last executing test programs: 4m21.438846713s ago: executing program 1 (id=65): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file1\x00', 0x2818c02, &(0x7f0000002580)=ANY=[], 0x1, 0xc3b, &(0x7f0000001940)="$eJzs3V9oXOl5B+D3myOtJadJZjcb549zMbCBbL3ZRbK8axVvQI4VEYPxmpWVi4WCx5bsDiuNZEku3lCCCwklpC0uuchlDZtAe1VftRCa4lxtSwiI9qb0orjtxmwvCpNA2tKLqJyZb6SR1ra0a1uS189j7N/MOe+Z+c7Yr+ac8TlzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI+OrXjg8Np90eBQCwk05Pvj404v0fAJ4oZ+3/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwtRRFfDtSvP29VjrXvt8xcKrRvHJ1anzi7osNpkhRiaJdX/4eGD48cuTlV46OdvP+yz9sn4vXJs8er52Yn1tYnFlampmuTTUbF+anZ7b9CA+6/GaH2i9Abe7NK9MXLy7VDr80smH21eqdfR87UD02enDkjW7t1PjExGRPTV//h37290kP76H4CHkqivh6pHjnxfdSPSIq8eC9sMXPjkdtMPrK/muvxNT4RHtFZhv15nI5M1VyVV9EtWehsW6P7EAvPpCxiGvl31M54EPl6k0u1Bfr52dnamfqi8uN5cZ8M1U6oy3XpxqVGE0RCxHRKnZ78Ow1/VHEkUhx51etdD4iim4fvHB68vWhka0foG8HBnmPp60WESvxGPQs7FH7oog/ixTfPzcUF3Jftdvm3YgvlflqxOUyb6W4nu+n8gfEaMQvvZ/AY60vivh5pJhPrTTd7f32duWpb9RONi/O99R2tysf+/2DnWTbhD1sIIo4397ib6UP/2EXAAAAAAAAAAAAALAzivhxpLg593xaiN5zShvNS7Wz9fOznaOCu8f+1/JSq6urq9XUyVrOoZxjOc+kiL/7RMS5fH8h57Wc13PeyHkz562cKzlv52zljEp+/py1nEM5x3KeyXku50LOazmv57yR82bOWzlXct7O2coZznsCAAAAAAAAAAAAAAAAAADgIRuMIiYixY23f799XeloX5f+k8dGT48/23vN+M9s8Thl7UsR8ePY3jV5+/O1xlOl/PXw1wvY2kAU8a18/b8/3O3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe0Ilivh2pPjBr1tpdXV1NcYizpUzxiJuF7s9OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNJCKOBEp/vNrA+37KxHx+Yj4zWr5K+J/Vzfb7REDAAAAAAAAAAAAAAAAAADAR1Aq4nKk+OE7rVSNiKvVO/s+dqB6bPTgyBtFFJHKkt761ybPHq+dmJ9bWJxZWpqZrk01Gxfmp2e2+3QDpxrNK1enxiceycpsafARj39w4MT8wluLjUu/t3zX+fsHjp9fWl6sX7j77BiMvoih3imH2gOeGp9oD3q2UW+2F02VewywL6K23ZUBAAAAAAAAAAAAAAAAAABgz9ifihiPFM/95Ejqnjfe1znn/+Ode8Va7Y/+YP27AGY3ZVfv9wds53ba7kAPtU+8r02NT0xM9kzu639/aTmmlIr4dKQ4+LefbZ8Pn2L/Xc+NL+v+OFKM/t+RXFc9WNaNbagaODQ1PlE7Pd988fjs7PyF+nL9/OxMbXKhfmHbXxwAAAAAAAAAAAAAAAAAAAAA97E/FfEnkeLIyZXUve58Pv+/r3Ov5/z/VyO6l50fSBtzTfvc/k+0z+3v3P7ksdGTh5+71/RHcf5/OaaUivhNpHj6zz/bvp5+9/z/oU21Zd0PI8XPv/OFXFd5qqwb7q5O5xEvNmZnhsraFyLFd890a6Nd+0qu/dR67XBZ+9NI8czvbqw9mmufXa89XNbeiRQTp+9e++n12pGydjBSfPmPat3a/WXtV3PtgfXaly7Mz05v9+XlyVT2/79Gii8Ofz11/83fs/97vv/j2qZc876ev//th9X/1Z5p13Jfr+b+H96i/y9Hij+9/oVc1+m9w3n+0+0/1/v/u5Hitz++sfblXPvMeu3wdlcLdlPZ//8QKVZu//Pav/nc/7mz1ju0t/8/37cxu9sFu9X/T/dMq+ZxjXzA1wKeNEtvffPN+uzszKIbbrjxpN34r5P3nLXbP5mAR63c/v/vSPGVy0Xq7sfm7f/f6txb3///n2+tb/8f25Rrdmn7/5meacfyXkt/X8TA8txC/2ciBpbe+uaLjbn6pZlLM82RkdGjv3Nk+PDR4f6nujv367e2/drB467s/zcjxY/+6h/XPsfeuP9/98//9m/KNbvU/5/qXacN+zXbfingiVP2/19Ein+58d7a/zfd7/O/7ud8zz+3MQe7RbvU/8/2TKvlP0Z7pt3lvwkBAAAAAAAAAOCxtz8V8ZNI8detv1+75v3G43/ii93a3uP/7mUvXP8fALi/8v1/MlL8bP+XU/c7ZLZz/P/0plzzwY///ae/3M5At3j/P9AzbXqHzmv+QC80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8CCmK2Bcp3v5eK90uyvsdA6cazStXp8Yn7r7YYIoUlSja9eXvgeHDI0defuXoaDfvv/zD9rl4bfLs8dqJ+bmFxZmlpZnp2lSzcWF+embbj/Cgy292qP0C1ObevDJ98eJS7fBLIxtmX63e2fexA9VjowdH3ujWTo1PTEz21PT1f+hnf5/08B6Kj5CnooifRYp3Xnwv/VsRUYkH74UtfnY8aoPRV/ZfeyWmxifaKzLbqDeXy5mpkqv6Iqo9C411e2QHevGBjEVci4hKOeBD5epNLtQX6+dnZ2pn6ovLjeXGfDNVOqMt16calRhNEQsR0Sp2e/DsNf1RxN9Eiju/aqV/LyKKbh+8cHry9aGRrR+gbwcGeY+nrRYRK/EY9CzsUfuiiGcjxffPDcV/FJ2+arfNuxFfKvPViMtl3kpxPd9P5Q+I0Yhfej+Bx1pfFHEmUsynVnq3yL3f3q489Y3ayebF+Z7a7nblY79/sJNsm7CHDUQRv2hv8bfSL7yfAwAAAAAAAAAAAMAeV8RXIsXNuedT+/zQtXNKG81LtbP187Odw/q7x/7X8lKrq6ur1dTJWs6hnGM5z+T8ac6FnNdyXs95I+fNnLdyruS8nbOVMyr5+XPWcg7lHMt5Jue5nAs5r+W8nvNGzps5b+VcyXk7ZytnOE4aAAAAAAAAAAAAAAAAAIBHpBJFfCdS/ODXrbRadK4vey46edt5rvCR9v8BAAD//5M7Saw=") ioprio_get$pid(0x1, 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) r1 = openat(0xffffffffffffff9c, 0x0, 0x107042, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x187842, 0x3) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000f40)={{0x30, 0x1, 0x7, 0x40, 'syz1\x00', 0x8}, 0x0, [0x8, 0x300, 0x5429, 0x1, 0x7, 0x1, 0x44, 0x2, 0x0, 0xb, 0x5, 0x7, 0x5, 0x100000000, 0xc00000, 0xffffffffffffff6d, 0xfffffffffffffffe, 0x0, 0xc, 0x2, 0x8, 0x90, 0x9, 0x800, 0x5, 0x9, 0x10000, 0x7, 0x10, 0x6, 0x2, 0xfffffffffffffffd, 0x1ff, 0x7, 0x8, 0x0, 0x3, 0x7, 0x8, 0xfffffffffffffff4, 0x4, 0xab, 0x3, 0xb69, 0x5, 0x7fffffffffffffff, 0x9, 0x751f, 0x7, 0x6, 0xfff, 0xbe7f, 0x2, 0x1, 0x2, 0x5, 0x6, 0x10, 0xc, 0x8000000000000000, 0x3, 0x1, 0x6, 0x5, 0x2857, 0x0, 0xcbc0, 0xbed, 0x7f, 0xffffffff, 0x4, 0x0, 0xa00, 0x7, 0x4, 0xffff, 0x7, 0x800, 0x1, 0x9, 0x6, 0x4, 0xec71, 0x3, 0x7, 0x9, 0xfffffffffffffffe, 0x2, 0x520be39c, 0x5, 0x8, 0xffffffff, 0x0, 0x3, 0x8de, 0x8, 0x6, 0x6, 0xb, 0xfffffffffffffff9, 0xb, 0x6, 0x0, 0xf, 0x4, 0xfffffffffffffa8b, 0x0, 0x0, 0x81, 0x1, 0x9, 0x3, 0xee, 0x7, 0xd914, 0xfff, 0xfffffffffffffffb, 0x1, 0x8000000000000000, 0xfffffffffffffffa, 0x1, 0xfffffffffffffff9, 0x54c, 0x294, 0x4, 0x500, 0x80000001, 0x7]}) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000200)={0x3, 0x0, 0x98, &(0x7f0000000140)={0x10000, 0x1000, 0x1}}) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r5}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r5, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) creat(&(0x7f0000000280)='./file0\x00', 0x60) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000300)={0x7, {{0x2, 0x4e23, @rand_addr=0x64010100}}}, 0x88) 4m19.29149693s ago: executing program 1 (id=69): r0 = open(&(0x7f0000000300)='./file1\x00', 0x141042, 0xa3) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x4052, r0, 0x0) (async, rerun: 64) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @ioapic={0xdddd0000, 0x8, 0x80, 0xbae3, 0x0, [{0x62, 0xdd, 0x7, '\x00', 0x7}, {0xe, 0x8d, 0x1, '\x00', 0x6}, {0xba, 0xe, 0xe, '\x00', 0x50}, {0x6, 0x8, 0x7, '\x00', 0x10}, {0x8, 0x3}, {0x9, 0x3, 0x3, '\x00', 0x34}, {0x2, 0xe3, 0x4, '\x00', 0x6}, {0xc2, 0x5, 0x4, '\x00', 0x3}, {0x62, 0xf, 0x4, '\x00', 0xdc}, {0x8, 0x2, 0x78, '\x00', 0xc}, {0xa1, 0x8, 0xfa, '\x00', 0x3}, {0x4, 0x2, 0xc, '\x00', 0x8}, {0xa, 0x5, 0xff, '\x00', 0x6a}, {0xfa, 0x40, 0x6, '\x00', 0x1}, {0x1, 0x7, 0x8, '\x00', 0x81}, {0x9, 0x9, 0x4, '\x00', 0x8}, {0x81, 0x10, 0x6d, '\x00', 0x79}, {0x8, 0xe2, 0x2, '\x00', 0x62}, {0x49, 0x81, 0x2, '\x00', 0x5}, {0x0, 0xb, 0x80, '\x00', 0x3}, {0x4, 0x6, 0x5, '\x00', 0xff}, {0x3, 0xe, 0x9, '\x00', 0x8}, {0x5, 0x4, 0x5, '\x00', 0x9}, {0x40, 0x8, 0x7, '\x00', 0x9}]}}) (rerun: 64) syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x2, &(0x7f0000000780)={[{@norecovery}, {@order_relaxed}, {}, {@order_relaxed}, {@nobarrier}, {@order_strict}, {@nobarrier}, {@order_relaxed}], [], 0x2c}, 0x3, 0xeec, &(0x7f0000000f40)="$eJzs3U9sHNX9APA3a6+dxE68Bn5g4EdIoRWBgh2SVE1vQaAeEZfeQSGhEYbShh6I+BN6QFRCFAlxqjhQcaFUSpFaCVSpQj21PbXqrSfUC62qVArqpUiJq9jvrXdfPN312J717n4+0tfPb97sfL/jtayZ8eybAIytxurX48cXihDe+eTtR156svj1tWV3ttc4tPq1iL1WCKHZ0S+y7X0WF1y5/OKpjdoiHF39mvrh0Uvt186EEC6EQ+HT0AofLi1/8cG7Dx/+6LU9N795/umXd2j32/L9AACAUXTxj8t/vffvf7h//suLB0+G6fbydHzeiv2ZeNx/JB4op+PlRujuFx3RaSpbbyJGI1tvIltvMsszWZKvmW2nWbLeVI98Ex3LNtpPAAAAGEbpvLYVisZiV7/RWFxcO++/5rO5qWLx2bPLZ84NqFAAAACgsn+/snrTrRBCCCGEEEIIIUY4VuYGfQUCAAAAGDed84Xt2WiFC9s7U1d7a63r82+0/qWHGhu/HrZBr9+/7f79l3+48r//qr84AABUN6pHk2m/0nF0mscgn0dwInvdZo//G9l2JjdZZ9m8gsMy32BZnfnPdbcqq3+z7+OglNWfz4e5W5XVn8/TuVuV1T9dcx1VldW/4bXXXais/r0111FVWf37aq6jqrL6Z2quo6qy+mdrrqOqsvr311xHVWX1H6i5jqrK6h+W22rL6m/VXEdVZfXP11xHVWX139Dfy/+xnbVUUVb/jTXXUVVZ/TfVXMeg3BHb9HM4mI13nj/n53TDco4HAAAA4+4/5v8TQgghhBBCCCFGPl4Z9AUIAAAAYODS5wLSp95XojQ+0WN8ssd4s8f4VI/x6R7jAAAAQAi/ef3MrW8V65/z3+p8eGneqDT/0mbnMcrnI9xs/q3Oe7bV/MMybxkAAADjpfj2p1fve+S95+e/vHjwZMfZ79V4vpvmAZ2M1wY+jv10X8Bs1i/SOfTJ7jyNkvXy6wP7y7b32BZ3FAAAAMZYOn9vhaKx2HHe3QqNxuLi+vn4QmgWZ84unz4S++n5LL+fa05fW/5gX9mG5alkAAAAMFrWz/c3Pv9Pz/FdCFPF4rNnl8+cW+vPtpc3G53XBebWlxed1wVa2fKjJcuPxX56fud35/auLl889b3lJ7d75wEAAGBMnHvh/NNPLC+f/oFvfDOe3+zbHWXstm8G/ZcJAADYbp9//nbzh8dmf7v2+f/1+e/S5/8PxX4rzu33p7hCuk8gfQ7gus/rP96dZ65svee612tl603EmM7q3tOxndAx32B63XxZvlb3dqZK8s1k+WazfPk8BZPZ+infgWx5/gmItN5ctjyfh3Eyy1Fk+e8KAAAAUG7p+WeeWzr3wvkHzj7zxFOnnzr97LGjJ7514sSRB7/54NLqff1LnXf3AwAAAMNo/abfQVcCAAAAAAAAAAAAAAAAAAAA46uOx4kNeh8BAABg3P3rlRDCBSFESaw9AnPwdQghhBCbi/Sw5EHXIeqNiV1Qg4jRWD/pGngtQqzFykr+pHkAAACAnXXl8ounOtvrXCi2NV97a6215mrMm9rZB/4yfy3Sapce6r5esm9bq2Hc1f37L/9w5X//1e3Nn/412P/fv0b3Bk5Wy3vP0s8XOvPfNtln/nz/H6uW/3CW/57QX/6V97L8j1fLf2+Wf1+f+a/b/+eq5b8v5l+I/cN395u/+/2fjm3aj7195v96tv9Phn7zZ/vf6jNh5v6YHwDGUWPQBeyQdJSQjqNnYj/tbzzcDPndD5s9/m9k25nccuXd203HQbfEfjpems3yJputfybb3v71oeZm6swNy10lZfVv1/u408rq7+vN2wXK6p+quY6qyuqfrrmOqsrq31NzHVWV1d/veeigldU/LNeVy+qfqbmOqsrqn625jqrK6t9fcx1VldV/oOY6qiqrf67mOqoqq7/iZbXaldU/X3MdVZXVf0PNdVRVVv+NNddRVVn9N9Vcx6DcHtuy8+F0/jkXx1K/lfWnN/hZjuq1BQAAABg2/zT/nxBCCCGEEEIIsRPx/W8MvoZ2rKwM+goEg7Szn2YGYLfy93+8ef/Hm/d/vHn/+V/SPfxF1k8meoxP9hhv9hifysbz39fpHuM3ZttdidL4TT3G/6/H+IEe47f0GF/oMX5rj/Hbeozf3mMcAACA8XBzbJ0fAgAAwOh66Rcfv/Grex6/PP/lxYMnw9R1884fif3p+L/112M/n/c+acb/+f8o9n8W29/F9m/Z+u4/AQAAgJ2XnhPj//8AAAAwutJzSp3/AwAAwOiaj63zfwAAABhdN8TW+T8AAACMsGLPxotjm64L3BXbfuf1AwB2v/+P7R2xPRjbO2P7ldim44C7Y/vVmuoDALbPT7/z4xNvFevz/R/Lxq/E5am9zoW1KwVFo3sm/72x3Rfbr/VZT/48gH7zJwf6zLNT+ee2mB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGB2N1a/Hjy8UIbzzyduP/GTqjT9fW3Zne41Dq1+L2GuFEJrt16XR9f4v44pXLr94qrO9GtsiHA1FKNrLw6OX2plmQggXwqHwaWiFD5eWv/jg3YcPf/TanpvfPP/0yzv4I+jaPwAAABhF/w0AAP//8RcdlQ==") (async) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000002c0)={@private1={0xfc, 