [ 721.668850][ T9987] loop5: detected capacity change from 0 to 512 [ 721.953216][ T9989] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 722.006308][ T9987] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 722.144146][ T9987] ext4 filesystem being mounted at /207/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 724.742756][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 725.923953][ T5842] Bluetooth: hci4: command 0x0405 tx timeout [ 726.113240][ T9928] chnl_net:caif_netlink_parms(): no params data found [ 726.237162][T10025] loop5: detected capacity change from 0 to 64 [ 728.223852][ T24] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 728.440597][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 728.451396][ T5842] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 728.483398][ T24] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 728.493031][ T5842] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 728.513133][ T5842] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 728.532114][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.542117][ T5842] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 728.571473][ T5842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 728.589746][ T24] usb 6-1: config 0 descriptor?? [ 728.828649][ T24] pwc: Askey VC010 type 2 USB webcam detected. [ 729.059381][ T24] pwc: recv_control_msg error -32 req 02 val 2b00 [ 729.074995][ T24] pwc: recv_control_msg error -32 req 02 val 2700 [ 729.102824][ T24] pwc: recv_control_msg error -32 req 02 val 2c00 [ 729.116303][ T9928] bridge0: port 1(bridge_slave_0) entered blocking state [ 729.125592][ T9928] bridge0: port 1(bridge_slave_0) entered disabled state [ 729.134144][ T9928] bridge_slave_0: entered allmulticast mode [ 729.137035][ T24] pwc: recv_control_msg error -32 req 04 val 1000 [ 729.142541][ T9928] bridge_slave_0: entered promiscuous mode [ 729.174826][ T24] pwc: recv_control_msg error -32 req 04 val 1300 [ 729.187552][ T9928] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.198682][ T24] pwc: recv_control_msg error -32 req 04 val 1400 [ 729.206511][ T9928] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.220204][ T9928] bridge_slave_1: entered allmulticast mode [ 729.224852][ T24] pwc: recv_control_msg error -32 req 02 val 2000 [ 729.233558][ T9928] bridge_slave_1: entered promiscuous mode [ 729.233666][ T24] pwc: recv_control_msg error -32 req 02 val 2100 [ 729.310875][ T24] pwc: recv_control_msg error -32 req 04 val 1500 [ 729.364990][ T24] pwc: recv_control_msg error -32 req 02 val 2500 [ 729.391899][ T24] pwc: recv_control_msg error -32 req 02 val 2400 [ 729.419495][ T24] pwc: recv_control_msg error -32 req 02 val 2600 [ 729.449685][ T24] pwc: recv_control_msg error -32 req 02 val 2900 [ 729.471808][ T9928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 729.474499][ T24] pwc: recv_control_msg error -32 req 02 val 2800 [ 729.512657][ T9928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 729.733019][ T24] pwc: recv_control_msg error -71 req 04 val 1200 [ 729.746439][ T24] pwc: Registered as video103. [ 729.753580][ T24] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input23 [ 729.904930][ T24] usb 6-1: USB disconnect, device number 7 [ 730.270086][T10062] netlink: 60 bytes leftover after parsing attributes in process `syz.1.856'. [ 731.079242][ T5842] Bluetooth: hci6: command tx timeout [ 731.140569][ T9928] team0: Port device team_slave_0 added [ 731.255363][ T9928] team0: Port device team_slave_1 added [ 732.391171][T10080] loop2: detected capacity change from 0 to 64 [ 732.685679][T10081] can0: slcan on ttyS3. [ 732.702155][ T30] audit: type=1800 audit(1752251117.002:141): pid=10080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.862" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 733.114257][ T5842] Bluetooth: hci6: command tx timeout [ 733.154497][ T9928] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 733.213979][ T9928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 733.326651][ T9928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 733.485918][T10082] can0 (unregistered): slcan off ttyS3. [ 734.157100][ T9928] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 734.204067][ T9928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 734.259852][ T9928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 734.301638][ T2971] bridge_slave_1: left allmulticast mode [ 734.312522][ T2971] bridge_slave_1: left promiscuous mode [ 734.434106][ T2971] bridge0: port 2(bridge_slave_1) entered disabled state [ 734.491534][ T2971] bridge_slave_0: left allmulticast mode [ 734.500080][ T2971] bridge_slave_0: left promiscuous mode [ 734.709560][ T2971] bridge0: port 1(bridge_slave_0) entered disabled state [ 735.224044][ T5842] Bluetooth: hci6: command tx timeout [ 737.284151][ T5842] Bluetooth: hci6: command tx timeout [ 737.809158][ T2971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 737.842061][ T2971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 737.864811][ T2971] bond0 (unregistering): Released all slaves [ 738.018003][T10112] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 738.443599][ T2971] hsr_slave_0: left promiscuous mode [ 738.453258][ T2971] hsr_slave_1: left promiscuous mode [ 738.463670][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 738.488616][ T2971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 740.803370][ T2971] team0 (unregistering): Port device team_slave_1 removed [ 741.495285][ T2971] team0 (unregistering): Port device team_slave_0 removed [ 741.643840][ T5930] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 742.325931][ T5930] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 742.633895][ T5930] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 742.643054][ T5930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.747039][ T5930] usb 4-1: config 0 descriptor?? [ 742.828331][ T5930] pwc: Askey VC010 type 2 USB webcam detected. [ 743.077720][ T9374] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 744.069615][ T5930] pwc: recv_control_msg error -32 req 02 val 2b00 [ 744.096896][ T5930] pwc: recv_control_msg error -32 req 02 val 2700 [ 744.206637][ T5930] pwc: recv_control_msg error -32 req 02 val 2c00 [ 744.224565][ T9374] usb 3-1: Using ep0 maxpacket: 16 [ 744.237728][ T5930] pwc: recv_control_msg error -32 req 04 val 1000 [ 744.246931][ T9374] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 744.285723][ T5930] pwc: recv_control_msg error -32 req 04 val 1300 [ 744.292536][ T9374] usb 3-1: config 0 interface 0 has no altsetting 0 [ 744.314154][ T5930] pwc: recv_control_msg error -32 req 04 val 1400 [ 744.321338][ T9374] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 744.349006][ T5930] pwc: recv_control_msg error -32 req 02 val 2000 [ 744.373878][ T9374] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.412538][ T5930] pwc: recv_control_msg error -32 req 02 val 2100 [ 744.427369][ T9374] usb 3-1: config 0 descriptor?? [ 744.451983][ T5930] pwc: recv_control_msg error -32 req 04 val 1500 [ 744.487203][ T5930] pwc: recv_control_msg error -32 req 02 val 2500 [ 744.506120][ T5930] pwc: recv_control_msg error -32 req 02 val 2400 [ 744.524752][ T5930] pwc: recv_control_msg error -32 req 02 val 2600 [ 744.532631][ T5930] pwc: recv_control_msg error -32 req 02 val 2900 [ 744.548250][ T5930] pwc: recv_control_msg error -32 req 02 val 2800 [ 744.772496][ T5930] pwc: recv_control_msg error -71 req 04 val 1200 [ 744.830765][ T5930] pwc: Registered as video103. [ 744.856829][ T5930] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input24 [ 744.894138][ T5930] usb 4-1: USB disconnect, device number 9 [ 744.982738][ T9374] nzxt-smart2 0003:1E71:2009.0002: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 745.091575][ T9928] hsr_slave_0: entered promiscuous mode [ 745.154809][ T9928] hsr_slave_1: entered promiscuous mode [ 745.161501][ T9928] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 745.234519][ T9928] Cannot create hsr debugfs directory [ 745.454126][ T5930] usb 3-1: USB disconnect, device number 7 [ 745.749284][T10155] loop3: detected capacity change from 0 to 512 [ 745.829657][T10155] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 745.876323][T10045] chnl_net:caif_netlink_parms(): no params data found [ 745.894282][T10155] ext4 filesystem being mounted at /211/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 746.056801][T10160] netlink: 60 bytes leftover after parsing attributes in process `syz.1.877'. [ 746.461095][T10166] loop5: detected capacity change from 0 to 64 [ 747.691025][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 749.579259][T10187] loop5: detected capacity change from 0 to 64 [ 749.620342][T10045] bridge0: port 1(bridge_slave_0) entered blocking state [ 749.640101][T10045] bridge0: port 1(bridge_slave_0) entered disabled state [ 749.676496][ T30] audit: type=1800 audit(1752251133.992:142): pid=10187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.884" name="file1" dev="loop5" ino=18 res=0 errno=0 [ 749.690312][T10045] bridge_slave_0: entered allmulticast mode [ 749.793333][T10045] bridge_slave_0: entered promiscuous mode [ 749.914179][T10045] bridge0: port 2(bridge_slave_1) entered blocking state [ 749.952270][T10045] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.252282][T10190] loop2: detected capacity change from 0 to 32768 [ 750.297174][T10190] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.885 (10190) [ 750.330843][T10190] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 750.341136][T10190] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 750.350921][T10190] BTRFS info (device loop2): disk space caching is enabled [ 750.358173][T10190] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 750.374733][T10045] bridge_slave_1: entered allmulticast mode [ 750.414631][T10045] bridge_slave_1: entered promiscuous mode [ 750.478203][T10190] BTRFS info (device loop2): rebuilding free space tree [ 750.517286][T10190] BTRFS info (device loop2): disabling free space tree [ 750.524286][T10190] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 750.534049][T10190] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 750.999940][T10045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 751.672334][T10045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 751.768594][ T5847] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 752.372625][T10212] can0: slcan on ttyS3. [ 752.460950][T10045] team0: Port device team_slave_0 added [ 752.495567][T10213] can0 (unregistered): slcan off ttyS3. [ 752.536266][T10045] team0: Port device team_slave_1 added [ 753.098245][T10045] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 753.230736][T10045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 753.284438][ T5930] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 753.347618][T10045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 753.455030][T10045] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 753.475622][ T5930] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 753.494059][T10045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 753.524278][ T5930] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 753.551002][ T5930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.624249][ T5930] usb 2-1: config 0 descriptor?? [ 753.642354][T10045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 753.666567][ T5930] pwc: Askey VC010 type 2 USB webcam detected. [ 753.696277][ T9928] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 753.821042][ T9928] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 754.016354][ T9928] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 754.071926][ T5930] pwc: recv_control_msg error -32 req 02 val 2b00 [ 754.452405][ T5930] pwc: recv_control_msg error -32 req 02 val 2700 [ 755.098202][ T5930] pwc: recv_control_msg error -32 req 02 val 2c00 [ 755.118822][ T5930] pwc: recv_control_msg error -32 req 04 val 1000 [ 755.200881][ T5930] pwc: recv_control_msg error -32 req 04 val 1300 [ 755.235339][ T5930] pwc: recv_control_msg error -32 req 04 val 1400 [ 755.268098][ T5930] pwc: recv_control_msg error -32 req 02 val 2000 [ 755.283135][ T9928] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 755.299236][ T5930] pwc: recv_control_msg error -32 req 02 val 2100 [ 755.350926][ T5930] pwc: recv_control_msg error -32 req 04 val 1500 [ 755.367913][ T5930] pwc: recv_control_msg error -32 req 02 val 2500 [ 755.385427][ T5930] pwc: recv_control_msg error -32 req 02 val 2400 [ 755.392819][ T5930] pwc: recv_control_msg error -32 req 02 val 2600 [ 755.402330][ T5930] pwc: recv_control_msg error -32 req 02 val 2900 [ 755.417577][ T5930] pwc: recv_control_msg error -32 req 02 val 2800 [ 755.653970][ T5930] pwc: recv_control_msg error -71 req 04 val 1200 [ 755.845585][ T5930] pwc: Registered as video103. [ 756.046148][ T5930] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input25 [ 756.059524][T10045] hsr_slave_0: entered promiscuous mode [ 756.095641][T10045] hsr_slave_1: entered promiscuous mode [ 756.098767][ T5930] usb 2-1: USB disconnect, device number 7 [ 756.150700][T10045] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 756.182484][T10045] Cannot create hsr debugfs directory [ 756.882242][T10258] netlink: 60 bytes leftover after parsing attributes in process `syz.5.896'. [ 756.936550][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 756.951921][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 759.235939][T10262] loop1: detected capacity change from 0 to 32768 [ 760.259589][T10262] [ 760.259589][T10262] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 760.259589][T10262] [ 760.398527][T10262] [ 760.398527][T10262] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 760.398527][T10262] [ 760.409249][T10262] [ 760.409249][T10262] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 760.409249][T10262] [ 760.419911][T10262] [ 760.419911][T10262] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 760.419911][T10262] [ 760.430460][T10262] [ 760.430460][T10262] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 760.430460][T10262] [ 760.441367][T10262] [ 760.441367][T10262] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 760.441367][T10262] [ 760.988770][ T111] [ 760.988770][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 760.988770][ T111] [ 762.884201][T10265] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 763.166171][ T2971] [ 763.166171][ T2971] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 763.166171][ T2971] [ 763.176832][ T2971] [ 763.176832][ T2971] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 763.176832][ T2971] [ 763.188865][ T5844] [ 763.188865][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 763.188865][ T5844] [ 763.203778][ T5844] [ 763.203778][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 763.203778][ T5844] [ 763.267506][ T111] [ 763.267506][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 763.267506][ T111] [ 764.030300][T10274] loop5: detected capacity change from 0 to 8 [ 764.756170][T10275] can0: slcan on ttyS3. [ 764.855173][T10276] can0 (unregistered): slcan off ttyS3. [ 764.973427][T10045] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 765.080625][T10045] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 765.170488][T10045] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 765.214403][T10045] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 765.416250][T10286] netlink: 60 bytes leftover after parsing attributes in process `syz.1.899'. [ 766.749149][T10045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 766.889495][T10045] 8021q: adding VLAN 0 to HW filter on device team0 [ 768.166880][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 768.174130][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 768.256945][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 768.264190][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 768.488950][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 768.515783][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 768.534122][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 768.551720][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 768.565709][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 770.635123][ T5842] Bluetooth: hci2: command tx timeout [ 771.957381][T10045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 772.713954][ T5842] Bluetooth: hci2: command tx timeout [ 773.087956][ T36] bridge_slave_1: left allmulticast mode [ 773.293790][ T36] bridge_slave_1: left promiscuous mode [ 773.299646][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.251989][ T36] bridge_slave_0: left allmulticast mode [ 774.334038][ T36] bridge_slave_0: left promiscuous mode [ 774.395337][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.850440][ T5842] Bluetooth: hci2: command tx timeout [ 775.695203][T10359] slcan: can't register candev [ 775.700347][T10359] Falling back ldisc for ttyS3. [ 776.339728][T10373] netlink: 60 bytes leftover after parsing attributes in process `syz.1.918'. [ 777.174485][ T5842] Bluetooth: hci2: command tx timeout [ 778.603313][T10374] loop2: detected capacity change from 0 to 32768 [ 781.392358][T10374] read_mapping_page failed! [ 781.433098][T10374] jfs_mount: diMount(ipaimap) failed w/rc = -5 [ 781.475118][T10374] Mount JFS Failure: -5 [ 781.479319][T10374] jfs_mount failed w/return code = -5 [ 782.115482][T10389] netlink: 60 bytes leftover after parsing attributes in process `syz.3.921'. [ 783.224522][ T5930] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 783.313987][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 783.393519][ T5930] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 783.393602][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 783.438475][ T36] bond0 (unregistering): Released all slaves [ 783.448233][ T5930] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 783.479017][ T5930] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.519187][ T5930] usb 6-1: config 0 descriptor?? [ 783.552731][ T5930] pwc: Askey VC010 type 2 USB webcam detected. [ 784.182660][ T5930] pwc: recv_control_msg error -32 req 02 val 2b00 [ 785.535125][T10400] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 785.799598][ T5930] pwc: recv_control_msg error -32 req 02 val 2700 [ 786.001626][ T5930] pwc: recv_control_msg error -71 req 02 val 2c00 [ 786.020060][T10311] chnl_net:caif_netlink_parms(): no params data found [ 786.090291][ T5930] pwc: recv_control_msg error -71 req 04 val 1000 [ 786.169956][ T5930] pwc: recv_control_msg error -71 req 04 val 1300 [ 786.219308][ T5930] pwc: recv_control_msg error -71 req 04 val 1400 [ 786.268971][ T5930] pwc: recv_control_msg error -71 req 02 val 2000 [ 786.288014][ T5930] pwc: recv_control_msg error -71 req 02 val 2100 [ 786.342389][ T5930] pwc: recv_control_msg error -71 req 04 val 1500 [ 786.368641][ T5930] pwc: recv_control_msg error -71 req 02 val 2500 [ 786.376244][ T36] hsr_slave_0: left promiscuous mode [ 786.402809][ T36] hsr_slave_1: left promiscuous mode [ 786.443999][ T5930] pwc: recv_control_msg error -71 req 02 val 2400 [ 786.444890][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 786.465578][ T5930] pwc: recv_control_msg error -71 req 02 val 2600 [ 786.481978][ T5930] pwc: recv_control_msg error -71 req 02 val 2900 [ 786.502368][ T5930] pwc: recv_control_msg error -71 req 02 val 2800 [ 786.514756][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 786.520587][ T5930] pwc: recv_control_msg error -71 req 04 val 1100 [ 786.531848][ T5930] pwc: recv_control_msg error -71 req 04 val 1200 [ 786.570354][ T5930] pwc: Registered as video103. [ 786.614976][ T5930] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input26 [ 786.668304][ T5930] usb 6-1: USB disconnect, device number 8 [ 787.728830][T10408] loop5: detected capacity change from 0 to 32768 [ 788.201745][T10408] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.928 (10408) [ 789.530603][T10412] loop2: detected capacity change from 0 to 32768 [ 789.569280][T10408] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 789.579536][T10408] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 789.588379][T10408] BTRFS info (device loop5): disk space caching is enabled [ 789.595628][T10408] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 789.614462][T10412] BTRFS: device /dev/loop2 (7:2) using temp-fsid 594f0d16-e6b5-41e5-8521-229868d9592d [ 789.625206][T10412] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.926 (10412) [ 789.646457][T10412] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 789.656660][T10412] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 789.666088][T10412] BTRFS info (device loop2): disk space caching is enabled [ 789.673297][T10412] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 789.913569][T10408] BTRFS info (device loop5): rebuilding free space tree [ 789.992197][T10408] BTRFS info (device loop5): disabling free space tree [ 789.999295][T10408] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 790.009043][T10408] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 790.030207][T10412] BTRFS info (device loop2): rebuilding free space tree [ 790.125172][T10412] BTRFS info (device loop2): disabling free space tree [ 790.132157][T10412] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 790.141987][T10412] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 791.473127][T10454] loop1: detected capacity change from 0 to 32768 [ 792.553939][T10454] [ 792.553939][T10454] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 792.553939][T10454] [ 792.635858][T10454] [ 792.635858][T10454] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 792.635858][T10454] [ 792.646521][T10454] [ 792.646521][T10454] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 792.646521][T10454] [ 792.657090][T10454] [ 792.657090][T10454] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 792.657090][T10454] [ 792.667781][T10454] [ 792.667781][T10454] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 792.667781][T10454] [ 792.678886][T10454] [ 792.678886][T10454] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 792.678886][T10454] [ 792.998027][ T111] [ 792.998027][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 792.998027][ T111] [ 793.223077][ T76] [ 793.223077][ T76] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 793.223077][ T76] [ 793.237794][ T5841] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 793.250530][ T36] team0 (unregistering): Port device team_slave_1 removed [ 793.260079][ T5847] BTRFS info (device loop2): last unmount of filesystem 594f0d16-e6b5-41e5-8521-229868d9592d [ 793.283500][ T76] [ 793.283500][ T76] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 793.283500][ T76] [ 793.345519][ T110] [ 793.345519][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 793.345519][ T110] [ 793.360210][ T5844] [ 793.360210][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 793.360210][ T5844] [ 793.415448][ T5844] [ 793.415448][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 793.415448][ T5844] [ 793.644055][ T5852] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 793.654590][ T5852] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 793.690856][ T36] team0 (unregistering): Port device team_slave_0 removed [ 793.744880][ T5852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 793.835588][ T5852] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 793.846456][ T5852] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 795.808539][T10475] Zero length message leads to an empty skb [ 796.285921][ T5852] Bluetooth: hci4: command tx timeout [ 797.845165][T10485] netlink: 60 bytes leftover after parsing attributes in process `syz.5.937'. [ 798.315924][ T5852] Bluetooth: hci4: command tx timeout [ 798.683861][ T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 798.857841][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 798.931023][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 798.999879][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.476729][ T10] usb 2-1: config 0 descriptor?? [ 799.487628][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 799.898769][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 799.907563][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 799.941508][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 799.961974][T10311] bridge0: port 1(bridge_slave_0) entered blocking state [ 799.964557][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 799.988996][T10311] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.002191][T10311] bridge_slave_0: entered allmulticast mode [ 800.025653][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 800.029234][T10311] bridge_slave_0: entered promiscuous mode [ 800.047792][T10311] bridge0: port 2(bridge_slave_1) entered blocking state [ 800.060709][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 800.064465][T10311] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.080919][T10311] bridge_slave_1: entered allmulticast mode [ 800.091393][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 800.130325][T10311] bridge_slave_1: entered promiscuous mode [ 800.134731][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 800.159265][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 800.169629][ T10] pwc: recv_control_msg error -32 req 02 val 2500 [ 800.181708][ T10] pwc: recv_control_msg error -32 req 02 val 2400 [ 800.193518][ T10] pwc: recv_control_msg error -32 req 02 val 2600 [ 800.205337][ T10] pwc: recv_control_msg error -32 req 02 val 2900 [ 800.222324][ T10] pwc: recv_control_msg error -32 req 02 val 2800 [ 800.429005][ T5852] Bluetooth: hci4: command tx timeout [ 800.517472][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 800.600313][ T10] pwc: Registered as video103. [ 800.641716][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input27 [ 800.724125][ T10] usb 2-1: USB disconnect, device number 8 [ 801.189697][T10509] netlink: 60 bytes leftover after parsing attributes in process `syz.5.941'. [ 801.998411][T10311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 802.071064][T10311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 802.573880][ T5852] Bluetooth: hci4: command tx timeout [ 804.605038][T10520] loop1: detected capacity change from 0 to 32768 [ 805.226439][T10520] [ 805.226439][T10520] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 805.226439][T10520] [ 805.323320][T10520] [ 805.323320][T10520] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 805.323320][T10520] [ 805.334817][T10520] [ 805.334817][T10520] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 805.334817][T10520] [ 805.345990][T10520] [ 805.345990][T10520] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 805.345990][T10520] [ 805.356575][T10520] [ 805.356575][T10520] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 805.356575][T10520] [ 805.367205][T10520] [ 805.367205][T10520] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 805.367205][T10520] [ 805.719958][ T111] [ 805.719958][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 805.719958][ T111] [ 806.004806][ T6299] [ 806.004806][ T6299] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 806.004806][ T6299] [ 806.297560][ T6299] [ 806.297560][ T6299] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 806.297560][ T6299] [ 806.300900][T10527] loop3: detected capacity change from 0 to 64 [ 806.362421][ T111] [ 806.362421][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 806.362421][ T111] [ 806.407587][ T5844] [ 806.407587][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 806.407587][ T5844] [ 806.445033][ T5844] [ 806.445033][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 806.445033][ T5844] [ 808.437882][T10543] loop2: detected capacity change from 0 to 64 [ 808.571894][T10311] team0: Port device team_slave_0 added [ 810.002885][T10556] netlink: 16 bytes leftover after parsing attributes in process `syz.1.952'. [ 810.466753][T10311] team0: Port device team_slave_1 added [ 810.942429][T10562] netlink: 60 bytes leftover after parsing attributes in process `syz.2.953'. [ 810.952055][ T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 811.767719][T10311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 811.776111][T10311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 811.820491][T10311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 811.974308][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 812.008097][ T10] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 812.035341][T10567] netlink: 16 bytes leftover after parsing attributes in process `syz.5.956'. [ 812.188051][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.466903][T10311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 812.479897][ T10] usb 4-1: config 0 descriptor?? [ 812.518583][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 812.524909][T10311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 812.525013][T10311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 812.864129][T10311] hsr_slave_0: entered promiscuous mode [ 812.880046][T10311] hsr_slave_1: entered promiscuous mode [ 812.886893][T10311] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 812.895091][T10311] Cannot create hsr debugfs directory [ 812.920982][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 812.935028][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 812.956845][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 812.968532][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 812.992112][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 813.008062][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 813.061060][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 813.095535][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 813.113731][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 813.162031][ T10] pwc: recv_control_msg error -32 req 02 val 2500 [ 813.207067][ T10] pwc: recv_control_msg error -32 req 02 val 2400 [ 813.242305][ T10] pwc: recv_control_msg error -32 req 02 val 2600 [ 813.271334][ T10] pwc: recv_control_msg error -32 req 02 val 2900 [ 813.284863][ T10] pwc: recv_control_msg error -32 req 02 val 2800 [ 813.503722][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 813.562021][ T10] pwc: Registered as video103. [ 813.757017][T10579] netlink: 60 bytes leftover after parsing attributes in process `syz.5.957'. [ 814.527931][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input28 [ 814.720671][ T10] usb 4-1: USB disconnect, device number 10 [ 815.143274][T10587] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 816.935946][T10456] chnl_net:caif_netlink_parms(): no params data found [ 818.289292][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 818.313482][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 819.385820][T10595] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 820.391305][ T36] bridge_slave_1: left allmulticast mode [ 820.397905][ T36] bridge_slave_1: left promiscuous mode [ 820.534120][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 820.689681][ T36] bridge_slave_0: left allmulticast mode [ 820.734805][ T36] bridge_slave_0: left promiscuous mode [ 820.768400][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 822.266848][T10622] loop2: detected capacity change from 0 to 64 [ 824.992347][T10641] loop5: detected capacity change from 0 to 64 [ 826.479466][T10649] loop3: detected capacity change from 0 to 32768 [ 826.533982][T10649] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.968 (10649) [ 826.950884][T10649] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 826.961153][T10649] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 826.969996][T10649] BTRFS info (device loop3): disk space caching is enabled [ 826.977223][T10649] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 827.316787][T10649] BTRFS info (device loop3): rebuilding free space tree [ 827.341724][T10649] BTRFS info (device loop3): disabling free space tree [ 827.349254][T10649] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 827.359186][T10649] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 828.106964][ T5850] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 829.423851][ T3089] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 829.485844][T10690] slcan: can't register candev [ 829.511730][T10690] Falling back ldisc for ttyS3. [ 829.705266][ T3089] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 829.752516][ T3089] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 829.800477][ T3089] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.858791][ T3089] usb 4-1: config 0 descriptor?? [ 829.892838][ T3089] pwc: Askey VC010 type 2 USB webcam detected. [ 830.295653][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 830.312232][ T3089] pwc: recv_control_msg error -32 req 02 val 2b00 [ 830.346790][ T3089] pwc: recv_control_msg error -32 req 02 val 2700 [ 830.361404][ T5842] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 830.373443][ T5842] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 830.381773][ T5842] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 830.389951][ T5842] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 830.412702][ T3089] pwc: recv_control_msg error -32 req 02 val 2c00 [ 830.422231][ T5842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 830.431855][ T3089] pwc: recv_control_msg error -32 req 04 val 1000 [ 830.444696][ T3089] pwc: recv_control_msg error -32 req 04 val 1300 [ 830.456484][ T3089] pwc: recv_control_msg error -32 req 04 val 1400 [ 830.469411][ T3089] pwc: recv_control_msg error -32 req 02 val 2000 [ 830.480451][ T3089] pwc: recv_control_msg error -32 req 02 val 2100 [ 830.499714][ T3089] pwc: recv_control_msg error -32 req 04 val 1500 [ 830.509474][ T3089] pwc: recv_control_msg error -32 req 02 val 2500 [ 830.573734][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 830.632520][ T3089] pwc: recv_control_msg error -32 req 02 val 2400 [ 830.658448][ T36] bond0 (unregistering): Released all slaves [ 830.676718][ T3089] pwc: recv_control_msg error -32 req 02 val 2600 [ 830.701164][ T3089] pwc: recv_control_msg error -32 req 02 val 2900 [ 830.764767][ T3089] pwc: recv_control_msg error -32 req 02 val 2800 [ 831.034391][ T3089] pwc: recv_control_msg error -71 req 04 val 1200 [ 831.100588][ T3089] pwc: Registered as video103. [ 831.192809][ T3089] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input29 [ 831.283902][ T3089] usb 4-1: USB disconnect, device number 11 [ 831.874146][ T36] hsr_slave_0: left promiscuous mode [ 831.978353][ T36] hsr_slave_1: left promiscuous mode [ 832.084731][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 832.450533][T10718] netlink: 60 bytes leftover after parsing attributes in process `syz.2.976'. [ 832.572517][ T5852] Bluetooth: hci6: command tx timeout [ 833.214903][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 834.634061][ T5852] Bluetooth: hci6: command tx timeout [ 834.886034][T10728] loop3: detected capacity change from 0 to 128 [ 834.929859][T10728] EXT4-fs (loop3): Test dummy encryption mode enabled [ 834.933528][T10730] loop1: detected capacity change from 0 to 64 [ 835.004088][T10728] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal [ 836.664646][T10735] loop2: detected capacity change from 0 to 32768 [ 836.713995][ T5852] Bluetooth: hci6: command tx timeout [ 836.796808][T10735] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.981 (10735) [ 837.400782][ T36] team0 (unregistering): Port device team_slave_1 removed [ 837.695869][T10735] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 837.706093][T10735] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 837.714927][T10735] BTRFS info (device loop2): disk space caching is enabled [ 837.722157][T10735] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 837.808613][T10742] netlink: 60 bytes leftover after parsing attributes in process `syz.1.982'. [ 838.607039][T10735] BTRFS info (device loop2): rebuilding free space tree [ 838.650219][T10735] BTRFS info (device loop2): disabling free space tree [ 838.657317][T10735] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 838.667094][T10735] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 838.793945][ T5852] Bluetooth: hci6: command tx timeout [ 838.914141][ T36] team0 (unregistering): Port device team_slave_0 removed [ 840.807486][ T5847] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 842.858893][T10787] slcan: can't register candev [ 842.864217][T10787] Falling back ldisc for ttyS3. [ 843.228785][T10794] loop5: detected capacity change from 0 to 64 [ 843.318810][ T30] audit: type=1326 audit(1752251227.632:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 844.633916][ T30] audit: type=1326 audit(1752251227.662:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 844.657338][ T30] audit: type=1326 audit(1752251227.662:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 844.680038][ T30] audit: type=1326 audit(1752251227.662:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 844.993142][ T30] audit: type=1326 audit(1752251227.672:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 845.248814][ T30] audit: type=1326 audit(1752251227.672:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 845.271125][ C1] vkms_vblank_simulate: vblank timer overrun [ 845.321996][ T30] audit: type=1326 audit(1752251227.672:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 845.344925][ T30] audit: type=1326 audit(1752251227.672:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 845.367587][ T30] audit: type=1326 audit(1752251227.672:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 845.400981][ T30] audit: type=1326 audit(1752251227.672:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.1.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d5c58e929 code=0x7ffc0000 [ 845.729616][T10809] netlink: 60 bytes leftover after parsing attributes in process `syz.3.995'. [ 846.677248][T10813] loop5: detected capacity change from 0 to 128 [ 846.728593][T10813] EXT4-fs (loop5): Test dummy encryption mode enabled [ 846.815992][T10813] EXT4-fs (loop5): can't mount with data_err=abort, fs mounted w/o journal [ 846.870982][T10815] loop3: detected capacity change from 0 to 512 [ 846.970914][T10815] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 847.188148][T10815] ext4 filesystem being mounted at /241/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 848.786805][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 849.257120][T10456] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg2": -EINTR [ 850.778859][T10839] loop2: detected capacity change from 0 to 512 [ 851.095440][T10839] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 851.153963][T10839] ext4 filesystem being mounted at /250/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 851.285707][T10702] chnl_net:caif_netlink_parms(): no params data found [ 853.041190][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 854.435381][T10862] slcan: can't register candev [ 854.440507][T10862] Falling back ldisc for ttyS3. [ 856.449640][T10883] loop1: detected capacity change from 0 to 8 [ 856.616154][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 856.660372][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 856.726794][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 856.881295][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 856.891043][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 858.890801][T10702] bridge0: port 1(bridge_slave_0) entered blocking state [ 858.910633][T10702] bridge0: port 1(bridge_slave_0) entered disabled state [ 858.919369][T10702] bridge_slave_0: entered allmulticast mode [ 858.927703][T10702] bridge_slave_0: entered promiscuous mode [ 858.940049][ T36] bridge_slave_1: left allmulticast mode [ 858.998482][ T36] bridge_slave_1: left promiscuous mode [ 859.022220][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 859.093973][ T36] bridge_slave_0: left allmulticast mode [ 859.123197][ T36] bridge_slave_0: left promiscuous mode [ 859.166516][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 859.194233][ T5842] Bluetooth: hci2: command tx timeout [ 860.475878][T10908] loop3: detected capacity change from 0 to 8 [ 861.286536][ T5842] Bluetooth: hci2: command tx timeout [ 862.831261][ T36] bond0 (unregistering): Released all slaves [ 863.353928][ T5842] Bluetooth: hci2: command tx timeout [ 863.573423][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 863.629998][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 863.669636][ T36] bond0 (unregistering): Released all slaves [ 863.692448][T10702] bridge0: port 2(bridge_slave_1) entered blocking state [ 863.781087][T10702] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.789852][T10702] bridge_slave_1: entered allmulticast mode [ 864.108644][T10702] bridge_slave_1: entered promiscuous mode [ 864.353334][ T36] hsr_slave_0: left promiscuous mode [ 864.362281][ T36] hsr_slave_1: left promiscuous mode [ 864.373102][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 864.419256][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 865.433892][ T5842] Bluetooth: hci2: command tx timeout [ 866.189053][ T36] team0 (unregistering): Port device team_slave_1 removed [ 866.247620][ T36] team0 (unregistering): Port device team_slave_0 removed [ 866.629549][T10934] slcan: can't register candev [ 866.634737][T10934] Falling back ldisc for ttyS3. [ 866.957627][T10702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 866.984175][T10940] loop3: detected capacity change from 0 to 8 [ 867.009227][T10702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 867.374788][T10702] team0: Port device team_slave_0 added [ 867.396189][T10702] team0: Port device team_slave_1 added [ 868.407712][T10702] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 868.501398][T10702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 868.535801][T10702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 868.656496][T10702] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 868.663488][T10702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 868.806550][T10702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 869.167928][T10702] hsr_slave_0: entered promiscuous mode [ 869.203917][T10702] hsr_slave_1: entered promiscuous mode [ 869.255049][T10702] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 869.292587][T10702] Cannot create hsr debugfs directory [ 871.474537][T10970] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1025'. [ 872.305084][T10966] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 873.304299][T10974] loop5: detected capacity change from 0 to 32768 [ 873.314061][T10974] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1029 (10974) [ 873.387577][T10974] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 873.398037][T10974] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 873.406889][T10974] BTRFS info (device loop5): disk space caching is enabled [ 873.414157][T10974] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 874.389302][T10974] BTRFS info (device loop5): rebuilding free space tree [ 874.438060][T10974] BTRFS info (device loop5): disabling free space tree [ 874.445076][T10974] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 874.455576][T10974] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 875.304955][ T5841] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 878.619201][T10884] chnl_net:caif_netlink_parms(): no params data found [ 879.680478][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 879.687260][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 881.208128][T10884] bridge0: port 1(bridge_slave_0) entered blocking state [ 881.273984][T10884] bridge0: port 1(bridge_slave_0) entered disabled state [ 881.654302][T10884] bridge_slave_0: entered allmulticast mode [ 881.747904][T10884] bridge_slave_0: entered promiscuous mode [ 882.967695][T10884] bridge0: port 2(bridge_slave_1) entered blocking state [ 883.306085][T10884] bridge0: port 2(bridge_slave_1) entered disabled state [ 883.372494][T10884] bridge_slave_1: entered allmulticast mode [ 883.520929][T11038] loop2: detected capacity change from 0 to 32768 [ 884.047658][T11038] [ 884.047658][T11038] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.047658][T11038] [ 884.231226][T11038] [ 884.231226][T11038] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.231226][T11038] [ 884.241816][T11038] [ 884.241816][T11038] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.241816][T11038] [ 884.252437][T11038] [ 884.252437][T11038] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.252437][T11038] [ 884.263013][T11038] [ 884.263013][T11038] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.263013][T11038] [ 884.273600][T11038] [ 884.273600][T11038] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.273600][T11038] [ 884.426779][T11041] fuse: Bad value for 'fd' [ 884.480943][T10884] bridge_slave_1: entered promiscuous mode [ 884.644200][ T110] [ 884.644200][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.644200][ T110] [ 884.907500][ T2857] [ 884.907500][ T2857] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.907500][ T2857] [ 884.949826][ T2857] [ 884.949826][ T2857] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 884.949826][ T2857] [ 885.077351][ T110] [ 885.077351][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 885.077351][ T110] [ 885.464193][T11042] [ 885.464193][T11042] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 885.464193][T11042] [ 885.518385][ T5847] [ 885.518385][ T5847] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 885.518385][ T5847] [ 885.588843][ T5847] [ 885.588843][ T5847] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 885.588843][ T5847] [ 885.617374][T10884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 885.734095][T10884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 886.497438][T11048] can0: slcan on ttyS3. [ 887.854396][T10884] team0: Port device team_slave_0 added [ 888.589850][T10884] team0: Port device team_slave_1 added [ 888.636400][T11051] can0 (unregistered): slcan off ttyS3. [ 889.449034][T10702] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 889.822394][T10884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 889.844385][T10884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 889.948020][T10884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 890.024942][T10884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 890.062474][T10884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 890.163928][T10884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 890.432845][T10884] hsr_slave_0: entered promiscuous mode [ 890.460086][T10884] hsr_slave_1: entered promiscuous mode [ 890.482788][T10884] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 890.513806][T10884] Cannot create hsr debugfs directory [ 891.869586][T11096] loop5: detected capacity change from 0 to 64 [ 893.287851][T11108] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1050'. [ 893.964963][ T5852] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 893.981323][ T5852] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 893.993275][ T5852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 894.013276][ T5852] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 894.024137][ T5852] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 894.141253][T11114] loop3: detected capacity change from 0 to 64 [ 895.672550][ T36] bridge_slave_1: left allmulticast mode [ 895.742075][ T36] bridge_slave_1: left promiscuous mode [ 895.758438][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 895.787251][ T36] bridge_slave_0: left allmulticast mode [ 895.800747][ T36] bridge_slave_0: left promiscuous mode [ 895.816874][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 896.074422][ T5842] Bluetooth: hci4: command tx timeout [ 896.323523][T11128] loop5: detected capacity change from 0 to 512 [ 896.750925][T11128] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 896.976502][T11128] ext4 filesystem being mounted at /266/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 897.146629][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 898.154035][ T5842] Bluetooth: hci4: command tx timeout [ 898.555122][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 898.601388][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 898.700914][ T36] bond0 (unregistering): Released all slaves [ 900.582409][ T5842] Bluetooth: hci4: command tx timeout [ 900.649438][T11146] loop2: detected capacity change from 0 to 32768 [ 900.701778][T11146] [ 900.701778][T11146] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 900.701778][T11146] [ 900.761671][T11146] [ 900.761671][T11146] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 900.761671][T11146] [ 900.773569][T11146] [ 900.773569][T11146] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 900.773569][T11146] [ 900.784250][T11146] [ 900.784250][T11146] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 900.784250][T11146] [ 900.794966][T11146] [ 900.794966][T11146] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 900.794966][T11146] [ 900.805711][T11146] [ 900.805711][T11146] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 900.805711][T11146] [ 900.981527][ T110] [ 900.981527][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 900.981527][ T110] [ 901.154390][ T2857] [ 901.154390][ T2857] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 901.154390][ T2857] [ 901.185201][ T2857] [ 901.185201][ T2857] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 901.185201][ T2857] [ 901.208179][ T5847] [ 901.208179][ T5847] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 901.208179][ T5847] [ 901.230224][ T5847] [ 901.230224][ T5847] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 901.230224][ T5847] [ 901.611885][ T111] ================================================================== [ 901.620014][ T111] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60 [ 901.628226][ T111] Read of size 1 at addr ffff888076d4a0d8 by task jfsCommit/111 [ 901.635878][ T111] [ 901.638220][ T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 901.638268][ T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 901.638290][ T111] Call Trace: [ 901.638302][ T111] [ 901.638315][ T111] dump_stack_lvl+0x116/0x1f0 [ 901.638373][ T111] print_report+0xcd/0x680 [ 901.638418][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 901.638462][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 901.638506][ T111] ? __phys_addr+0xe8/0x180 [ 901.638551][ T111] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 901.638600][ T111] kasan_report+0xe0/0x110 [ 901.638645][ T111] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 901.638698][ T111] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 901.638747][ T111] __kasan_check_byte+0x36/0x50 [ 901.638793][ T111] lock_acquire+0xfc/0x350 [ 901.638826][ T111] ? __pfx_osq_unlock+0x10/0x10 [ 901.638868][ T111] ? __mutex_lock+0x91e/0xb90 [ 901.638923][ T111] _raw_spin_lock_irqsave+0x3a/0x60 [ 901.638971][ T111] ? __mutex_lock+0x28e/0xb90 [ 901.639027][ T111] __mutex_lock+0x28e/0xb90 [ 901.639091][ T111] ? __lock_acquire+0xb8a/0x1c90 [ 901.639148][ T111] ? jfs_syncpt+0x2a/0xa0 [ 901.639191][ T111] ? __pfx___mutex_lock+0x10/0x10 [ 901.639250][ T111] ? do_raw_spin_lock+0x12c/0x2b0 [ 901.639295][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 901.639339][ T111] ? find_held_lock+0x2b/0x80 [ 901.639388][ T111] ? jfs_syncpt+0x2a/0xa0 [ 901.639428][ T111] jfs_syncpt+0x2a/0xa0 [ 901.639469][ T111] txEnd+0x30a/0x5a0 [ 901.639513][ T111] jfs_lazycommit+0x783/0xb30 [ 901.639566][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 901.639614][ T111] ? __pfx_default_wake_function+0x10/0x10 [ 901.639664][ T111] ? lockdep_hardirqs_on+0x7c/0x110 [ 901.639717][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 901.639761][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 901.639805][ T111] ? __kthread_parkme+0x19e/0x250 [ 901.639859][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 901.639907][ T111] kthread+0x3c5/0x780 [ 901.639941][ T111] ? __pfx_kthread+0x10/0x10 [ 901.639977][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 901.640020][ T111] ? rcu_is_watching+0x12/0xc0 [ 901.640074][ T111] ? __pfx_kthread+0x10/0x10 [ 901.640109][ T111] ret_from_fork+0x5d7/0x6f0 [ 901.640164][ T111] ? __pfx_kthread+0x10/0x10 [ 901.640199][ T111] ret_from_fork_asm+0x1a/0x30 [ 901.640251][ T111] [ 901.640264][ T111] [ 901.873517][ T111] Allocated by task 11146: [ 901.877945][ T111] kasan_save_stack+0x33/0x60 [ 901.882658][ T111] kasan_save_track+0x14/0x30 [ 901.887369][ T111] __kasan_kmalloc+0xaa/0xb0 [ 901.891989][ T111] lmLogOpen+0x571/0x1400 [ 901.896357][ T111] jfs_mount_rw+0x2e9/0x6f0 [ 901.900887][ T111] jfs_fill_super+0xc64/0x1060 [ 901.905695][ T111] get_tree_bdev_flags+0x38c/0x620 [ 901.910841][ T111] vfs_get_tree+0x8e/0x340 [ 901.915306][ T111] path_mount+0x1414/0x2020 [ 901.919848][ T111] __x64_sys_mount+0x28d/0x310 [ 901.924650][ T111] do_syscall_64+0xcd/0x4c0 [ 901.929202][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 901.935121][ T111] [ 901.937455][ T111] Freed by task 5847: [ 901.941445][ T111] kasan_save_stack+0x33/0x60 [ 901.946150][ T111] kasan_save_track+0x14/0x30 [ 901.950855][ T111] kasan_save_free_info+0x3b/0x60 [ 901.955924][ T111] __kasan_slab_free+0x51/0x70 [ 901.960716][ T111] kfree+0x2b4/0x4d0 [ 901.964629][ T111] lmLogClose+0x585/0x710 [ 901.968990][ T111] jfs_umount+0x2f0/0x440 [ 901.973363][ T111] jfs_put_super+0x88/0x1d0 [ 901.977923][ T111] generic_shutdown_super+0x156/0x390 [ 901.983339][ T111] kill_block_super+0x3b/0x90 [ 901.988067][ T111] deactivate_locked_super+0xc1/0x1a0 [ 901.993465][ T111] deactivate_super+0xde/0x100 [ 901.998255][ T111] cleanup_mnt+0x225/0x450 [ 902.002697][ T111] task_work_run+0x150/0x240 [ 902.007313][ T111] exit_to_user_mode_loop+0xeb/0x110 [ 902.012631][ T111] do_syscall_64+0x3f6/0x4c0 [ 902.017270][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.023191][ T111] [ 902.025523][ T111] The buggy address belongs to the object at ffff888076d4a000 [ 902.025523][ T111] which belongs to the cache kmalloc-1k of size 1024 [ 902.039600][ T111] The buggy address is located 216 bytes inside of [ 902.039600][ T111] freed 1024-byte region [ffff888076d4a000, ffff888076d4a400) [ 902.053507][ T111] [ 902.055839][ T111] The buggy address belongs to the physical page: [ 902.062259][ T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76d48 [ 902.071044][ T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 902.079565][ T111] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 902.087132][ T111] page_type: f5(slab) [ 902.091138][ T111] raw: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 902.099747][ T111] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 902.108360][ T111] head: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 902.117063][ T111] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 902.125763][ T111] head: 00fff00000000003 ffffea0001db5201 00000000ffffffff 00000000ffffffff [ 902.134459][ T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 902.143341][ T111] page dumped because: kasan: bad access detected [ 902.149765][ T111] page_owner tracks the page as allocated [ 902.155486][ T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5809, tgid 5809 (dhcpcd-run-hook), ts 87719121846, free_ts 87652814167 [ 902.177327][ T111] post_alloc_hook+0x1c0/0x230 [ 902.182120][ T111] get_page_from_freelist+0x1321/0x3890 [ 902.187700][ T111] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 902.193628][ T111] alloc_pages_mpol+0x1fb/0x550 [ 902.198513][ T111] new_slab+0x23b/0x330 [ 902.202715][ T111] ___slab_alloc+0xd9c/0x1940 [ 902.207438][ T111] __slab_alloc.constprop.0+0x56/0xb0 [ 902.212835][ T111] __kmalloc_noprof+0x2f2/0x510 [ 902.217713][ T111] load_elf_phdrs+0x102/0x210 [ 902.222419][ T111] load_elf_binary+0x14c1/0x4f00 [ 902.227388][ T111] bprm_execve+0x8c3/0x1650 [ 902.231919][ T111] do_execveat_common.isra.0+0x4a5/0x610 [ 902.237582][ T111] __x64_sys_execve+0x8e/0xb0 [ 902.242289][ T111] do_syscall_64+0xcd/0x4c0 [ 902.246837][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.252757][ T111] page last free pid 5806 tgid 5806 stack trace: [ 902.259099][ T111] __free_frozen_pages+0x7fe/0x1180 [ 902.264345][ T111] __put_partials+0x16d/0x1c0 [ 902.269051][ T111] qlist_free_all+0x4d/0x120 [ 902.273665][ T111] kasan_quarantine_reduce+0x195/0x1e0 [ 902.279153][ T111] __kasan_slab_alloc+0x69/0x90 [ 902.284043][ T111] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 902.289531][ T111] getname_flags.part.0+0x4c/0x550 [ 902.294688][ T111] getname_flags+0x93/0xf0 [ 902.299129][ T111] do_sys_openat2+0xb8/0x1d0 [ 902.303758][ T111] __x64_sys_openat+0x174/0x210 [ 902.308665][ T111] do_syscall_64+0xcd/0x4c0 [ 902.313214][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.319135][ T111] [ 902.321474][ T111] Memory state around the buggy address: [ 902.327118][ T111] ffff888076d49f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 902.335202][ T111] ffff888076d4a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 902.343286][ T111] >ffff888076d4a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 902.351371][ T111] ^ [ 902.358321][ T111] ffff888076d4a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 902.366409][ T111] ffff888076d4a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 