0x1, '\x00', 0xfd}, @mcast1, @dev={0xfe, 0x80, '\x00', 0x21}, 0x3, 0xb, 0x0, 0x100, 0x8000000000020001, 0x0, r3}) (async) ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f0000000580)={0x1, r0, 'id1\x00'}) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000600), r0) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000006c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="20002dbd7000ff0100251000cee908000400ff0f0000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8010) syz_mount_image$ext4(&(0x7f0000001280)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x40c2, &(0x7f0000001080), 0x1, 0x4fc, &(0x7f0000000a40)="$eJzs3c9vI1cdAPDvTOIkm6ZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBrdeygGpwArUIHEwGv9I0o2dhF3HVu3PRxrNvHnj+b631rzn/SbxC2Bs3YyIw4iYiog3I2K+fT5pb/Hq6XUfP7i/dvzg/loSjcYb/0ia9dm5OPOazBPte85ExPe/E/Gj5Hzc2v7B1mq5XNptlwv1yk6htn9wZ7OyulHaKG0Xi8tLy4sv332p2Le+Plf5zUff3nztB+/97ksf/unwmz/JmjXXrjvbj35qdT13EiczGRGvXUewIZho92dq2A3hkaQR8ZmIeL75/M/HRPPdvJoujzUA8CnQaMxHY/5sGQAYdWkzB5ak+XYuYC7SNJ9v5fCeidm0XK3Vb9+r7m2vt3JlC5FL722WS4vtXOFC5JKsvPROdnxaLsYny3cj4umI+On0jWY5v3b1PAMA0F9PPDT//3u6Nf8DACNu5rILVgbTDgBgcC6d/wGAkWP+B4DxY/4HgPFj/geA8WP+B4Bx80Fn/p8YdksAgIH43uuvZ1vjuP391+tv7e9tVd+6s16qbeUre2v5teruTn6jWt0ol/Jr1cpl9ytXqztLL8be24V6qVYv1PYPVirVve36SvN7vVdKuYH0CgC4yNPPvf+XJCIOX7nR3OLMWg7mahht6bAbAAyNnD+ML9/CDePL//GBy9by7Pkrwu8+QrDGO4/wIqDfbn1e/h/GVZf8v5QAjAn5fxhfJnsYX41G0mvN//TkEgBgpMjxAwP9+T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMiLnmtnCmnKb5fMSTEbEQueTeZrm0GBFPRcSfp3PTWXlpqC0GAB5f+rekvf7XrfkX5h6unUr+c6O5j4gf//yNn729Wq/vLmXn/zndOV9/t32+OIz2AwCX6czTnXm84+MH99c62yDb89G3WouLZnGP21urZjIms90fZyIXEbP/SlrltuzzykQf4h8eRcTnuvU/aeZGFtornz4cP4v95EDjp5+InzbrWvvs3+Kz5+483TPmZWu9wrh4Pxt/Xu32/KVxs7mf6br48UxzhHp8nfHv+Nz413neZ5pjTbfx7+ZVY7z4++/2rDuK+MJkt/jJSfykR/wXTkpTF8b/4Itffr5XXeOXEbeie/yzsQr1yk6htn9wZ7OyulHaKG0Xi8tLy4sv332pWGjmqAudTPV5f3/l9lM9+//riNke8Wcu6f/XLux142QA/tV/3/zhV3rFP4r4xle7v//PXBA/mxO/fmH8U6uzv+25fHcWf73V/6P/9/2/fcX4H/71YP2KlwIAA1DbP9haLZdLu309yEWXqun+hEiuqc0ORvwg+zz+uPd5tp0y63rNH37x3rNZ5dB72peDIQ9MwLU7feiH3RIAAAAAAAAAAAAAAKCXa/9zonTYPQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCU/S8AAP//DRDKkA==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x4) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) (async, rerun: 32) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@private0, @empty, @private0, 0x0, 0x6, 0x0, 0x0, 0x6, 0x150042, r3}) (async, rerun: 32) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {0x1, 0x0, 0x4}, 0x1}, 0x18) (async, rerun: 64) setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) (async, rerun: 64) sendmsg$can_j1939(r6, &(0x7f00000001c0)={&(0x7f0000000140)={0x1d, r7, 0x0, {0x1, 0x0, 0x4}, 0xff}, 0x18, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40845}, 0x804) r8 = socket(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x3, 0x300) (async, rerun: 32) syz_emit_ethernet(0xe3, &(0x7f0000000400)={@random="553bc77e8399", @empty, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@llc={0x4, {@snap={0x1, 0xaa, '4', "a5f029", 0x88fb, "6b06c5eac09eef0664f59e17fc4fbd7b689165c03007f09d0844bedf4d0d4580744452db632ff51ebeb8320af6237b6ce021c546278d56c0c53f88dee72c6e6dc8dfb6452bdf913622ae09696ef103215808f3531854f153f88ffae453adf2eda0207624970342df65c54ff00bdbdb06590ee707906c6b551f10562b99ab189042023aedd6ff08cfc3ffed633c13dffd40d55db1e4be99b67966b5287b0d4806c8d6fa871f9cbc941b58243cf28a69204198c27ebdb07c3e062d5ad68b25749717ac9f4fb80b7ef854"}}}}}, &(0x7f0000000200)={0x0, 0x4, [0x61a, 0xd2e, 0x38c, 0x4e7]}) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) (async) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) rt_sigprocmask(0x0, &(0x7f0000000fc0)={[0x7fffffff]}, &(0x7f0000001000), 0x8) (async) r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0x7d}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xa}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d40)=@newqdisc={0x2ac, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0x5}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x27c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x64, 0x2, 0x3, 0x17, 0xd, 0x8, 0x11}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x1, 0x0, 0x0, 0x1}}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "a2a88faa7ec665a571a9ad3d1f9512e3c591df4a4554c6c2e2cc6cb4d9aee4579684743ad4888f1522a47ddaff3d4f9450d288e8559bc4f795aa0d1bc74d926038adb808cba6e90535b2eb8ba3e8ff927207d17a86b10d604e77a459df67e7f0c842d463ca5977b7e2eb55fbb9881d15633717817c735da52a1da7d64bb22e58550d8ee20883e41ec2f119a6a6364d68900c1cce4a3b3225a9ce9e1e00b444e9e7bcd10e1dec202ce7786aa7cf10d4dd6bbcee586d7903a6239ff90b49cd7fddb0c67ddab326cdb2d0fa48a783f691be9ebaa1243b21afd04a372650aa7eb46a2675cc67ae12d3b99c9acb4d9fb7c78081d269b443affd86eededd4867311221"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x1ffff}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x58f}]}}]}, 0x2ac}}, 0x0) 4m17.59032611s ago: executing program 1 (id=73): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000300)='./bus\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbaf, &(0x7f0000000bc0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x3000) fallocate(r0, 0x0, 0x0, 0x1000f4) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201) syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4001, 0x0, 0x0, 0x0) mmap(&(0x7f000003a000/0x4000)=nil, 0x4000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = syz_pidfd_open(0x0, 0x0) open_by_handle_at(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="15000000fe0000"], 0x1) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4000) symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00') mkdir(0x0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) rename(0x0, 0x0) add_key$keyring(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000810}, 0x4000004) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000003e0007012dbd7000fcdbdf25047c0000040000001400018006000600800a000008000a"], 0x2c}, 0x1, 0xc00000000000000}, 0x0) 4m13.888693292s ago: executing program 1 (id=81): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x775201, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000140), 0x4, 0x4f3, &(0x7f0000000540)="$eJzs3c9vE9kdAPDvODEJwRBoObRVWyilpRXC+QFEiB4Kl1YVQqqKeuoB0sREUWwcxQklKYdw7L1SkXpq/4P21kMlTj301lv3thf2sBK7i3ZFVtqDVzMeEpMfJLskMcSfjzSeeW8Gf9+zee95XuK8ALrW6YhYjohDEXEnIgbz/CTf4lprS6978fzhxMrzhxNJNJu3Pk6y82letP2b1JH8Ofsj4je/jPh9sjFuY3FpZrxarczl6aH52uxQY3HpwnQhzxkdGxkbvnLx8uiu1fVU7Z/PfjF947f//tf3nv5v+ad/TItV+tPR7Fx7PXZTq+rFKLXl9UbEjb0I1iG9+f8f3j1pa/tGRJzJ2v9g9GTvJgBwkDWbg9EcbE8DAAddev9fiqRQzucCSlEolMutObyTMVCo1hvz5wfrC/cmI5vDOh7Fwt3pamU4nys8HsUkTY9kx2vp0XXpixFxIiL+3Hc4S5cn6tXJTn7wAYAudmTd+P9ZX2v8BwAOuP5OFwAA2HfGfwDoPsZ/AOg+X2H89+1AADgg3P8DQPcx/gNAl+nbwTWP9qEcAMB++fXNm+nWXMn//vXk/cWFn5XuX5isNGbKtYWJ8kR9brY8Va9PVSvliWZzu+er1uuzI5dWk43Fpdu1+sK9+dvTtfGpyu1KcY/rAwBs78SpJ+8lEbF89XC2RdtaDsZqONgKnS4A0DE9nS4A0DG+zwPdawf3+KYB4IDbZIneV2z5K8KPLf4K76pz3zb/D93K/D90r683///zXS8HsP/M/0P3ajYTa/4DQJcxxw+80c//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEuVsi0plLO1wJfTx0K5HHE0Io5HMbk7Xa0MR8SxiPh/X7EvTY90utAAwBsqfJjk63+dGzxbWn/2UPJ5X7aPiD/89dZfHozPz8+NpPmfrObPP87zRw91ogIAQLtrG7Na43S+b7uRf/H84cTLbT+L+Ox6a3HRNO5KvrXO9EZvtu+PYkQMfJrk6Zb080rPLsRffhQR31qr/4O2CKVsDqS18un6+Gnso3sQf+31Xx+/8Er8QnYu3Rez1+Kbu1AW6DZPrrf6ybztpU0sb3+FOJ3tN2///VkP9eZe9n8rG/q/wmr/17MhfpK1+dOr6deX5Nml//xqQ2ZzsHXuUcR3ejeLn6zGT7bof8/usI7vf/f7Z7Y61/xbxLnYPH5LLetmh+Zrs0ONxaUL07XxqcpU5d7o6NjI2PCVi5dHh7I56tbjfzeL8dHV88e2ip/Wf2CL+P3b1P9HO6z/37+487sfvCb+T364+ft/8jXx0zHxxzuMPz5wrT/yMWOz+JNb1H+79//8DuM//WBpcoeXAgD7oLG4NDNerVbmtjlIP2tud42D3Tj4x74HjeWIt6PuDt6eg073TMBeW2v0nS4JAAAAAAAAAAAAAACwlcbi0kxf7O3XiTpdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6uLwMAAP//N2/POQ==") r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open_by_handle_at(r2, &(0x7f0000000080)=@ceph_nfs_fh={0x8, 0x1, {0xe}}, 0x200000) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff00000000030000000000000000000000020000000000000000000000000000020300000000000000000000100c"], 0x0, 0x56}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) r5 = socket(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r7, @ANYBLOB="14000200fe8000000500000000000000000000aa0800093f3f0c0000140001"], 0x48}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x4, '\x00', r7, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c00, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x1020400, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@posixacl}, {@mmap}, {@afid={'afid', 0x3d, 0xd33}}, {@fscache}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/kvm\x00'}}, {@subj_type={'subj_type', 0x3d, '#@'}}]}}) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000001800000000000000008000000000000001000000000000006700000000000000c4036502803e2a000000c4217d7fb517390000450f01c548b80c000000000000000f23d80f21f835c00000200f23f8670f21"], 0x7f}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x1) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000100)='proc\x00', 0x40c0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2000a9, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_GUEST_DEBUG(r9, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d46549b, 0x0, [0x7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x8000000000000]}) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettaction={0x28, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0x28}}, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000140)={0x5, 0x1, 0xc, 0x2, @vifc_lcl_addr=@rand_addr=0x64010102, @broadcast}, 0x10) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000000)=0x6, 0x4) 4m11.757971985s ago: executing program 1 (id=86): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000d5ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r2, 0xc008561c, &(0x7f0000000000)={0x980903, 0x18, {0x400d, 0x1, 0xc}}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000000)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@call]}, &(0x7f0000000a00)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x1c, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x13b02, r1, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94) 4m5.664082258s ago: executing program 1 (id=99): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) syz_usb_connect$uac1(0x1, 0x8a, &(0x7f00000001c0)=ANY=[@ANYBLOB="eb010000000000086b1d01014000010203010902780003010000000904000000010300000a240904"], &(0x7f0000011700)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd) ioctl$TCSETSW(r0, 0x5432, 0x0) 4m4.7521212s ago: executing program 32 (id=99): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) syz_usb_connect$uac1(0x1, 0x8a, &(0x7f00000001c0)=ANY=[@ANYBLOB="eb010000000000086b1d01014000010203010902780003010000000904000000010300000a240904"], &(0x7f0000011700)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd) ioctl$TCSETSW(r0, 0x5432, 0x0) 3m55.784795206s ago: executing program 0 (id=119): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x2, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==") r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0) read$FUSE(r0, 0x0, 0x0) r1 = getpid() syz_pidfd_open(r1, 0x0) write$P9_RGETLOCK(r0, &(0x7f0000000000)={0x1f, 0x37, 0x1, {0x2, 0x582, 0xfffffffffffffffe, r1, 0x1, '@'}}, 0x1f) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x40, 0x20}, 0x18) getdents64(r6, &(0x7f0000000340)=""/42, 0x2a) r7 = eventfd2(0x2000001, 0x0) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x20000000000000, 0x0, 0x1, r7, 0x11}) close_range(r3, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f00000000c0)='./file0\x00', 0x204888, &(0x7f0000000380)=ANY=[@ANYBLOB="756e695f786c6174653d312c696f636861727365743d757466382c0097b75cbdde02821d0f899c2377ee9577397fc18b433d0c59e692b381740ca495e1c145c5922679338b5ff21c0653a98440a5725268a242c0263564f988d3c178704feaf8a412df818275708882ea9a4048c6e458a1f05b83f2e69b965b1df203b21de2b0ee375647f886a5310889982079aa7b1fb42e2382d40feefe7f768eec58b19cf50faaf129503175f4262df740183df51d3641ff78b86127c1db8ef165bfa3bd20797fde6ff91a0e45d3d7c1c6d1ce0a72be8c1fdb00000000"], 0x1, 0x336, &(0x7f0000000880)="$eJzs3cFrI1UcB/DfxrXdXe2mBxEUxIde9DK09R8wyC6IBaVuZfUgzNqphswmJRNWsoi7N/Hm37F49CaI4LkX79689eJxD4uRJm23ienBhTSWfD4Q3i/z8mXeJEz4XZJ3cPuHu63dKtvNe1F7N8XViKg9jliNWhy7dDTWhvVSnPYw3q7f/uO1jz/97IPG5uaNrZRuNm69s5FSuv76L19/8+Mbv/Ze+OSn6z8vx/7q5wd/bfy5//L+Kwd/3/qqWaVmldqdXsrTnU6nl98pi7TTrFpZSh+VRV4Vqdmuiu7Y/G7Z2dvrp7y9s3Jtr1tUVcrb/dQq+qnXSb1uP+Vf5s12yrIsrVyLxfIs17v9aGsrb8xgMZyj7ycPXB1/2u028sN7ePlfye1HM10YAPC/NNn/1+LK8Pic+v/jFuW/9/+XFr3/fxb6/0Vw2P8vHd2/4/T/AAAAAAAAAAAAAABwETweDOqDwaB+PE4+5r0+Zsvnv9hO/XDvSkT53b3te9ujcTTf2I1mlFHEWtTjScTgxKi++f7mjbU0tBordx+M8ofjc+P59ajH6vT8ekpp8CCl8fzzw3+0OMlvRD1emp7fGJ1/Ir8Ub715Kp9FPX7/IjpRxk4cZp/mv11P6b0PNyfyy8PXAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAYsnRi6v79WXbW/Ch/sr/+WtTjyfT9+dem7s9/OV69PN9rBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBjVf9+Ky/Lonv+xcM4Y2pwZF4LO/8iYman+O3FOOt9VijOLub9zQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn7+mm3/NeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPNU9e+38rIsujMs5n2NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF8k/AQAA//8A7ioD") getdents(0xffffffffffffffff, &(0x7f0000000080)=""/43, 0x2b) getdents(0xffffffffffffffff, 0xfffffffffffffffd, 0xbb) 3m54.735261496s ago: executing program 0 (id=121): io_uring_setup(0x3eae, &(0x7f0000000100)={0x0, 0x206d33, 0x10000, 0x9, 0x5e}) syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@remote, @in6=@ipv4={""/10, ""/2, @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}, 0x0, @in6=@remote}}, &(0x7f0000000240)=0xe8) mount$tmpfs(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x24000, &(0x7f0000000540)=ANY=[@ANYBLOB="73697a653d322c6e725f22fe34696e6f6465733d347439652c6d706f6c3d62696e643d72656c616ff0746902312c687567653d6e657665722c687567573d77697468696e5f73697a652c6e725c626c6f636b733d3830672c6e725f626c8a636b733d006d2c6e725f696e6f6465733d3939382c666f776e", @ANYRESDEC=r0, @ANYBLOB=',\x00']) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f00000006c0)=[{&(0x7f0000000180)="480000001400197f09004b0101048c59028800ffff0001000000000028213ee20600d4ff4affff00c7e5ed5e00000000000000000000eaf60d18125d4b18857a9eace35ee8b12c00", 0x48}], 0x1) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vxcan1\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0x1, {0x0, 0xf0}, 0xfd}, 0x18) r7 = fcntl$dupfd(r5, 0x406, r5) sendto(r7, 0x0, 0x0, 0x24008000, &(0x7f00000023c0)=@nfc_llcp={0x27, 0x0, 0x0, 0x5, 0x8, 0x84, "0e1286532cfa0abe34125215d1b8eb457fd1e0042c3f5bf4bc3c9185d939a712537cf7c41e54e89dde0a3cd5610694c6cc36a136183f2dbd16768924057d79", 0x26}, 0x80) socket$can_bcm(0x1d, 0x2, 0x2) r8 = getpid() syz_pidfd_open(r8, 0x0) 3m53.39854274s ago: executing program 0 (id=123): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x55c, &(0x7f00000006c0)="$eJzs3c1vG2kZAPBnJh92u91mC3uAFdCCFgqqajfubrXay7YXEFqthFhxQBy6IXGjqHZdamfZhEpk/4ZFAokT/AkckDgg7YkDN45IHBDSckAqEIEaJJCMZux8NHGIiR17E/9+0mQ+Xs88z9tkPK/fcecNYGJdiYiNiJiNiHciYq67PelOcbszZa97uvl4cWvz8WIS7fbbf0vy8mxbvkNh95jPdY9ZjIhvfi3iu8nBuM219fsLtVr1UXe93Ko/LDfX1q+v1BeWq8vVB5XKrflbN167+WplaHW9XP/Fk6+uvPmtX//qsx/9buMrP8jSutAt26nHkHWqPrMTJzMdEW+eRLAxmOrOZ8ecB8eTRsQnIuIL+fk/F1P5XycAcJa123PRntu7DgCcdWneB5akpYhI024joNTpw3sxzqe1RrN17V5j9cFSp6/shZhJ763UqjcuFf7wvfzFM0m2Pp+X5eX5emXf+s2IuBQRPyqcy9dLi43a0niaPAAw8Z7be/2PiH8W0rRU6mvXHnf1AIBTo3jsPX1ZAABOq+Nf/wGA02rf9f/cuPIAAEanj8//3Zv9GyeeCwAwGv9f///FE8sDABgd9/8BYPK4/gPARPnGW29lU3ur+/zrpXfXVu833r2+VG3eL9VXF0uLjUcPS8uNxnL+zJ76UcerNRoP51+J1ffKrWqzVW6urd+tN1YftO7mz/W+W50ZSa0AgP/l0uUPf59ExMbr5/Ip9ozl4FoNZ1s67gSAsZkaZGcNBDjVPMALJldfl/C8kfDbE88FGI+eD/Mu9lx81k86sw/6CeJ7RvCxcvXT/ff/G+MZzhb9/zC5jtf//8bQ8wBGT/8/TK52O9k/5v/sThEAcCYN8BW+9g+H1QgBxuqowbyPuv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk+jC7exnkpbyscDT7GdaKkU8HxEvxExyb6VWvRERF+NyRMwUsvX5cScNAAwo/UvSHf/r6tzLF/aXzib/KuTziPj+T9/+8XsLrdaj+Wz733e2F7aHD6vs7jfAuIIAwJDl1+9Kd77ng/zTzceL29Mo83lyJ/7THYp4cWvzcT51SqYj2xhRzNsS5/+RxHR3n2JEvBQRU0OIv/F+RHyqV/2TuJD3gXRGPt0bP7qxnx9p/PSZ+Gle1plnja9PDiEXmDQf3omI273OvzSu5PPe538xf4ca3JM7nYNtv/dt7Yk/3Y001SN+ds5f6TfGK7/5+oGN7blO2fsRL033ip/sxE8Oif9yn/H/+JnPffDGIWXtn0Vcjd7x98Yqt+oPy8219esr9YXl6nL1QaVya/7Wjdduvlop533U5e2e6oP++vq1i4flltX//CHxiz3rP7uz7xf7rP/P//3Odz6/u1rYH//L21v2/f5f7Bm/I7smfqnP+Avnf3no8N1Z/KVD6n/U7/9an/E/+vP6Up8vBQBGoLm2fn+hVqs+Gmgh+xQ6jOMcWMhS7O/F283FwYL+KU6iFsdcmDmpf9VjLxT7zGd6p6043DS+nR2xR1Ha5x/JcRbSoddioIWno4o1vvckYDR2T/pxZwIAAAAAAAAAAAAAABxmFP91adx1BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oz6bwAAAP//yxbH0Q==") bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r0 = memfd_create(&(0x7f00000003c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,U\xb1]*\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3S\xef}\xfd\x12\xbc:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec=\x9e\xc3\xfd\x85d\x0fl5\xf3\xbe\" 6\r<\xea\x8dz\xcf6\x99\x91\xear8p\xaaR\xd5\xa6\xab#N>\x9a\xdf\xea\x009\xfbB\xc1\xd0_\xc0\'Z\xeb\xd8\xaf\xf0\'J\xe2\xff\xe5x*;(p\xf7p\xce\xbb\xa7\xfe\x04\xd0t\x81\x1a\x1b?m/\x1ex\xf8\x88^\xbaU\xb9\xa6\xab\x8d\a\xa6\"\xd9\x13\xeb\xe2\rh\x8dsx\xaa!