902.374487][ T111] ================================================================== [ 902.382560][ T111] Disabling lock debugging due to kernel taint [ 902.388718][ T111] ================================================================== [ 902.396792][ T111] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 [ 902.404635][ T111] Read of size 4 at addr ffff888076d4a0c4 by task jfsCommit/111 [ 902.412291][ T111] [ 902.414640][ T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G B 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 902.414698][ T111] Tainted: [B]=BAD_PAGE [ 902.414711][ T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 902.414734][ T111] Call Trace: [ 902.414747][ T111] [ 902.414760][ T111] dump_stack_lvl+0x116/0x1f0 [ 902.414818][ T111] print_report+0xcd/0x680 [ 902.414863][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 902.414909][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 902.414953][ T111] ? __phys_addr+0xe8/0x180 [ 902.414999][ T111] ? do_raw_spin_lock+0x26f/0x2b0 [ 902.415049][ T111] kasan_report+0xe0/0x110 [ 902.415095][ T111] ? do_raw_spin_lock+0x26f/0x2b0 [ 902.415140][ T111] ? __mutex_lock+0x91e/0xb90 [ 902.415201][ T111] do_raw_spin_lock+0x26f/0x2b0 [ 902.415242][ T111] ? __kasan_check_byte+0x36/0x50 [ 902.415286][ T111] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 902.415327][ T111] ? lock_acquire+0xfc/0x350 [ 902.415359][ T111] ? __pfx_osq_unlock+0x10/0x10 [ 902.415401][ T111] ? __mutex_lock+0x91e/0xb90 [ 902.415455][ T111] _raw_spin_lock_irqsave+0x42/0x60 [ 902.415505][ T111] ? __mutex_lock+0x28e/0xb90 [ 902.415560][ T111] __mutex_lock+0x28e/0xb90 [ 902.415617][ T111] ? __lock_acquire+0xb8a/0x1c90 [ 902.415674][ T111] ? jfs_syncpt+0x2a/0xa0 [ 902.415717][ T111] ? __pfx___mutex_lock+0x10/0x10 [ 902.415775][ T111] ? do_raw_spin_lock+0x12c/0x2b0 [ 902.415820][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 902.415865][ T111] ? find_held_lock+0x2b/0x80 [ 902.415915][ T111] ? jfs_syncpt+0x2a/0xa0 [ 902.415954][ T111] jfs_syncpt+0x2a/0xa0 [ 902.415999][ T111] txEnd+0x30a/0x5a0 [ 902.416048][ T111] jfs_lazycommit+0x783/0xb30 [ 902.416100][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 902.416152][ T111] ? __pfx_default_wake_function+0x10/0x10 [ 902.416203][ T111] ? lockdep_hardirqs_on+0x7c/0x110 [ 902.416256][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 902.416301][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 902.416345][ T111] ? __kthread_parkme+0x19e/0x250 [ 902.416400][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 902.416448][ T111] kthread+0x3c5/0x780 [ 902.416484][ T111] ? __pfx_kthread+0x10/0x10 [ 902.416520][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 902.416564][ T111] ? rcu_is_watching+0x12/0xc0 [ 902.416612][ T111] ? __pfx_kthread+0x10/0x10 [ 902.416648][ T111] ret_from_fork+0x5d7/0x6f0 [ 902.416703][ T111] ? __pfx_kthread+0x10/0x10 [ 902.416738][ T111] ret_from_fork_asm+0x1a/0x30 [ 902.416790][ T111] [ 902.416803][ T111] [ 902.665211][ T111] Allocated by task 11146: [ 902.669642][ T111] kasan_save_stack+0x33/0x60 [ 902.674357][ T111] kasan_save_track+0x14/0x30 [ 902.679069][ T111] __kasan_kmalloc+0xaa/0xb0 [ 902.683693][ T111] lmLogOpen+0x571/0x1400 [ 902.688066][ T111] jfs_mount_rw+0x2e9/0x6f0 [ 902.692601][ T111] jfs_fill_super+0xc64/0x1060 [ 902.697416][ T111] get_tree_bdev_flags+0x38c/0x620 [ 902.702559][ T111] vfs_get_tree+0x8e/0x340 [ 902.707026][ T111] path_mount+0x1414/0x2020 [ 902.711572][ T111] __x64_sys_mount+0x28d/0x310 [ 902.716409][ T111] do_syscall_64+0xcd/0x4c0 [ 902.720962][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.726886][ T111] [ 902.729219][ T111] Freed by task 5847: [ 902.733212][ T111] kasan_save_stack+0x33/0x60 [ 902.737919][ T111] kasan_save_track+0x14/0x30 [ 902.742628][ T111] kasan_save_free_info+0x3b/0x60 [ 902.747703][ T111] __kasan_slab_free+0x51/0x70 [ 902.752502][ T111] kfree+0x2b4/0x4d0 [ 902.756417][ T111] lmLogClose+0x585/0x710 [ 902.760779][ T111] jfs_umount+0x2f0/0x440 [ 902.765138][ T111] jfs_put_super+0x88/0x1d0 [ 902.769686][ T111] generic_shutdown_super+0x156/0x390 [ 902.775105][ T111] kill_block_super+0x3b/0x90 [ 902.779830][ T111] deactivate_locked_super+0xc1/0x1a0 [ 902.785260][ T111] deactivate_super+0xde/0x100 [ 902.790055][ T111] cleanup_mnt+0x225/0x450 [ 902.794498][ T111] task_work_run+0x150/0x240 [ 902.799118][ T111] exit_to_user_mode_loop+0xeb/0x110 [ 902.804446][ T111] do_syscall_64+0x3f6/0x4c0 [ 902.809093][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.815022][ T111] [ 902.817369][ T111] The buggy address belongs to the object at ffff888076d4a000 [ 902.817369][ T111] which belongs to the cache kmalloc-1k of size 1024 [ 902.831448][ T111] The buggy address is located 196 bytes inside of [ 902.831448][ T111] freed 1024-byte region [ffff888076d4a000, ffff888076d4a400) [ 902.845359][ T111] [ 902.847699][ T111] The buggy address belongs to the physical page: [ 902.854119][ T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76d48 [ 902.862904][ T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 902.871428][ T111] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 902.878995][ T111] page_type: f5(slab) [ 902.883008][ T111] raw: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 902.891624][ T111] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 902.900235][ T111] head: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 902.908932][ T111] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 902.917631][ T111] head: 00fff00000000003 ffffea0001db5201 00000000ffffffff 00000000ffffffff [ 902.926331][ T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 902.935021][ T111] page dumped because: kasan: bad access detected [ 902.941452][ T111] page_owner tracks the page as allocated [ 902.947176][ T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5809, tgid 5809 (dhcpcd-run-hook), ts 87719121846, free_ts 87652814167 [ 902.968851][ T111] post_alloc_hook+0x1c0/0x230 [ 902.973648][ T111] get_page_from_freelist+0x1321/0x3890 [ 902.979226][ T111] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 902.985158][ T111] alloc_pages_mpol+0x1fb/0x550 [ 902.990058][ T111] new_slab+0x23b/0x330 [ 902.994300][ T111] ___slab_alloc+0xd9c/0x1940 [ 902.999038][ T111] __slab_alloc.constprop.0+0x56/0xb0 [ 903.004436][ T111] __kmalloc_noprof+0x2f2/0x510 [ 903.009319][ T111] load_elf_phdrs+0x102/0x210 [ 903.014040][ T111] load_elf_binary+0x14c1/0x4f00 [ 903.019015][ T111] bprm_execve+0x8c3/0x1650 [ 903.023640][ T111] do_execveat_common.isra.0+0x4a5/0x610 [ 903.029307][ T111] __x64_sys_execve+0x8e/0xb0 [ 903.034018][ T111] do_syscall_64+0xcd/0x4c0 [ 903.038605][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.044540][ T111] page last free pid 5806 tgid 5806 stack trace: [ 903.050888][ T111] __free_frozen_pages+0x7fe/0x1180 [ 903.056143][ T111] __put_partials+0x16d/0x1c0 [ 903.060854][ T111] qlist_free_all+0x4d/0x120 [ 903.065476][ T111] kasan_quarantine_reduce+0x195/0x1e0 [ 903.070974][ T111] __kasan_slab_alloc+0x69/0x90 [ 903.075862][ T111] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 903.081356][ T111] getname_flags.part.0+0x4c/0x550 [ 903.086518][ T111] getname_flags+0x93/0xf0 [ 903.090979][ T111] do_sys_openat2+0xb8/0x1d0 [ 903.095615][ T111] __x64_sys_openat+0x174/0x210 [ 903.100516][ T111] do_syscall_64+0xcd/0x4c0 [ 903.105068][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.110993][ T111] [ 903.113334][ T111] Memory state around the buggy address: [ 903.118978][ T111] ffff888076d49f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 903.127061][ T111] ffff888076d4a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 903.135143][ T111] >ffff888076d4a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 903.143229][ T111] ^ [ 903.149398][ T111] ffff888076d4a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 903.157481][ T111] ffff888076d4a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 903.165557][ T111] ================================================================== [ 903.173628][ T111] ================================================================== [ 903.181699][ T111] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x27f/0x2b0 [ 903.189547][ T111] Read of size 8 at addr ffff888076d4a0d0 by task jfsCommit/111 [ 903.197198][ T111] [ 903.199547][ T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G B 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 903.199605][ T111] Tainted: [B]=BAD_PAGE [ 903.199618][ T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 903.199642][ T111] Call Trace: [ 903.199655][ T111] [ 903.199669][ T111] dump_stack_lvl+0x116/0x1f0 [ 903.199727][ T111] print_report+0xcd/0x680 [ 903.199772][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.199818][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.199862][ T111] ? __phys_addr+0xe8/0x180 [ 903.199908][ T111] ? do_raw_spin_lock+0x27f/0x2b0 [ 903.199954][ T111] kasan_report+0xe0/0x110 [ 903.200000][ T111] ? do_raw_spin_lock+0x27f/0x2b0 [ 903.200046][ T111] ? __mutex_lock+0x91e/0xb90 [ 903.200102][ T111] do_raw_spin_lock+0x27f/0x2b0 [ 903.200143][ T111] ? __kasan_check_byte+0x36/0x50 [ 903.200188][ T111] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 903.200229][ T111] ? lock_acquire+0xfc/0x350 [ 903.200263][ T111] ? __pfx_osq_unlock+0x10/0x10 [ 903.200311][ T111] ? __mutex_lock+0x91e/0xb90 [ 903.200366][ T111] _raw_spin_lock_irqsave+0x42/0x60 [ 903.200416][ T111] ? __mutex_lock+0x28e/0xb90 [ 903.200471][ T111] __mutex_lock+0x28e/0xb90 [ 903.200529][ T111] ? __lock_acquire+0xb8a/0x1c90 [ 903.200586][ T111] ? jfs_syncpt+0x2a/0xa0 [ 903.200630][ T111] ? __pfx___mutex_lock+0x10/0x10 [ 903.200688][ T111] ? do_raw_spin_lock+0x12c/0x2b0 [ 903.200734][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.200779][ T111] ? find_held_lock+0x2b/0x80 [ 903.200828][ T111] ? jfs_syncpt+0x2a/0xa0 [ 903.200868][ T111] jfs_syncpt+0x2a/0xa0 [ 903.200909][ T111] txEnd+0x30a/0x5a0 [ 903.200954][ T111] jfs_lazycommit+0x783/0xb30 [ 903.201006][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 903.201055][ T111] ? __pfx_default_wake_function+0x10/0x10 [ 903.201105][ T111] ? lockdep_hardirqs_on+0x7c/0x110 [ 903.201158][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.201204][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.201248][ T111] ? __kthread_parkme+0x19e/0x250 [ 903.201308][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 903.201357][ T111] kthread+0x3c5/0x780 [ 903.201392][ T111] ? __pfx_kthread+0x10/0x10 [ 903.201428][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.201472][ T111] ? rcu_is_watching+0x12/0xc0 [ 903.201520][ T111] ? __pfx_kthread+0x10/0x10 [ 903.201556][ T111] ret_from_fork+0x5d7/0x6f0 [ 903.201611][ T111] ? __pfx_kthread+0x10/0x10 [ 903.201646][ T111] ret_from_fork_asm+0x1a/0x30 [ 903.201698][ T111] [ 903.201710][ T111] [ 903.450017][ T111] Allocated by task 11146: [ 903.454438][ T111] kasan_save_stack+0x33/0x60 [ 903.459137][ T111] kasan_save_track+0x14/0x30 [ 903.463834][ T111] __kasan_kmalloc+0xaa/0xb0 [ 903.468489][ T111] lmLogOpen+0x571/0x1400 [ 903.472836][ T111] jfs_mount_rw+0x2e9/0x6f0 [ 903.477357][ T111] jfs_fill_super+0xc64/0x1060 [ 903.482150][ T111] get_tree_bdev_flags+0x38c/0x620 [ 903.487293][ T111] vfs_get_tree+0x8e/0x340 [ 903.491741][ T111] path_mount+0x1414/0x2020 [ 903.496265][ T111] __x64_sys_mount+0x28d/0x310 [ 903.501059][ T111] do_syscall_64+0xcd/0x4c0 [ 903.505595][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.511502][ T111] [ 903.513829][ T111] Freed by task 5847: [ 903.517813][ T111] kasan_save_stack+0x33/0x60 [ 903.522504][ T111] kasan_save_track+0x14/0x30 [ 903.527199][ T111] kasan_save_free_info+0x3b/0x60 [ 903.532301][ T111] __kasan_slab_free+0x51/0x70 [ 903.537092][ T111] kfree+0x2b4/0x4d0 [ 903.541044][ T111] lmLogClose+0x585/0x710 [ 903.545400][ T111] jfs_umount+0x2f0/0x440 [ 903.549747][ T111] jfs_put_super+0x88/0x1d0 [ 903.554286][ T111] generic_shutdown_super+0x156/0x390 [ 903.559688][ T111] kill_block_super+0x3b/0x90 [ 903.564395][ T111] deactivate_locked_super+0xc1/0x1a0 [ 903.569899][ T111] deactivate_super+0xde/0x100 [ 903.574700][ T111] cleanup_mnt+0x225/0x450 [ 903.579133][ T111] task_work_run+0x150/0x240 [ 903.583742][ T111] exit_to_user_mode_loop+0xeb/0x110 [ 903.589054][ T111] do_syscall_64+0x3f6/0x4c0 [ 903.593675][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.599585][ T111] [ 903.601957][ T111] The buggy address belongs to the object at ffff888076d4a000 [ 903.601957][ T111] which belongs to the cache kmalloc-1k of size 1024 [ 903.616043][ T111] The buggy address is located 208 bytes inside of [ 903.616043][ T111] freed 1024-byte region [ffff888076d4a000, ffff888076d4a400) [ 903.629946][ T111] [ 903.632268][ T111] The buggy address belongs to the physical page: [ 903.638688][ T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76d48 [ 903.647458][ T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 903.655969][ T111] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 903.663522][ T111] page_type: f5(slab) [ 903.667571][ T111] raw: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 903.676171][ T111] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 903.684777][ T111] head: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 903.693474][ T111] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 903.702160][ T111] head: 00fff00000000003 ffffea0001db5201 00000000ffffffff 00000000ffffffff [ 903.710845][ T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 903.719520][ T111] page dumped because: kasan: bad access detected [ 903.725933][ T111] page_owner tracks the page as allocated [ 903.731644][ T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5809, tgid 5809 (dhcpcd-run-hook), ts 87719121846, free_ts 87652814167 [ 903.753297][ T111] post_alloc_hook+0x1c0/0x230 [ 903.758080][ T111] get_page_from_freelist+0x1321/0x3890 [ 903.763648][ T111] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 903.769566][ T111] alloc_pages_mpol+0x1fb/0x550 [ 903.774441][ T111] new_slab+0x23b/0x330 [ 903.778633][ T111] ___slab_alloc+0xd9c/0x1940 [ 903.783378][ T111] __slab_alloc.constprop.0+0x56/0xb0 [ 903.788762][ T111] __kmalloc_noprof+0x2f2/0x510 [ 903.793633][ T111] load_elf_phdrs+0x102/0x210 [ 903.798338][ T111] load_elf_binary+0x14c1/0x4f00 [ 903.803299][ T111] bprm_execve+0x8c3/0x1650 [ 903.807816][ T111] do_execveat_common.isra.0+0x4a5/0x610 [ 903.813467][ T111] __x64_sys_execve+0x8e/0xb0 [ 903.818166][ T111] do_syscall_64+0xcd/0x4c0 [ 903.822700][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.828608][ T111] page last free pid 5806 tgid 5806 stack trace: [ 903.834938][ T111] __free_frozen_pages+0x7fe/0x1180 [ 903.840172][ T111] __put_partials+0x16d/0x1c0 [ 903.844861][ T111] qlist_free_all+0x4d/0x120 [ 903.849469][ T111] kasan_quarantine_reduce+0x195/0x1e0 [ 903.854976][ T111] __kasan_slab_alloc+0x69/0x90 [ 903.859843][ T111] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 903.865318][ T111] getname_flags.part.0+0x4c/0x550 [ 903.870460][ T111] getname_flags+0x93/0xf0 [ 903.874892][ T111] do_sys_openat2+0xb8/0x1d0 [ 903.879506][ T111] __x64_sys_openat+0x174/0x210 [ 903.884386][ T111] do_syscall_64+0xcd/0x4c0 [ 903.888920][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.894828][ T111] [ 903.897150][ T111] Memory state around the buggy address: [ 903.902782][ T111] ffff888076d49f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 903.910851][ T111] ffff888076d4a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 903.918921][ T111] >ffff888076d4a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 903.926988][ T111] ^ [ 903.933666][ T111] ffff888076d4a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 903.941735][ T111] ffff888076d4a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 903.949802][ T111] ================================================================== [ 903.957862][ T111] ================================================================== [ 903.965921][ T111] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x265/0x2b0 [ 903.973750][ T111] Read of size 4 at addr ffff888076d4a0c8 by task jfsCommit/111 [ 903.981391][ T111] [ 903.983734][ T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G B 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 903.983788][ T111] Tainted: [B]=BAD_PAGE [ 903.983800][ T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 903.983821][ T111] Call Trace: [ 903.983833][ T111] [ 903.983860][ T111] dump_stack_lvl+0x116/0x1f0 [ 903.983911][ T111] print_report+0xcd/0x680 [ 903.983951][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.983990][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.984029][ T111] ? __phys_addr+0xe8/0x180 [ 903.984070][ T111] ? do_raw_spin_lock+0x265/0x2b0 [ 903.984106][ T111] kasan_report+0xe0/0x110 [ 903.984146][ T111] ? do_raw_spin_lock+0x265/0x2b0 [ 903.984188][ T111] ? __mutex_lock+0x91e/0xb90 [ 903.984238][ T111] do_raw_spin_lock+0x265/0x2b0 [ 903.984273][ T111] ? __kasan_check_byte+0x36/0x50 [ 903.984318][ T111] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 903.984354][ T111] ? lock_acquire+0xfc/0x350 [ 903.984381][ T111] ? __pfx_osq_unlock+0x10/0x10 [ 903.984419][ T111] ? __mutex_lock+0x91e/0xb90 [ 903.984466][ T111] _raw_spin_lock_irqsave+0x42/0x60 [ 903.984510][ T111] ? __mutex_lock+0x28e/0xb90 [ 903.984559][ T111] __mutex_lock+0x28e/0xb90 [ 903.984610][ T111] ? __lock_acquire+0xb8a/0x1c90 [ 903.984661][ T111] ? jfs_syncpt+0x2a/0xa0 [ 903.984699][ T111] ? __pfx___mutex_lock+0x10/0x10 [ 903.984751][ T111] ? do_raw_spin_lock+0x12c/0x2b0 [ 903.984790][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.984829][ T111] ? find_held_lock+0x2b/0x80 [ 903.984872][ T111] ? jfs_syncpt+0x2a/0xa0 [ 903.984907][ T111] jfs_syncpt+0x2a/0xa0 [ 903.984943][ T111] txEnd+0x30a/0x5a0 [ 903.984982][ T111] jfs_lazycommit+0x783/0xb30 [ 903.985028][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 903.985073][ T111] ? __pfx_default_wake_function+0x10/0x10 [ 903.985116][ T111] ? lockdep_hardirqs_on+0x7c/0x110 [ 903.985163][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.985205][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.985244][ T111] ? __kthread_parkme+0x19e/0x250 [ 903.985297][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 903.985339][ T111] kthread+0x3c5/0x780 [ 903.985370][ T111] ? __pfx_kthread+0x10/0x10 [ 903.985401][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 903.985440][ T111] ? rcu_is_watching+0x12/0xc0 [ 903.985482][ T111] ? __pfx_kthread+0x10/0x10 [ 903.985513][ T111] ret_from_fork+0x5d7/0x6f0 [ 903.985562][ T111] ? __pfx_kthread+0x10/0x10 [ 903.985593][ T111] ret_from_fork_asm+0x1a/0x30 [ 903.985638][ T111] [ 903.985649][ T111] [ 904.233864][ T111] Allocated by task 11146: [ 904.238285][ T111] kasan_save_stack+0x33/0x60 [ 904.242986][ T111] kasan_save_track+0x14/0x30 [ 904.247679][ T111] __kasan_kmalloc+0xaa/0xb0 [ 904.252292][ T111] lmLogOpen+0x571/0x1400 [ 904.256641][ T111] jfs_mount_rw+0x2e9/0x6f0 [ 904.261163][ T111] jfs_fill_super+0xc64/0x1060 [ 904.265965][ T111] get_tree_bdev_flags+0x38c/0x620 [ 904.271093][ T111] vfs_get_tree+0x8e/0x340 [ 904.275541][ T111] path_mount+0x1414/0x2020 [ 904.280068][ T111] __x64_sys_mount+0x28d/0x310 [ 904.284856][ T111] do_syscall_64+0xcd/0x4c0 [ 904.289392][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 904.295314][ T111] [ 904.297640][ T111] Freed by task 5847: [ 904.301620][ T111] kasan_save_stack+0x33/0x60 [ 904.306318][ T111] kasan_save_track+0x14/0x30 [ 904.311011][ T111] kasan_save_free_info+0x3b/0x60 [ 904.316071][ T111] __kasan_slab_free+0x51/0x70 [ 904.320856][ T111] kfree+0x2b4/0x4d0 [ 904.324761][ T111] lmLogClose+0x585/0x710 [ 904.329108][ T111] jfs_umount+0x2f0/0x440 [ 904.333448][ T111] jfs_put_super+0x88/0x1d0 [ 904.337977][ T111] generic_shutdown_super+0x156/0x390 [ 904.343384][ T111] kill_block_super+0x3b/0x90 [ 904.348120][ T111] deactivate_locked_super+0xc1/0x1a0 [ 904.353508][ T111] deactivate_super+0xde/0x100 [ 904.358291][ T111] cleanup_mnt+0x225/0x450 [ 904.362721][ T111] task_work_run+0x150/0x240 [ 904.367328][ T111] exit_to_user_mode_loop+0xeb/0x110 [ 904.372642][ T111] do_syscall_64+0x3f6/0x4c0 [ 904.377263][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 904.383182][ T111] [ 904.385506][ T111] The buggy address belongs to the object at ffff888076d4a000 [ 904.385506][ T111] which belongs to the cache kmalloc-1k of size 1024 [ 904.399572][ T111] The buggy address is located 200 bytes inside of [ 904.399572][ T111] freed 1024-byte region [ffff888076d4a000, ffff888076d4a400) [ 904.413472][ T111] [ 904.415831][ T111] The buggy address belongs to the physical page: [ 904.422239][ T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76d48 [ 904.431016][ T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 904.439612][ T111] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 904.447166][ T111] page_type: f5(slab) [ 904.451159][ T111] raw: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 904.459758][ T111] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 904.468361][ T111] head: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 904.477047][ T111] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 904.485732][ T111] head: 00fff00000000003 ffffea0001db5201 00000000ffffffff 00000000ffffffff [ 904.494419][ T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 904.503090][ T111] page dumped because: kasan: bad access detected [ 904.509511][ T111] page_owner tracks the page as allocated [ 904.515223][ T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5809, tgid 5809 (dhcpcd-run-hook), ts 87719121846, free_ts 87652814167 [ 904.536889][ T111] post_alloc_hook+0x1c0/0x230 [ 904.541763][ T111] get_page_from_freelist+0x1321/0x3890 [ 904.547334][ T111] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 904.553247][ T111] alloc_pages_mpol+0x1fb/0x550 [ 904.558129][ T111] new_slab+0x23b/0x330 [ 904.562332][ T111] ___slab_alloc+0xd9c/0x1940 [ 904.567045][ T111] __slab_alloc.constprop.0+0x56/0xb0 [ 904.572432][ T111] __kmalloc_noprof+0x2f2/0x510 [ 904.577303][ T111] load_elf_phdrs+0x102/0x210 [ 904.581999][ T111] load_elf_binary+0x14c1/0x4f00 [ 904.586958][ T111] bprm_execve+0x8c3/0x1650 [ 904.591475][ T111] do_execveat_common.isra.0+0x4a5/0x610 [ 904.597157][ T111] __x64_sys_execve+0x8e/0xb0 [ 904.601852][ T111] do_syscall_64+0xcd/0x4c0 [ 904.606390][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 904.612299][ T111] page last free pid 5806 tgid 5806 stack trace: [ 904.618629][ T111] __free_frozen_pages+0x7fe/0x1180 [ 904.623885][ T111] __put_partials+0x16d/0x1c0 [ 904.628580][ T111] qlist_free_all+0x4d/0x120 [ 904.633191][ T111] kasan_quarantine_reduce+0x195/0x1e0 [ 904.638667][ T111] __kasan_slab_alloc+0x69/0x90 [ 904.643537][ T111] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 904.649016][ T111] getname_flags.part.0+0x4c/0x550 [ 904.654332][ T111] getname_flags+0x93/0xf0 [ 904.658762][ T111] do_sys_openat2+0xb8/0x1d0 [ 904.663382][ T111] __x64_sys_openat+0x174/0x210 [ 904.668298][ T111] do_syscall_64+0xcd/0x4c0 [ 904.672834][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 904.678745][ T111] [ 904.681066][ T111] Memory state around the buggy address: [ 904.686705][ T111] ffff888076d49f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 904.694774][ T111] ffff888076d4a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 904.702844][ T111] >ffff888076d4a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 904.710906][ T111] ^ [ 904.717335][ T111] ffff888076d4a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 904.725405][ T111] ffff888076d4a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 904.733470][ T111] ================================================================== [ 904.741529][ T111] ================================================================== [ 904.749592][ T111] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x11d/0x2b0 [ 904.757421][ T111] Write of size 4 at addr ffff888076d4a0c0 by task jfsCommit/111 [ 904.765151][ T111] [ 904.767488][ T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G B 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 904.767538][ T111] Tainted: [B]=BAD_PAGE [ 904.767550][ T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 904.767571][ T111] Call Trace: [ 904.767582][ T111] [ 904.767594][ T111] dump_stack_lvl+0x116/0x1f0 [ 904.767645][ T111] print_report+0xcd/0x680 [ 904.767685][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.767725][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.767764][ T111] ? __phys_addr+0xe8/0x180 [ 904.767804][ T111] ? do_raw_spin_lock+0x11d/0x2b0 [ 904.767841][ T111] kasan_report+0xe0/0x110 [ 904.767881][ T111] ? do_raw_spin_lock+0x11d/0x2b0 [ 904.767921][ T111] ? __mutex_lock+0x91e/0xb90 [ 904.767970][ T111] kasan_check_range+0x100/0x1b0 [ 904.768017][ T111] do_raw_spin_lock+0x11d/0x2b0 [ 904.768052][ T111] ? __kasan_check_byte+0x36/0x50 [ 904.768091][ T111] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 904.768127][ T111] ? lock_acquire+0xfc/0x350 [ 904.768156][ T111] ? __pfx_osq_unlock+0x10/0x10 [ 904.768195][ T111] ? __mutex_lock+0x91e/0xb90 [ 904.768243][ T111] _raw_spin_lock_irqsave+0x42/0x60 [ 904.768287][ T111] ? __mutex_lock+0x28e/0xb90 [ 904.768342][ T111] __mutex_lock+0x28e/0xb90 [ 904.768394][ T111] ? __lock_acquire+0xb8a/0x1c90 [ 904.768449][ T111] ? jfs_syncpt+0x2a/0xa0 [ 904.768488][ T111] ? __pfx___mutex_lock+0x10/0x10 [ 904.768540][ T111] ? do_raw_spin_lock+0x12c/0x2b0 [ 904.768579][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.768619][ T111] ? find_held_lock+0x2b/0x80 [ 904.768662][ T111] ? jfs_syncpt+0x2a/0xa0 [ 904.768696][ T111] jfs_syncpt+0x2a/0xa0 [ 904.768733][ T111] txEnd+0x30a/0x5a0 [ 904.768771][ T111] jfs_lazycommit+0x783/0xb30 [ 904.768817][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 904.768861][ T111] ? __pfx_default_wake_function+0x10/0x10 [ 904.768905][ T111] ? lockdep_hardirqs_on+0x7c/0x110 [ 904.768955][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.768995][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.769034][ T111] ? __kthread_parkme+0x19e/0x250 [ 904.769083][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 904.769124][ T111] kthread+0x3c5/0x780 [ 904.769156][ T111] ? __pfx_kthread+0x10/0x10 [ 904.769189][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.769228][ T111] ? rcu_is_watching+0x12/0xc0 [ 904.769272][ T111] ? __pfx_kthread+0x10/0x10 [ 904.769310][ T111] ret_from_fork+0x5d7/0x6f0 [ 904.769362][ T111] ? __pfx_kthread+0x10/0x10 [ 904.769393][ T111] ret_from_fork_asm+0x1a/0x30 [ 904.769440][ T111] [ 904.769451][ T111] [ 905.022229][ T111] Allocated by task 11146: [ 905.026653][ T111] kasan_save_stack+0x33/0x60 [ 905.031355][ T111] kasan_save_track+0x14/0x30 [ 905.036055][ T111] __kasan_kmalloc+0xaa/0xb0 [ 905.040660][ T111] lmLogOpen+0x571/0x1400 [ 905.045010][ T111] jfs_mount_rw+0x2e9/0x6f0 [ 905.049533][ T111] jfs_fill_super+0xc64/0x1060 [ 905.054327][ T111] get_tree_bdev_flags+0x38c/0x620 [ 905.059457][ T111] vfs_get_tree+0x8e/0x340 [ 905.063927][ T111] path_mount+0x1414/0x2020 [ 905.068456][ T111] __x64_sys_mount+0x28d/0x310 [ 905.073252][ T111] do_syscall_64+0xcd/0x4c0 [ 905.077803][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.083712][ T111] [ 905.086038][ T111] Freed by task 5847: [ 905.090051][ T111] kasan_save_stack+0x33/0x60 [ 905.094748][ T111] kasan_save_track+0x14/0x30 [ 905.099441][ T111] kasan_save_free_info+0x3b/0x60 [ 905.104496][ T111] __kasan_slab_free+0x51/0x70 [ 905.109279][ T111] kfree+0x2b4/0x4d0 [ 905.113198][ T111] lmLogClose+0x585/0x710 [ 905.117546][ T111] jfs_umount+0x2f0/0x440 [ 905.121887][ T111] jfs_put_super+0x88/0x1d0 [ 905.126418][ T111] generic_shutdown_super+0x156/0x390 [ 905.131822][ T111] kill_block_super+0x3b/0x90 [ 905.136533][ T111] deactivate_locked_super+0xc1/0x1a0 [ 905.141916][ T111] deactivate_super+0xde/0x100 [ 905.146693][ T111] cleanup_mnt+0x225/0x450 [ 905.151123][ T111] task_work_run+0x150/0x240 [ 905.155732][ T111] exit_to_user_mode_loop+0xeb/0x110 [ 905.161035][ T111] do_syscall_64+0x3f6/0x4c0 [ 905.165662][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.171574][ T111] [ 905.173903][ T111] The buggy address belongs to the object at ffff888076d4a000 [ 905.173903][ T111] which belongs to the cache kmalloc-1k of size 1024 [ 905.187968][ T111] The buggy address is located 192 bytes inside of [ 905.187968][ T111] freed 1024-byte region [ffff888076d4a000, ffff888076d4a400) [ 905.201867][ T111] [ 905.204194][ T111] The buggy address belongs to the physical page: [ 905.210603][ T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76d48 [ 905.219372][ T111] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 905.227879][ T111] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 905.235432][ T111] page_type: f5(slab) [ 905.239423][ T111] raw: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 905.248022][ T111] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 905.256622][ T111] head: 00fff00000000040 ffff88801b841dc0 dead000000000100 dead000000000122 [ 905.265311][ T111] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 905.273995][ T111] head: 00fff00000000003 ffffea0001db5201 00000000ffffffff 00000000ffffffff [ 905.282679][ T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 905.291354][ T111] page dumped because: kasan: bad access detected [ 905.297765][ T111] page_owner tracks the page as allocated [ 905.303480][ T111] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5809, tgid 5809 (dhcpcd-run-hook), ts 87719121846, free_ts 87652814167 [ 905.325135][ T111] post_alloc_hook+0x1c0/0x230 [ 905.329921][ T111] get_page_from_freelist+0x1321/0x3890 [ 905.335486][ T111] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 905.341396][ T111] alloc_pages_mpol+0x1fb/0x550 [ 905.346269][ T111] new_slab+0x23b/0x330 [ 905.350467][ T111] ___slab_alloc+0xd9c/0x1940 [ 905.355179][ T111] __slab_alloc.constprop.0+0x56/0xb0 [ 905.360563][ T111] __kmalloc_noprof+0x2f2/0x510 [ 905.365429][ T111] load_elf_phdrs+0x102/0x210 [ 905.370120][ T111] load_elf_binary+0x14c1/0x4f00 [ 905.375074][ T111] bprm_execve+0x8c3/0x1650 [ 905.379590][ T111] do_execveat_common.isra.0+0x4a5/0x610 [ 905.385242][ T111] __x64_sys_execve+0x8e/0xb0 [ 905.389940][ T111] do_syscall_64+0xcd/0x4c0 [ 905.394476][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.400384][ T111] page last free pid 5806 tgid 5806 stack trace: [ 905.406712][ T111] __free_frozen_pages+0x7fe/0x1180 [ 905.411953][ T111] __put_partials+0x16d/0x1c0 [ 905.416640][ T111] qlist_free_all+0x4d/0x120 [ 905.421247][ T111] kasan_quarantine_reduce+0x195/0x1e0 [ 905.426728][ T111] __kasan_slab_alloc+0x69/0x90 [ 905.431599][ T111] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 905.437076][ T111] getname_flags.part.0+0x4c/0x550 [ 905.442221][ T111] getname_flags+0x93/0xf0 [ 905.446653][ T111] do_sys_openat2+0xb8/0x1d0 [ 905.451274][ T111] __x64_sys_openat+0x174/0x210 [ 905.456157][ T111] do_syscall_64+0xcd/0x4c0 [ 905.460694][ T111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.466605][ T111] [ 905.468928][ T111] Memory state around the buggy address: [ 905.474560][ T111] ffff888076d49f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 905.482637][ T111] ffff888076d4a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 905.490706][ T111] >ffff888076d4a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 905.498777][ T111] ^ [ 905.504932][ T111] ffff888076d4a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 905.513004][ T111] ffff888076d4a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 905.521160][ T111] ================================================================== [ 905.529318][ T111] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 905.537050][ T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Tainted: G B 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 905.550477][ T111] Tainted: [B]=BAD_PAGE [ 905.554629][ T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 905.564727][ T111] Call Trace: [ 905.568016][ T111] [ 905.570970][ T111] dump_stack_lvl+0x3d/0x1f0 [ 905.575604][ T111] panic+0x71c/0x800 [ 905.579534][ T111] ? __pfx_panic+0x10/0x10 [ 905.583985][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 905.589699][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 905.595355][ T111] ? rcu_is_watching+0x12/0xc0 [ 905.600192][ T111] ? lock_release+0x201/0x2f0 [ 905.604886][ T111] ? do_raw_spin_lock+0x11d/0x2b0 [ 905.609939][ T111] end_report+0x159/0x170 [ 905.614299][ T111] kasan_report+0xee/0x110 [ 905.618742][ T111] ? do_raw_spin_lock+0x11d/0x2b0 [ 905.623797][ T111] ? __mutex_lock+0x91e/0xb90 [ 905.628529][ T111] kasan_check_range+0x100/0x1b0 [ 905.633499][ T111] do_raw_spin_lock+0x11d/0x2b0 [ 905.638369][ T111] ? __kasan_check_byte+0x36/0x50 [ 905.643420][ T111] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 905.648816][ T111] ? lock_acquire+0xfc/0x350 [ 905.653421][ T111] ? __pfx_osq_unlock+0x10/0x10 [ 905.658325][ T111] ? __mutex_lock+0x91e/0xb90 [ 905.663043][ T111] _raw_spin_lock_irqsave+0x42/0x60 [ 905.668275][ T111] ? __mutex_lock+0x28e/0xb90 [ 905.672988][ T111] __mutex_lock+0x28e/0xb90 [ 905.677530][ T111] ? __lock_acquire+0xb8a/0x1c90 [ 905.682505][ T111] ? jfs_syncpt+0x2a/0xa0 [ 905.687029][ T111] ? __pfx___mutex_lock+0x10/0x10 [ 905.692095][ T111] ? do_raw_spin_lock+0x12c/0x2b0 [ 905.697146][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 905.702803][ T111] ? find_held_lock+0x2b/0x80 [ 905.707508][ T111] ? jfs_syncpt+0x2a/0xa0 [ 905.711856][ T111] jfs_syncpt+0x2a/0xa0 [ 905.716031][ T111] txEnd+0x30a/0x5a0 [ 905.719973][ T111] jfs_lazycommit+0x783/0xb30 [ 905.724686][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 905.729914][ T111] ? __pfx_default_wake_function+0x10/0x10 [ 905.735748][ T111] ? lockdep_hardirqs_on+0x7c/0x110 [ 905.741001][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 905.746665][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 905.752326][ T111] ? __kthread_parkme+0x19e/0x250 [ 905.757385][ T111] ? __pfx_jfs_lazycommit+0x10/0x10 [ 905.762610][ T111] kthread+0x3c5/0x780 [ 905.766731][ T111] ? __pfx_kthread+0x10/0x10 [ 905.771337][ T111] ? srso_alias_return_thunk+0x5/0xfbef5 [ 905.776998][ T111] ? rcu_is_watching+0x12/0xc0 [ 905.781794][ T111] ? __pfx_kthread+0x10/0x10 [ 905.786402][ T111] ret_from_fork+0x5d7/0x6f0 [ 905.791032][ T111] ? __pfx_kthread+0x10/0x10 [ 905.795642][ T111] ret_from_fork_asm+0x1a/0x30 [ 905.800434][ T111] [ 905.803671][ T111] Kernel Offset: disabled [ 905.808022][ T111] Rebooting in 86400 seconds..