\xd5Q\xf8\xce*\x95\x0es\xfaZ\x94t\x19\xdc\xdc\xcf\x0f\x9a\xa2O>\xb9\xfc\x01\fW\xee\xffh\xbd\xb2\xb4z\xeb\x84\x13\x13u\x8f\xe2\\Z\xef\xa3\xe1c\xc5\xe6', 0x0) write$bt_hci(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="01"], 0x2b) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r1, 0x6628) 3m53.054801671s ago: executing program 0 (id=125): r0 = syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000006, &(0x7f00000001c0)={[{@volume={'volume', 0x3d, 0x3e}}, {@umask={'umask', 0x3d, 0x9}}, {@anchor={'anchor', 0x3d, 0xffff}}, {@gid_forget}, {@volume={'volume', 0x3d, 0x3ff}}, {}, {}, {@lastblock}, {@iocharset={'iocharset', 0x3d, 'cp863'}}]}, 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") creat(&(0x7f0000000100)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) syz_open_dev$vcsa(0x0, 0x8, 0x200000) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r2, &(0x7f0000000000)=ANY=[@ANYRES8=r2, @ANYRES16=r2], 0xffdd) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0xe3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x6}, 0x8) listen(r4, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r4}, 0x20) close(0x3) preadv2(r3, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x22, 0x0, 0x0) statx(r0, &(0x7f0000000280)='./bus\x00', 0x800, 0x40, &(0x7f0000002200)={0x0, 0x0, 0x0, 0x0, 0x0}) ioprio_set$uid(0x0, r6, 0x0) 3m51.744283715s ago: executing program 0 (id=129): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00'}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) 3m51.241662076s ago: executing program 0 (id=132): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file1\x00', 0x2818c02, &(0x7f0000002580)=ANY=[], 0x1, 0xc3b, &(0x7f0000001940)="$eJzs3V9oXOl5B+D3myOtJadJZjcb549zMbCBbL3ZRbK8axVvQI4VEYPxmpWVi4WCx5bsDiuNZEku3lCCCwklpC0uuchlDZtAe1VftRCa4lxtSwiI9qb0orjtxmwvCpNA2tKLqJyZb6SR1ra0a1uS189j7N/MOe+Z+c7Yr+ac8TlzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI+OrXjg8Np90eBQCwk05Pvj404v0fAJ4oZ+3/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwtRRFfDtSvP29VjrXvt8xcKrRvHJ1anzi7osNpkhRiaJdX/4eGD48cuTlV46OdvP+yz9sn4vXJs8er52Yn1tYnFlampmuTTUbF+anZ7b9CA+6/GaH2i9Abe7NK9MXLy7VDr80smH21eqdfR87UD02enDkjW7t1PjExGRPTV//h37290kP76H4CHkqivh6pHjnxfdSPSIq8eC9sMXPjkdtMPrK/muvxNT4RHtFZhv15nI5M1VyVV9EtWehsW6P7EAvPpCxiGvl31M54EPl6k0u1Bfr52dnamfqi8uN5cZ8M1U6oy3XpxqVGE0RCxHRKnZ78Ow1/VHEkUhx51etdD4iim4fvHB68vWhka0foG8HBnmPp60WESvxGPQs7FH7oog/ixTfPzcUF3Jftdvm3YgvlflqxOUyb6W4nu+n8gfEaMQvvZ/AY60vivh5pJhPrTTd7f32duWpb9RONi/O99R2tysf+/2DnWTbhD1sIIo4397ib6UP/2EXAAAAAAAAAAAAALAzivhxpLg593xaiN5zShvNS7Wz9fOznaOCu8f+1/JSq6urq9XUyVrOoZxjOc+kiL/7RMS5fH8h57Wc13PeyHkz562cKzlv52zljEp+/py1nEM5x3KeyXku50LOazmv57yR82bOWzlXct7O2coZznsCAAAAAAAAAAAAAAAAAADgIRuMIiYixY23f799XeloX5f+k8dGT48/23vN+M9s8Thl7UsR8ePY3jV5+/O1xlOl/PXw1wvY2kAU8a18/b8/3O3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe0Ilivh2pPjBr1tpdXV1NcYizpUzxiJuF7s9OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNJCKOBEp/vNrA+37KxHx+Yj4zWr5K+J/Vzfb7REDAAAAAAAAAAAAAAAAAADAR1Aq4nKk+OE7rVSNiKvVO/s+dqB6bPTgyBtFFJHKkt761ybPHq+dmJ9bWJxZWpqZrk01Gxfmp2e2+3QDpxrNK1enxiceycpsafARj39w4MT8wluLjUu/t3zX+fsHjp9fWl6sX7j77BiMvoih3imH2gOeGp9oD3q2UW+2F02VewywL6K23ZUBAAAAAAAAAAAAAAAAAABgz9ifihiPFM/95Ejqnjfe1znn/+Ode8Va7Y/+YP27AGY3ZVfv9wds53ba7kAPtU+8r02NT0xM9kzu639/aTmmlIr4dKQ4+LefbZ8Pn2L/Xc+NL+v+OFKM/t+RXFc9WNaNbagaODQ1PlE7Pd988fjs7PyF+nL9/OxMbXKhfmHbXxwAAAAAAAAAAAAAAAAAAAAA97E/FfEnkeLIyZXUve58Pv+/r3Ov5/z/VyO6l50fSBtzTfvc/k+0z+3v3P7ksdGTh5+71/RHcf5/OaaUivhNpHj6zz/bvp5+9/z/oU21Zd0PI8XPv/OFXFd5qqwb7q5O5xEvNmZnhsraFyLFd890a6Nd+0qu/dR67XBZ+9NI8czvbqw9mmufXa89XNbeiRQTp+9e++n12pGydjBSfPmPat3a/WXtV3PtgfXaly7Mz05v9+XlyVT2/79Gii8Ofz11/83fs/97vv/j2qZc876ev//th9X/1Z5p13Jfr+b+H96i/y9Hij+9/oVc1+m9w3n+0+0/1/v/u5Hitz++sfblXPvMeu3wdlcLdlPZ//8QKVZu//Pav/nc/7mz1ju0t/8/37cxu9sFu9X/T/dMq+ZxjXzA1wKeNEtvffPN+uzszKIbbrjxpN34r5P3nLXbP5mAR63c/v/vSPGVy0Xq7sfm7f/f6txb3///n2+tb/8f25Rrdmn7/5meacfyXkt/X8TA8txC/2ciBpbe+uaLjbn6pZlLM82RkdGjv3Nk+PDR4f6nujv367e2/drB467s/zcjxY/+6h/XPsfeuP9/98//9m/KNbvU/5/qXacN+zXbfingiVP2/19Ein+58d7a/zfd7/O/7ud8zz+3MQe7RbvU/8/2TKvlP0Z7pt3lvwkBAAAAAAAAAOCxtz8V8ZNI8detv1+75v3G43/ii93a3uP/7mUvXP8fALi/8v1/MlL8bP+XU/c7ZLZz/P/0plzzwY///ae/3M5At3j/P9AzbXqHzmv+QC80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8CCmK2Bcp3v5eK90uyvsdA6cazStXp8Yn7r7YYIoUlSja9eXvgeHDI0defuXoaDfvv/zD9rl4bfLs8dqJ+bmFxZmlpZnp2lSzcWF+embbj/Cgy292qP0C1ObevDJ98eJS7fBLIxtmX63e2fexA9VjowdH3ujWTo1PTEz21PT1f+hnf5/08B6Kj5CnooifRYp3Xnwv/VsRUYkH74UtfnY8aoPRV/ZfeyWmxifaKzLbqDeXy5mpkqv6Iqo9C411e2QHevGBjEVci4hKOeBD5epNLtQX6+dnZ2pn6ovLjeXGfDNVOqMt16calRhNEQsR0Sp2e/DsNf1RxN9Eiju/aqV/LyKKbh+8cHry9aGRrR+gbwcGeY+nrRYRK/EY9CzsUfuiiGcjxffPDcV/FJ2+arfNuxFfKvPViMtl3kpxPd9P5Q+I0Yhfej+Bx1pfFHEmUsynVnq3yL3f3q489Y3ayebF+Z7a7nblY79/sJNsm7CHDUQRv2hv8bfSL7yfAwAAAAAAAAAAAMAeV8RXIsXNuedT+/zQtXNKG81LtbP187Odw/q7x/7X8lKrq6ur1dTJWs6hnGM5z+T8ac6FnNdyXs95I+fNnLdyruS8nbOVMyr5+XPWcg7lHMt5Jue5nAs5r+W8nvNGzps5b+VcyXk7ZytnOE4aAAAAAAAAAAAAAAAAAIBHpBJFfCdS/ODXrbRadK4vey46edt5rvCR9v8BAAD//5M7Saw=") ioprio_get$pid(0x1, 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x187842, 0x3) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000f40)={{0x30, 0x1, 0x7, 0x40, 'syz1\x00', 0x8}, 0x0, [0x8, 0x300, 0x5429, 0x1, 0x7, 0x1, 0x44, 0x2, 0x0, 0xb, 0x5, 0x7, 0x5, 0x100000000, 0xc00000, 0xffffffffffffff6d, 0xfffffffffffffffe, 0x0, 0xc, 0x2, 0x8, 0x90, 0x9, 0x800, 0x5, 0x9, 0x10000, 0x7, 0x10, 0x6, 0x2, 0xfffffffffffffffd, 0x1ff, 0x7, 0x8, 0x0, 0x3, 0x7, 0x8, 0xfffffffffffffff4, 0x4, 0xab, 0x3, 0xb69, 0x5, 0x7fffffffffffffff, 0x9, 0x751f, 0x7, 0x6, 0xfff, 0xbe7f, 0x2, 0x1, 0x2, 0x5, 0x6, 0x10, 0xc, 0x8000000000000000, 0x3, 0x1, 0x6, 0x5, 0x2857, 0x0, 0xcbc0, 0xbed, 0x7f, 0xffffffff, 0x4, 0x0, 0xa00, 0x7, 0x4, 0xffff, 0x7, 0x800, 0x1, 0x9, 0x6, 0x4, 0xec71, 0x3, 0x7, 0x9, 0xfffffffffffffffe, 0x2, 0x520be39c, 0x5, 0x8, 0xffffffff, 0x0, 0x3, 0x8de, 0x8, 0x6, 0x6, 0xb, 0xfffffffffffffff9, 0xb, 0x6, 0x0, 0xf, 0x4, 0xfffffffffffffa8b, 0x0, 0x0, 0x81, 0x1, 0x9, 0x3, 0xee, 0x7, 0xd914, 0xfff, 0xfffffffffffffffb, 0x1, 0x8000000000000000, 0xfffffffffffffffa, 0x1, 0xfffffffffffffff9, 0x54c, 0x294, 0x4, 0x500, 0x80000001, 0x7]}) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000200)={0x3, 0x0, 0x98, &(0x7f0000000140)={0x10000, 0x1000, 0x1}}) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r5}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r5, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) creat(&(0x7f0000000280)='./file0\x00', 0x60) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000300)={0x7, {{0x2, 0x4e23, @rand_addr=0x64010100}}}, 0x88) 3m50.843879692s ago: executing program 33 (id=132): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file1\x00', 0x2818c02, &(0x7f0000002580)=ANY=[], 0x1, 0xc3b, &(0x7f0000001940)="$eJzs3V9oXOl5B+D3myOtJadJZjcb549zMbCBbL3ZRbK8axVvQI4VEYPxmpWVi4WCx5bsDiuNZEku3lCCCwklpC0uuchlDZtAe1VftRCa4lxtSwiI9qb0orjtxmwvCpNA2tKLqJyZb6SR1ra0a1uS189j7N/MOe+Z+c7Yr+ac8TlzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI+OrXjg8Np90eBQCwk05Pvj404v0fAJ4oZ+3/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwtRRFfDtSvP29VjrXvt8xcKrRvHJ1anzi7osNpkhRiaJdX/4eGD48cuTlV46OdvP+yz9sn4vXJs8er52Yn1tYnFlampmuTTUbF+anZ7b9CA+6/GaH2i9Abe7NK9MXLy7VDr80smH21eqdfR87UD02enDkjW7t1PjExGRPTV//h37290kP76H4CHkqivh6pHjnxfdSPSIq8eC9sMXPjkdtMPrK/muvxNT4RHtFZhv15nI5M1VyVV9EtWehsW6P7EAvPpCxiGvl31M54EPl6k0u1Bfr52dnamfqi8uN5cZ8M1U6oy3XpxqVGE0RCxHRKnZ78Ow1/VHEkUhx51etdD4iim4fvHB68vWhka0foG8HBnmPp60WESvxGPQs7FH7oog/ixTfPzcUF3Jftdvm3YgvlflqxOUyb6W4nu+n8gfEaMQvvZ/AY60vivh5pJhPrTTd7f32duWpb9RONi/O99R2tysf+/2DnWTbhD1sIIo4397ib6UP/2EXAAAAAAAAAAAAALAzivhxpLg593xaiN5zShvNS7Wz9fOznaOCu8f+1/JSq6urq9XUyVrOoZxjOc+kiL/7RMS5fH8h57Wc13PeyHkz562cKzlv52zljEp+/py1nEM5x3KeyXku50LOazmv57yR82bOWzlXct7O2coZznsCAAAAAAAAAAAAAAAAAADgIRuMIiYixY23f799XeloX5f+k8dGT48/23vN+M9s8Thl7UsR8ePY3jV5+/O1xlOl/PXw1wvY2kAU8a18/b8/3O3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe0Ilivh2pPjBr1tpdXV1NcYizpUzxiJuF7s9OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNJCKOBEp/vNrA+37KxHx+Yj4zWr5K+J/Vzfb7REDAAAAAAAAAAAAAAAAAADAR1Aq4nKk+OE7rVSNiKvVO/s+dqB6bPTgyBtFFJHKkt761ybPHq+dmJ9bWJxZWpqZrk01Gxfmp2e2+3QDpxrNK1enxiceycpsafARj39w4MT8wluLjUu/t3zX+fsHjp9fWl6sX7j77BiMvoih3imH2gOeGp9oD3q2UW+2F02VewywL6K23ZUBAAAAAAAAAAAAAAAAAABgz9ifihiPFM/95Ejqnjfe1znn/+Ode8Va7Y/+YP27AGY3ZVfv9wds53ba7kAPtU+8r02NT0xM9kzu639/aTmmlIr4dKQ4+LefbZ8Pn2L/Xc+NL+v+OFKM/t+RXFc9WNaNbagaODQ1PlE7Pd988fjs7PyF+nL9/OxMbXKhfmHbXxwAAAAAAAAAAAAAAAAAAAAA97E/FfEnkeLIyZXUve58Pv+/r3Ov5/z/VyO6l50fSBtzTfvc/k+0z+3v3P7ksdGTh5+71/RHcf5/OaaUivhNpHj6zz/bvp5+9/z/oU21Zd0PI8XPv/OFXFd5qqwb7q5O5xEvNmZnhsraFyLFd890a6Nd+0qu/dR67XBZ+9NI8czvbqw9mmufXa89XNbeiRQTp+9e++n12pGydjBSfPmPat3a/WXtV3PtgfXaly7Mz05v9+XlyVT2/79Gii8Ofz11/83fs/97vv/j2qZc876ev//th9X/1Z5p13Jfr+b+H96i/y9Hij+9/oVc1+m9w3n+0+0/1/v/u5Hitz++sfblXPvMeu3wdlcLdlPZ//8QKVZu//Pav/nc/7mz1ju0t/8/37cxu9sFu9X/T/dMq+ZxjXzA1wKeNEtvffPN+uzszKIbbrjxpN34r5P3nLXbP5mAR63c/v/vSPGVy0Xq7sfm7f/f6txb3///n2+tb/8f25Rrdmn7/5meacfyXkt/X8TA8txC/2ciBpbe+uaLjbn6pZlLM82RkdGjv3Nk+PDR4f6nujv367e2/drB467s/zcjxY/+6h/XPsfeuP9/98//9m/KNbvU/5/qXacN+zXbfingiVP2/19Ein+58d7a/zfd7/O/7ud8zz+3MQe7RbvU/8/2TKvlP0Z7pt3lvwkBAAAAAAAAAOCxtz8V8ZNI8detv1+75v3G43/ii93a3uP/7mUvXP8fALi/8v1/MlL8bP+XU/c7ZLZz/P/0plzzwY///ae/3M5At3j/P9AzbXqHzmv+QC80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8CCmK2Bcp3v5eK90uyvsdA6cazStXp8Yn7r7YYIoUlSja9eXvgeHDI0defuXoaDfvv/zD9rl4bfLs8dqJ+bmFxZmlpZnp2lSzcWF+embbj/Cgy292qP0C1ObevDJ98eJS7fBLIxtmX63e2fexA9VjowdH3ujWTo1PTEz21PT1f+hnf5/08B6Kj5CnooifRYp3Xnwv/VsRUYkH74UtfnY8aoPRV/ZfeyWmxifaKzLbqDeXy5mpkqv6Iqo9C411e2QHevGBjEVci4hKOeBD5epNLtQX6+dnZ2pn6ovLjeXGfDNVOqMt16calRhNEQsR0Sp2e/DsNf1RxN9Eiju/aqV/LyKKbh+8cHry9aGRrR+gbwcGeY+nrRYRK/EY9CzsUfuiiGcjxffPDcV/FJ2+arfNuxFfKvPViMtl3kpxPd9P5Q+I0Yhfej+Bx1pfFHEmUsynVnq3yL3f3q489Y3ayebF+Z7a7nblY79/sJNsm7CHDUQRv2hv8bfSL7yfAwAAAAAAAAAAAMAeV8RXIsXNuedT+/zQtXNKG81LtbP187Odw/q7x/7X8lKrq6ur1dTJWs6hnGM5z+T8ac6FnNdyXs95I+fNnLdyruS8nbOVMyr5+XPWcg7lHMt5Jue5nAs5r+W8nvNGzps5b+VcyXk7ZytnOE4aAAAAAAAAAAAAAAAAAIBHpBJFfCdS/ODXrbRadK4vey46edt5rvCR9v8BAAD//5M7Saw=") ioprio_get$pid(0x1, 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x187842, 0x3) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000f40)={{0x30, 0x1, 0x7, 0x40, 'syz1\x00', 0x8}, 0x0, [0x8, 0x300, 0x5429, 0x1, 0x7, 0x1, 0x44, 0x2, 0x0, 0xb, 0x5, 0x7, 0x5, 0x100000000, 0xc00000, 0xffffffffffffff6d, 0xfffffffffffffffe, 0x0, 0xc, 0x2, 0x8, 0x90, 0x9, 0x800, 0x5, 0x9, 0x10000, 0x7, 0x10, 0x6, 0x2, 0xfffffffffffffffd, 0x1ff, 0x7, 0x8, 0x0, 0x3, 0x7, 0x8, 0xfffffffffffffff4, 0x4, 0xab, 0x3, 0xb69, 0x5, 0x7fffffffffffffff, 0x9, 0x751f, 0x7, 0x6, 0xfff, 0xbe7f, 0x2, 0x1, 0x2, 0x5, 0x6, 0x10, 0xc, 0x8000000000000000, 0x3, 0x1, 0x6, 0x5, 0x2857, 0x0, 0xcbc0, 0xbed, 0x7f, 0xffffffff, 0x4, 0x0, 0xa00, 0x7, 0x4, 0xffff, 0x7, 0x800, 0x1, 0x9, 0x6, 0x4, 0xec71, 0x3, 0x7, 0x9, 0xfffffffffffffffe, 0x2, 0x520be39c, 0x5, 0x8, 0xffffffff, 0x0, 0x3, 0x8de, 0x8, 0x6, 0x6, 0xb, 0xfffffffffffffff9, 0xb, 0x6, 0x0, 0xf, 0x4, 0xfffffffffffffa8b, 0x0, 0x0, 0x81, 0x1, 0x9, 0x3, 0xee, 0x7, 0xd914, 0xfff, 0xfffffffffffffffb, 0x1, 0x8000000000000000, 0xfffffffffffffffa, 0x1, 0xfffffffffffffff9, 0x54c, 0x294, 0x4, 0x500, 0x80000001, 0x7]}) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000200)={0x3, 0x0, 0x98, &(0x7f0000000140)={0x10000, 0x1000, 0x1}}) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r5}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r5, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) creat(&(0x7f0000000280)='./file0\x00', 0x60) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000300)={0x7, {{0x2, 0x4e23, @rand_addr=0x64010100}}}, 0x88) 3m42.69996604s ago: executing program 3 (id=152): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xfffffffe}]}]}]}, 0x38}}, 0x0) 3m42.585376233s ago: executing program 3 (id=153): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f0000002380)='./file0\x00', 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3, 0x80000002}, {0x60, 0x8}, {0x8}, {0x2, 0xff}, {0x6, 0x0, 0x0, 0x10000000}]}) fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(r1, &(0x7f0000000600)='environ\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r4, 0x0, 0xbb) syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x800) sendmsg$NFNL_MSG_ACCT_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0x3, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, 0x3, 0x7, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x44005}, 0x0) 3m42.131135058s ago: executing program 3 (id=154): r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0xe803, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10) sendmmsg$inet(r0, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000580)="fd", 0x1}], 0x1}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000001c0), 0xfffffffffffffe58, 0x2000c094, 0x0, 0xffffffe6) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000200)={r0, r1}) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000180)='./file0\x00', 0x1d0) r5 = creat(&(0x7f0000000140)='./file0\x00', 0x108) pwritev2(r5, &(0x7f0000000100)=[{&(0x7f0000001040)="a6aa", 0x2}], 0x1, 0x8, 0x5, 0x4) 3m41.842876287s ago: executing program 3 (id=155): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x400}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shutdown(0xffffffffffffffff, 0x1) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, &(0x7f0000000000)=@framed={{0x3e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x99}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000000100)=ANY=[@ANYBLOB="696f636861727365743d170ddbbba28854f76e642c756d61736b3d30303030303030303030303030303030303030303030362c696f636861727365743d63703934392c6572726f72733d72656d6f756e742d726f2c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00000000000000000000003,gid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=remount-ro,discard,errors=continue,\x00'], 0x5, 0x1510, &(0x7f00000037c0)="$eJzs3Am4TlX7MPD7Xmvt45D0dJLhsNa6N08yLCdJMiTJkCRJkmRKSDrJKwmJQ6akQxKS4ZAMh5AMJ0465nkekyTpJEmmTMn6rlN83t7qe//v/+17/a//uX/Xta9n3c/a99prP/czrL0N33UZWrNxrWoNiQj+LfjrQxIAxALAQAC4DgACACgXVy4uqz+nxKR/7yDsr/VI6tWeAbuauP7ZG9c/e+P6Z29c/+yN65+9cf2zN65/9sb1Zyw72zy94PW8Zd+N7/9nZ/z7/79IZumxX60tfWPXfyGF65+9cf3/1wr+Kztx/bM3rn/2xvXP3rj+2UGOP+3h+mdvXH/GsrOrff+Zt6u7Xe33H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yx7OGsv0IBwOX21Z4XY4wxxhhjjDHG/jo+x9WeAWOMMcYYY4wxxv7/QxAgQUEAMZADYiEn5AIBANdCHrgOInA9xMENkBduhHyQHwpAQYiHQlAYNBiwQBBCESgKUbgJisHNUBxKQEkoBQ5KQwLcAmXgVigLt0E5uB3Kwx1QASpCJagMd0IVuAuqwt1QDe6B6lADakItuBdqw31QB+6HuvAA1IMHoT48BA3gYWgIj0AjeBQaw2PQBB6HptAMmkMLaPnfyn8JesDL0BN6QRL0hj7wCvSFftAfBsBAeBUGwWswGF6HZBgCQ+ENGAZvwnB4C0bASBgFb8NoeAfGwFgYB+MhBSbARHgXJsF7MBmmwFSYBqkwHWbA+zATZsFs+ADmwIcwF+bBfFgAafARLIRFkA4fw2L4BDJgCSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBbvhU9gDn8Fe+Bz2wRf/Yv6Zf8jvioCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBW7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vivXgv9sY6WAfrYl2sh/Uu357ChtgQG2EjbIyNsQk2wabYFJtjc2yJLbEVtsLW2BrbYltsh+2wPbbHREzEDtgBO2JH7ISdsDN2xi7YBbtiN+yGL+UAfBlfxl5YXfTGPtgH+2Jyjv44AAfgqzgIX8PX8HVMxiE4FN/AN/BNHI6ncQSOxFE4CquId3AMjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsIPcA5+iB/iPJyHCzAN03AhLsJ0TMfFeAYzcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/Fz/AzTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyFp/A0nsGzeBbP43m8gC/Ef9NoV4k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFMVFMFBfFRUlRUjjhRIJIEGVEGVFWlBXlxO2ivLhDVBAVRRtXWVQWVURbV1XcLaqJaqK6qCFqilqilqgtaos6oo6oK+qKeqKeqC8eEg1Eb+yPj4isyjQWQ7CJGIpNRTMhL32DtRLDsbVoI9qKp8RIHIHtRSuXKJ4VHcQY7Cj+Jsbi86KzGI9dxIuiq+gmuouXRA/R2vUUvcRk7C36iGnYV/QT/cUAMRNriA9wTs6a4nWRLIaIoeINsQDfFMPFW2KEGClGibfFaPGOGCPGinFivEgRE8RE8a6YJN4Tk8UUMVVME6liupgh3hczxSwxW3wg5ogPxVwxT8wXC0Sa+EgsFItEuvhYLBafiAyxRCwVy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFdvEdrFD7BS7xG7xqdgjPhN7xedin/hC7BdfigPiK3FQfC0yxTfikPhWHBbfiSPie3FU/CCOiePihDgpTokfxWlxRpwV58R58ZO4IH4WF4UXIFEKKaWSgYyROWSszClzyWtkbhlcenWvl3HyBplX3ijzyfyygCwo42UhWVhqaaSVJENZRBaVUXmTLCZvlsVlCVlSlpJOlpYJ8hZZRt4qy8rbZDl5uywv75AVZEVZSVaWd8oq8i4JkV+PUV3WkDVlLXmvrC3vk3Xk/bKufEDWkw/K+vIh2UA+LBvKR2Qj+ahsLB+TTeTjsqlsJpvLFrKlfEK2kk/K1rKNbCufku3k07K9fEYmymdlB+kvvUWel53lC7KLfFF2ld1kd/mzvCi97Cl7SYDeso98RfaV/WR/OUAOlK/KQfI1OVi+LpPlEDlUviGHyTflcPmWHCFHylHybTlaviPHyLFynBwvU+QEOVG+KyfJ9+RkOUVOldNkqpwu+18aabaU/zT/3T/IH/zL0TfJzXKL3Cq3ye1yh9wpd8ndcrfcI/fIvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7PyZPylPxRnpZn5Bl5Tp6X5+WFS68BKFRCSaVUoGJUDhWrcqpc6hqVW12r8qjrVERdr+LUDSqvulHlU/lVAVVQxatCqrDSyiirSIWqiCqqouomvPSGUSVVKeVUaZWgbvlX8lUxdbMqrkr8Jv/y/JL+ZH4tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UK6qv6qf6qwFqoHpVDVKD1GA1WCWrZDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVolLURDVRTVKT1GQ1WU1VU1WqSlUz1Aw1U81Us9VsNUfNUXPVXDVfzVdpKk0tVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJA3uDHIF+QPCgQFg/igUFA40IEJbCAuFT0a3BQUC24OigclgpJBqcAFpYOE4JagTHBrUDa4LSgX3B6UD+4IKgQVg0pB5eDOoEpwV1A1uDuoFtwTVA9qBDWDWsG9Qe3gvqBOcH9QN3ggqBc8GNQPHgoaBA8HDYNHgkbBo0Hj4LGgSfB40DRoFjQPWgQt/9LxvT+d/0nXU/fSSbq37qNf0X11P91fD9AD9at6kH5ND9av62Q9RA/Vb+hh+k09XL+lR+iRepR+W4/W7+gxeqwep8frFD1BT9Tv6kn6PT1ZT9FT9TSdqqfrGfp9PVPP0rP1B3qO/lDP1fP0fL1Ap+mP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/ROvUvv1p/qPfozvVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/ok/qU/lGf1mf0WX1On9c/6Qv6Z31R+6zFfdbPu1FGmRgTY2JNrMllcpncJrfJY/KYiImYOBNn8pq8Jp/JZwqYAibexJvCprDJQoZMEVPERE3UFDPFTHFT3JQ0JY0zziSYBFPGlDFlTVlTzpQz5U15U8FUMJVMJXOnudPcZe4yd5u7zT3mHlPD1DC1TC1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTXPT0rQ0rUwr09q0Nm1NW9POtDPtTXuTaBJNB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySZJNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNsks1QM9QMM8PMcDPcjDAjzaishap5x4wxY804M96kmBQz0Uw0k8wkM9lMNlPNVJNqUs0MM8PMNDPNbDPbzDFzzFwz18w3802aSTMLzUKTbtLNYrPYZJgMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTSZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm/yXfi+9ibU5bS57jc1tr7V57HX2H+MCtqCNt4VsYattPpv/N7Gx1ha3JWxJW8o6W9om2Ft+F1ewFW0lW9neaavYu2zV38W17X22jr3f1rUP2Fr23t/E9eyDtr59zDZABLDNbCPbwja2j9km9nHb1DazzW0L284+bdvbZ2yifdZ2sM/9Ll5oF9nVdo1da9fZPfYze9aes4ftd/a8/cn2tL3sQPuqHWRfs4Pt6zbZDvldPMq+bUfbd+wYO9aOs+N/F0+102yqnW5n2PftTDvrd3Ga/cjOsel2rp1n59sFv8RZc0q3H9vF9hObYZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+6ndarfZ7XaH3Wl3/RJnncde+7ndZ7+wh+y39oD9yh60R2ym/eaXOOv8jtjv7VH7gz1mj9sT9qQ9ZX+0p+2ZX84/69xP2p/tRestEBKQJEUBxVAOiqWclIuuodx0LeWh6yhC11Mc3UB56UbKR/mpABWkeCpEhUmTIUtEIRWhohSlm+jyOr0klSJHpSmBbqEydCuVpduoHN1O5ekOqkAVqRJVpjupCt1FVeluqkb3UHWqQTWpFt1Ltek+qkP3U116gOrRg1SfHqIG9DA1pEeoET1KjekxakKPU1NqRs2pBbWkJ6gVPUmtqQ21paeoHT1N7ekZSqRnqQM9Rx3pb9SJnqfO9AJ1oRepK3Wj7vQS9aCXqSf1oiTqTX3oFepL/ag/DaCB9CoNotdoML1OyTSEhtIbNIzepOH0Fo2gkTSK3qbR9A6NobE0jsZTCk2gifQuTaL3aDJNoak0jVJpOs2g92kmzaLZ9AHNoQ9pLs2j+bSA0ugjWkiLKJ0+psX0CWXQElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20i3bTp7SHPqO99Dntoy9oP31JB+grOkhfUyZ9Q4foWzpM39ER+t73oh/oGB2nE3SSTtGPdJrO0Fk6R+fpJ7pAP9NF8gQhhiKUoQqDMCbMEcaGOcNc4TVh7vDaME94XRgJrw/jwhvCvOGNYb4wf1ggLBjGh4XCwqEOTWhDCsOwSFg0jIY3hcXCm8PiYYmwZFgqdGHpMCG8JSwT3hqWDW8Ly4W3h+XDO8IKYcXwsQcqh3eGVcK7wqrh3WG18J6welgjrBnWCu8Na4f3hXXC+8O64QNh2fDBsH74UNggfDhsGD4SNgofDRuHj4VNwsfDpmGzsHnYImwZPhG2Cp8MW4dtwrbhU2G78OmwffhMmBg+G3YIn/ul/8FFf96fFPYO+4SvhK+E3t8v50cXRNOiH0UXRhdF06MfRxdHP4lmRJdEl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3Rb2vlQMcOuGkUy5wMS6Hi3U5XS53jcvtrnV53HUu4q53ce4Gl9fd6PK5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd5Mr5m52xV0JV9KVcs6VdgmuhWvpWrpW7knX2rVxbd1T7in3tHvaPeOecc+6Du4519H9zXVyz7vO7gX3gnvRdXXdXHf3kuvhJuT59TOZ5Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7JJdshvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLcSluopvoJrlJbrKb7Ka6qS7VpboZboab6Wa6KrN+PcpcN9fNd/NdmktzC13WmjHdLXaLXYbLcEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8db8O6va5/W6/O+AOuIPua5fpvnGH3LfusPvOHXHfu6PuB3fMHXcn3El3yv3oTrsz7qw75867n9wF97O76LxLiUyITIy8G5kUeS8yOTIlMjUyLZIamR6ZEXk/MjMyKzI78kFkTuTDyNzIvMj8yIJIWuSjyMLIokh65OPI4sgnkYzIksjSyLLI8siKiPeFtoa+iC/qo/4mX8zf7Iv7Er6kL+WdL+0T/C2+jL/Vl/W3+XL+dl/e3+Er+Iq+kn/cN/XNfHPfwrf0T/hW/knf2rfxbf1Tvp1/2rf3z/hE/6zv4J/zHf3ffCf/vO/sX/Bd/Iu+q+/mu/uXfA//su/pe/kk39v38a/4vr6f7+8H+IH+VT/Iv+YH+9d9sh/ih/o3/DD/ph/u3/Ij/Eg/KuZtP/ryJTKM9yl+gp/o3/WT/Ht+sp/ip/ppPtVP9zP8+36mn+Vn+w/8HP+hn+vn+fl+gU/zH/mFfpFP9x/7xf4Tn+GXXL6p7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//U7/Gf+b3+c7/Pf+H3+y/9Af+VP+i/9pn+G3/If+sP++/8Ef+9P+p/8Mf8cX/Cn/Sn/I/+tD/jz/pz/rz/yV/wP/uL/G/WGGOMMcb+SyZcaYo/6u/9B8+Jv9u5DwBcu61g5t/3Z60o1+f7td1PxLeLAMCzvbo8cnmrXj0pKenSvhkSgqLzAC7/SVCWGLgSL4G28DQkQhso84fz7ye6nad/Mn70doBcf5cTC1fiK+N/+SfjP/HUqIXlw7Nx/4/x5wEUL3olJydciZdAW5X12AbK/sn4+Vv9k/nn/CoFoPXf5eSGK/GV+SfAk/AcJP5mT8YYY4wxxhhj7Ff9RKVOl68/L/+Nzz+6Po9XV3JywJX4n12fM8YYY4wxxhhj7Op7vlv3Z55ITGzT6V9vVP1vZXHjf2rDe4DLzygA+DcHBPiPn8WW/8ixki99dP6xa/k5H8D/jFL+FY2r/MXEGGOMMcYY+8tdWfT/9nl1tSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ/+J/07sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//geYOMQ==") r5 = syz_open_dev$mouse(&(0x7f0000000280), 0x8, 0x6002) connect$bt_rfcomm(r5, &(0x7f0000000340)={0x1f, @none, 0x7b}, 0xa) mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000680)='./file0/../file0/../file0/../file0\x00', 0x0, 0x1333404, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00') r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='./file0/../file0/../file0/../file0\x00') getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, 0x0) 3m40.728146352s ago: executing program 3 (id=157): r0 = socket(0x2, 0x5, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xc6da5938055fa6fd}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_cmd={0x1, 0x9, 0x8, 0x82e8, 0x2, 0x2, 0x4, 0x9, 0x8, 0x1, 0x5, 0x3, 0x5ef, 0x9, 0xbe, 0xd1, [0x3, 0xf2]}}) r4 = socket(0x11, 0x3, 0x7fffffff) setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f00000001c0)=0x9, 0x4) r5 = socket(0x1e, 0x2, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r5, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(r5, &(0x7f0000000200)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000080)="00497ac3c19cd0467645752a368321d12b", 0x11}], 0x1}, 0x4000001) recvmmsg(r5, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000a40)=""/188, 0xbc}], 0x1, &(0x7f0000000500)=""/87, 0x57}}], 0x1, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x4) write(r6, &(0x7f0000000b80)="2f00000014000f3f00000000120f0a0011000000009a67ec53f737bf1739078682ee6e8d06e500000000638c7b9916", 0x2f) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xa3, 0x1, 0x7b, 0x10, 0x5ac, 0x263, 0x6f9e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x6a, 0x2}}]}}]}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002380)={0xa, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008040000b703000000000000850000008900000095"], &(0x7f0000000140)='syzkaller\x00', 0xa, 0x0, 0x0, 0x40f00, 0x20}, 0x94) 3m38.540806846s ago: executing program 3 (id=164): openat$audio(0xffffffffffffff9c, &(0x7f00000005c0), 0x40000000008d82, 0x0) syz_io_uring_setup(0x6b4c, &(0x7f0000000080)={0x0, 0x2f2, 0x80, 0x3, 0x30}, &(0x7f00000007c0)=0x0, &(0x7f0000000700)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x118, &(0x7f0000000740)=0x2, 0x0, 0x4) syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xac25, 0x8, 0x3, 0x40000333}, &(0x7f00000006c0), &(0x7f00000001c0)) syz_io_uring_setup(0x6440, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x80, 0x350}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r3 = socket(0x40000000015, 0x5, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x118, 0x2b, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x106, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f", @typed={0x4, 0xe9}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) connect$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0xfffd, @mcast2, 0x401, 0x4}, 0x20) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='devices.list\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000780), 0x0, 0xc3) syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x810801, &(0x7f0000000140)=ANY=[], 0x4, 0x212, &(0x7f0000000400)="$eJzslb9rFEEUx78zu7e5BAlYaGFzFgEjmL3dPZU0FrEXhETU8jBjiE5y4XJFEhASbGysxf/Av8AilYWdVjY2FioIFqa0EhyZ2dnb2Vx2w5KcTd4HbvY7P97Me7Pv3oIgiDPL92+/v768Pb90DcA5zGDCjv/08jXcWf/ltdew8v369LP9w/sxAErlff+Y8wMA7xY8YDfdVinXGpgB8BnAErjRmnvguGr1fTCEma8qtxZgeGiHn2yoYTS9SSukYI96cvnxqhSRbmLdJLrpAKrg/8EewzKApj2COf5tbu887UqgnwopMtFQ2TkjU3VF1f0Z/xY4bjlXoN/XgxfP93Q/tOORc38xOGKrO2BYtHoeEwjDsGW7Inbiv+Tn+3vpa0vZrRNJ82QXUVecnztiSmd4tfmkFDraU3PjrxpLgEEhBcd7mfpFV63RftTfmbdGrYJj9hEnD4cdHmFuSlw82P8wavXjvyXt6QtTuAC4U6902nyakvLOkVYXCiOXS/4yWQaWpkRaP5gPXHHqk+98FdqDtY325vbO3Opad0WsiPUk6dyMrkfRjaRtanPaVtS/pqlPU87+jZK1AQuw1R0M+vEWMOjHw36Stk66L77t/TI23NQ/jtk/SmWfFxN29qFkxTOY/XHz1GrWK3WeIAiCIAiCIAiCIAiCIAiiFi0wfJwedlWRN/bpJ3fN9L8AAAD//72aWc4=") mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000f000000050030000000000005002f00a005000008000300", @ANYRES32=r8], 0x2c}}, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) bind$unix(r9, &(0x7f0000000180)=@file={0x1}, 0x6e) listen(r9, 0x0) r10 = socket$unix(0x1, 0x1, 0x0) connect$unix(r10, &(0x7f00000002c0)=@file={0x1}, 0x6e) accept$unix(r9, &(0x7f0000000240)=@abs, &(0x7f0000000200)=0xfffffffffffffcb7) r11 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x41, 0x5f, 0xbc, 0x10, 0xe8d, 0xa7, 0xb531, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd, 0x0, 0x2, 0xff, 0x0, 0x0, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x8, 0x2, 0x40}}]}}]}}]}}, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a7"], 0x0) syz_usb_disconnect(r11) syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff"], 0x0) 3m37.997184445s ago: executing program 34 (id=164): openat$audio(0xffffffffffffff9c, &(0x7f00000005c0), 0x40000000008d82, 0x0) syz_io_uring_setup(0x6b4c, &(0x7f0000000080)={0x0, 0x2f2, 0x80, 0x3, 0x30}, &(0x7f00000007c0)=0x0, &(0x7f0000000700)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x118, &(0x7f0000000740)=0x2, 0x0, 0x4) syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xac25, 0x8, 0x3, 0x40000333}, &(0x7f00000006c0), &(0x7f00000001c0)) syz_io_uring_setup(0x6440, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x80, 0x350}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r3 = socket(0x40000000015, 0x5, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x118, 0x2b, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x106, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f", @typed={0x4, 0xe9}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) connect$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0xfffd, @mcast2, 0x401, 0x4}, 0x20) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='devices.list\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000780), 0x0, 0xc3) syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x810801, &(0x7f0000000140)=ANY=[], 0x4, 0x212, &(0x7f0000000400)="$eJzslb9rFEEUx78zu7e5BAlYaGFzFgEjmL3dPZU0FrEXhETU8jBjiE5y4XJFEhASbGysxf/Av8AilYWdVjY2FioIFqa0EhyZ2dnb2Vx2w5KcTd4HbvY7P97Me7Pv3oIgiDPL92+/v768Pb90DcA5zGDCjv/08jXcWf/ltdew8v369LP9w/sxAErlff+Y8wMA7xY8YDfdVinXGpgB8BnAErjRmnvguGr1fTCEma8qtxZgeGiHn2yoYTS9SSukYI96cvnxqhSRbmLdJLrpAKrg/8EewzKApj2COf5tbu887UqgnwopMtFQ2TkjU3VF1f0Z/xY4bjlXoN/XgxfP93Q/tOORc38xOGKrO2BYtHoeEwjDsGW7Inbiv+Tn+3vpa0vZrRNJ82QXUVecnztiSmd4tfmkFDraU3PjrxpLgEEhBcd7mfpFV63RftTfmbdGrYJj9hEnD4cdHmFuSlw82P8wavXjvyXt6QtTuAC4U6902nyakvLOkVYXCiOXS/4yWQaWpkRaP5gPXHHqk+98FdqDtY325vbO3Opad0WsiPUk6dyMrkfRjaRtanPaVtS/pqlPU87+jZK1AQuw1R0M+vEWMOjHw36Stk66L77t/TI23NQ/jtk/SmWfFxN29qFkxTOY/XHz1GrWK3WeIAiCIAiCIAiCIAiCIAiiFi0wfJwedlWRN/bpJ3fN9L8AAAD//72aWc4=") mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000f000000050030000000000005002f00a005000008000300", @ANYRES32=r8], 0x2c}}, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) bind$unix(r9, &(0x7f0000000180)=@file={0x1}, 0x6e) listen(r9, 0x0) r10 = socket$unix(0x1, 0x1, 0x0) connect$unix(r10, &(0x7f00000002c0)=@file={0x1}, 0x6e) accept$unix(r9, &(0x7f0000000240)=@abs, &(0x7f0000000200)=0xfffffffffffffcb7) r11 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x41, 0x5f, 0xbc, 0x10, 0xe8d, 0xa7, 0xb531, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd, 0x0, 0x2, 0xff, 0x0, 0x0, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x8, 0x2, 0x40}}]}}]}}]}}, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a7"], 0x0) syz_usb_disconnect(r11) syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff"], 0x0) 11.269318039s ago: executing program 5 (id=666): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, 0x0, 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) creat(&(0x7f0000000140)='./file0\x00', 0x108) 11.20761938s ago: executing program 5 (id=667): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000300)='./bus\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbaf, &(0x7f0000000bc0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x3000) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4001, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) open_by_handle_at(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="15000000fe0000"], 0x1) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4000) symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00') mkdir(0x0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) rename(0x0, 0x0) add_key$keyring(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000810}, 0x4000004) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000003e0007012dbd7000fcdbdf25047c0000040000001400018006000600800a000008000a"], 0x2c}, 0x1, 0xc00000000000000}, 0x0) 8.444746373s ago: executing program 5 (id=679): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x804053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x70) fdatasync(r0) 8.192247221s ago: executing program 2 (id=682): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={0xffffffffffffffff}, 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r1, 0x4734}}, 0x10) (fail_nth: 4) 8.081671821s ago: executing program 2 (id=683): getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000240)={0x5c, 0x1, 0x7fffffff}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, 0x0, 0x4044080) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x2000000, 0x0) mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000004c0)={[], [{@fowner_lt}, {@appraise_type}, {@smackfshat={'smackfshat', 0x3d, 'sched_switch\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x65, 0x55, 0x31, 0x34, 0x30, 0x39, 0x39], 0x2d, [0x63, 0x33, 0x36, 0x33], 0x2d, [0x37, 0x6fedb0ad667a3716, 0x34, 0x4bbc10f19dea590f], 0x2d, [0x37, 0x66, 0x30, 0x39], 0x2d, [0x36, 0x65, 0x39, 0x32, 0x33, 0x62, 0x36, 0x33]}}}, {@appraise_type}, {@dont_hash}, {@euid_lt}, {@dont_hash}], 0x2f}) r5 = memfd_create(&(0x7f0000000840)='[\v\xdbX\xae[\x1a\xa9\x00\xc2\x9aml\r\xcf\xaa\x13\x99\x85B\xc3\x06<\xc2\xa9\xc3\xdb\x88\xee\x85md\xc8\x85HX\xa9%\f\x8fe\xe0\x00\x00\xa8\xfdn\xbe \a\x0e\xa3\xb9\x1d\x9dO\xbdj\x00\x00\xfb\xff\x00c\xb2\xc9\ap\xd0\xa2\x82\x1e\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcb\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2\xa75\x9d\xcb\x1e\x80\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x00uNh\xc5(\xbc\xf3\xac{\x04D2\xf2\xcd\xc2{E\xae\x89\xddI\xc8\xc6\xe9\xef\x98\xf0\x8b\xac\xa7R\x10\x011\x9fi\x00\x00\x00\x00\x00\x00\x00\x00\x002?D\x86\x14\xa52<\x87n\xf4\x04R\x15\t\xb8\xbeT\xb8\xe7K)\x1fP\xb6\xce8\xcc\xabe\xcb\xd0\xf9\xc9\xfe_\v\xaa#\x8f\x8asu\xb2\xfe\xc4\xbe\x03\xd3\x93E\x1d\xaf}\x9b\xac\xc2\x9a\xe6W\x92sD\fn\x9e\xc2s\xc6_4\f\xc1\x8b\x9a\xa4_\xad\x9b\xb9 \v\x0f{>\xdf^.\xb8\x96\x1d\x99vY\xa8\xfa\xd7i\x94i^;\xaa\xe7XA\xd2\xc5\x02\x12I\xbe\xd0Ksq\x96 \xbf\xed\x1c\x91\xeeN\xda&\xddtG\xc2\xa8j\xae\xac)\xfdNu\x19\x91\xa7z\x1b\x0e\xab\xd2k\x16\x87#\xf6p#\x8d\xdd?\x9fXV\x12\xa9\xc7v\x02\x98g:4\xb6\xcaY\xc2~k\xcb\xef]h/\xa2\xaf\xc4\xec\xdc\xd4H\xed\x94qNY\x85\x87&\xf1\xbb\f\x02\x0fo\xae\xf4\x19|\xc4\xfcL\xdb\x00\xedrK\x13\xb5J?s\x93\xe6\xda\xf0\xf3B\x8d\xb4\xd8>\x12\xb0\x8e\x8d\xdaQ\xa2\xd0\xbc\x92d\x9e^\xbc\xd5\x8aNf\xefa\v*\xb08\xfc\xd2\xa4\x11`\xae\x98\xcc\xe1\xea\xc2\x1dKR\x0e\x1cK\x86\v\xba\xdfz\xa8\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\xe9\xb3@\xe8\a0\x1e\xb8L\x83\xc4\xa8\xb2\xc1\xf8\xae\x1d\x198\x0f\xfa\t\x88+\xdc\xe1\x01@\xbd\x8ba\"|\x14\x1bF\x9b\xd3\xff7\a\x1c:U\xba\xf4\t\xdc\xef\xe3\x11\xdb^\xee\x8c0\xee\xde6:\x80t\xfb\xbc^K\xb4\x8c9\xb0\xec\x82\x127!\x0e\xa3\xc9\xe0\xea\xfa\x0f\xbb\x0e \xc3\xef\xb20xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000180)='./file0\x00', 0x1d0) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x108) pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000001040)="a6aa", 0x2}], 0x1, 0x8, 0x5, 0x4) 6.031202891s ago: executing program 2 (id=688): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x141, 0x1b, 0x76, 0x36, 0x20, 0x525, 0x9901, 0x3975, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x84, 0x4, 0x2, 0xc4, 0xc6, 0x1f, 0x0, [], [{{0x9, 0x5, 0xc, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x7}}, 0x0, 0x4}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) accept4$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000100)=0x10, 0x80000) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(0xffffffffffffffff, 0x942e, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000940)={{0x0, 0x2000, 0x0, 0xffff}, 'syz0\x00'}) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x16) ioctl$UI_DEV_CREATE(r3, 0x5501) write$input_event(r3, &(0x7f0000000400)={{}, 0x16, 0x3, 0x4}, 0x18) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001680)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES8=r1], 0x158}, 0x1, 0xba01}, 0x44) 5.989317767s ago: executing program 4 (id=689): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4048aecb, &(0x7f0000000080)) (fail_nth: 1) openat$vimc2(0xffffffffffffff9c, &(0x7f0000001f40), 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.37076353s ago: executing program 6 (id=690): ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x29, 0x9, 0x1d, 0xee, 0x62, @private1, @ipv4={'\x00', '\xff\xff', @local}, 0x20, 0x10, 0x1, 0xca73}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f00000000c0)=0x7) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000300)={0x2, &(0x7f00000001c0)=[{0x1, 0x8, 0x2, 0x7fffffff}, {0x81, 0x4, 0x7, 0x10}]}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = syz_open_dev$vim2m(0x0, 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4}) (async) ioctl$vim2m_VIDIOC_EXPBUF(r7, 0xc0405668, 0x0) (async) r8 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3fe, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r8, 0xc0585605, &(0x7f0000000040)={0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xdd2fcb245114ab72}}) (async) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r3) (async) r9 = socket$isdn(0x22, 0x2, 0x26) bind$isdn(r9, &(0x7f0000000040)={0x22, 0x8c, 0x0, 0x1}, 0x6) sendmsg$NL80211_CMD_DEL_TX_TS(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x2008010}, 0x4000004) (async) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000fb030100c0"]) (async, rerun: 32) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]}) (rerun: 32) ioctl$int_out(r10, 0x5461, &(0x7f0000000040)) symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00') 5.260223965s ago: executing program 4 (id=691): r0 = syz_io_uring_setup(0x1237, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x3, 0x2b9}, &(0x7f0000000040), &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000018c0)=[@rights={{0x20, 0x1, 0x1, [r0, r2, r0, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [r1, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x80, 0x4000000}}], 0x1, 0x0) 5.032310982s ago: executing program 5 (id=692): memfd_create(0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) sync_file_range(0xffffffffffffffff, 0x40, 0xffffffff, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) eventfd2(0x7, 0x80800) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = syz_io_uring_setup(0xc, &(0x7f00000002c0)={0x0, 0x29, 0x8, 0x0, 0x20b}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18) r4 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r4, 0xc0506617, &(0x7f0000000740)={@desc={0x1, 0x0, @desc1}, 0x40, 0x0, '\x00', @b}) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0xc080661a, &(0x7f0000000100)={@desc={0x1, 0x0, @desc1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount$fuse(0x0, 0x0, 0x0, 0x1048001, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x12, 0x4000, @fd_index=0x3, 0xb, 0x0, 0x0, 0x7, 0x1}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x34, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_TSOFF={0x8}]}, @CTA_TUPLE_ORIG={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000100000d0900010073797a300000000048000000090a010400000000000000000100100008000a40000000000900010073797a30000000000c00098008000140000060000900020073797a32000000000800034000000023140000001000010000000000000000000000000a97fe28a0bfc2cad8074254e43d96c004f42a2018f3313b6b6638146460975cc1bbc341e6869877bc657d6fa9"], 0x90}}, 0x0) 4.9745902s ago: executing program 4 (id=693): memfd_create(0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) sync_file_range(0xffffffffffffffff, 0x40, 0xffffffff, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) eventfd2(0x7, 0x80800) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = syz_io_uring_setup(0xc, &(0x7f00000002c0)={0x0, 0x29, 0x8, 0x0, 0x20b}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18) r4 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r4, 0xc0506617, &(0x7f0000000740)={@desc={0x1, 0x0, @desc1}, 0x40, 0x0, '\x00', @b}) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0xc080661a, &(0x7f0000000100)={@desc={0x1, 0x0, @desc1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount$fuse(0x0, 0x0, 0x0, 0x1048001, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x12, 0x4000, @fd_index=0x3, 0xb, 0x0, 0x0, 0x7, 0x1}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x34, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_TSOFF={0x8}]}, @CTA_TUPLE_ORIG={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000100000d0900010073797a300000000048000000090a010400000000000000000100100008000a40000000000900010073797a30000000000c00098008000140000060000900020073797a32000000000800034000000023140000001000010000000000000000000000000a97fe28a0bfc2cad8074254e43d96c004f42a2018f3313b6b6638146460975cc1bbc341e6869877bc657d6fa9"], 0x90}}, 0x0) 4.819859489s ago: executing program 6 (id=694): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f0000000080)={0x80, 0x101, 0x2, 0x8, 0x7f, 0x26, 0xe, "0899975b796df43e8cd70a12dffd79491d44a974", "9800eaf43bc1878cdb8e0259474029508376c9f0"}) (async, rerun: 32) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32) r1 = socket$inet6(0xa, 0xa, 0x6) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f00000002c0)=0x1, 0x4) (async) recvmmsg(r1, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000400)='/dev/comedi3\x00', 0x121000, 0x0) (async) ioctl$VHOST_VDPA_SET_STATUS(0xffffffffffffffff, 0x4001af72, &(0x7f0000000340)=0x2) (async, rerun: 32) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000240)=0x2, 0x4) (async, rerun: 32) r3 = userfaultfd(0x80001) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, 0x0) (async) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0) (async) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'pcl730\x00', [0x4f27, 0x8, 0x10000, 0x0, 0x66, 0xcc7, 0x0, 0x7, 0xa, 0x100, 0x2, 0x1, 0x7, 0x1, 0x2, 0x101, 0x3ff, 0x8, 0x3, 0x40020403, 0x2089, 0x2, 0xd27, 0x20001e58, 0x7fff, 0xe69, 0x3c, 0x4, 0x6, 0x0, 0x0, 0xffff08fe]}) (async, rerun: 32) sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) (async, rerun: 32) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r4, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2eb4c7f8e91deaef}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB="18000000091400bd7000fcdbdf250800010000000000"], 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x40000) (async) add_key(&(0x7f0000000380)='asymmetric\x00', 0x0, &(0x7f0000000880)="1080", 0x2, 0xffffffffffffffff) (async) socket$inet6(0xa, 0x5, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) (async) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) (async) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 4.429181965s ago: executing program 6 (id=696): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x80142, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000080), 0x40000047ffffe, 0x1a2c42) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r0, 0x2000, {0x0, 0x0, 0x0, 0x1, 0x140000, 0x0, 0x0, 0x1e, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e770a00000000000000930606f9000000000f000000000600"}}) r3 = dup(r2) write$UHID_INPUT(r3, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38) 3.499261315s ago: executing program 5 (id=698): r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0xe803, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10) sendmmsg$inet(r0, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000580)="fd", 0x1}], 0x1}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000001c0), 0xfffffffffffffe58, 0x2000c094, 0x0, 0xffffffe6) socket$packet(0x11, 0x2, 0x300) syz_init_net_socket$ax25(0x3, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000180)='./file0\x00', 0x1d0) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x108) pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000001040)="a6aa", 0x2}], 0x1, 0x8, 0x5, 0x4) 3.460912581s ago: executing program 4 (id=699): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$can_j1939(0x1d, 0x2, 0x7) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000002000001800000018000000020000000000000000000004000000030000000000000002030000000000"], 0xffffffffffffffff, 0x32, 0x0, 0x2}, 0x28) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$kcm(0x1e, 0x5, 0x0) recvmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/11, 0xb}], 0x1, 0xfffffffffffffffe}, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x5, 0x1000, 0x4, 0x2}}) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3.225239975s ago: executing program 7 (id=700): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) r1 = add_key(&(0x7f0000000500)='big_key\x00', &(0x7f0000000540)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$revoke(0x3, r1) add_key(&(0x7f0000000500)='big_key\x00', &(0x7f0000000540)={'syz', 0x3}, &(0x7f0000000580)="a5", 0x1, 0xfffffffffffffffe) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#.S\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x22f82, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000040)=0x5) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$dsp(r2, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000240)=0x6) r3 = socket$pptp(0x18, 0x1, 0x2) getsockopt(r3, 0x2, 0x7, &(0x7f00000000c0)=""/115, &(0x7f0000000140)=0x73) 3.1040929s ago: executing program 6 (id=701): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)={0x1b, 0x0, 0x0, 0x800000, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1800}, 0x48) r0 = socket$inet_udp(0x2, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') pwritev(r1, 0x0, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x80, 0x80, 0x6, 0x20000008, {{0x5, 0x4, 0x0, 0x20, 0x14, 0x66, 0x0, 0x80, 0x29, 0x0, @remote, @multicast1}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000040)={'ip_vti0\x00', 0x0, 0x0, 0x700, 0x4000000, 0x2, {{0x5, 0x4, 0x0, 0x2a, 0x14, 0xfffd, 0x0, 0x19, 0x4, 0x0, @remote, @multicast2}}}}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x25, 0x0, &(0x7f00000000c0)) syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)={{0x12, 0x1, 0x201, 0xd4, 0x14, 0xf2, 0x10, 0x1a86, 0x752d, 0xe3b3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x30, 0x9, 0x90, 0x56, [{{0x9, 0x4, 0x1, 0x25, 0x0, 0x93, 0x65, 0xd6, 0x9}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x414}}, {0x95, &(0x7f00000004c0)=@string={0x95, 0x3, "2c7ba4ad99c3ab9a37a259c4e17ccc48418866f57c53dfaa202f45aa26a3aa8af9afd98be3b2ea7b0b008a781016c47e58567085af95e6efdf58cea1910f7213fbad8eba9afae6566994b77822f142f12d0ae6ebf8c351f59b734c1b49c1ae1061753ec770e5d62f1d838babd5f09189d3ea1aad268b4305b23211303eb28100f948a67410ca58bf25702933cc172384eb2e98"}}]}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = open(&(0x7f0000000200)='./file0\x00', 0x40, 0x20) fcntl$setlease(r7, 0x400, 0x0) r8 = open(0x0, 0x0, 0x0) fcntl$setlease(r8, 0x400, 0x0) close(0x3) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) keyctl$setperm(0x5, 0x0, 0x9290101) 2.936864553s ago: executing program 5 (id=702): syz_mount_image$minix(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRES32=0x0, @ANYRES64=0x0, @ANYRESDEC, @ANYBLOB=',\fscontext=syotem_u,\x00'], 0x1, 0x174, &(0x7f00000001c0)="$eJzs20tOIlEUxvGvKJpXv5vuHnR6YOJAJ1I8IokzXQqBkhALNeIE4kBX4Bpcg7twFS5AB86MAzFUqjCRKivByEX4/xJyL/nuCYeQC2eCACytba3IkqXM6Mn/3NV50Yo4ZQUPAItkGKyPQwDLx7433QEAM253pGtJN3cnTdmZiflglJ+GeSo7mZ9J/9JBbuWUfzlfXEhrYb1ViKwvjPPPkfn6avj6X/RV3/RdP/RTv1QM8ta4/u8bJiEAAJaHpVJSHnnADtaUdjueW46t/+Tnldg84+fVhLwWm2f9vNQ88FqxZwBES015/0N2wv1PJ9x/AOb0+oO9hue5R2wWehN+3vPSz9xsLh+kOWjD7CYfEZn9XgLw/pzj7qHT6w82Ot1G2227+9Vyeau+WavUq44/2Tuvz/cAPq7nH33TnQAAAAAAAAAAAAAAgGn91h/TLQAAAACYkVn8wcj0ewQAAAAAAAAAAAAAAAAAYNE8BQAA///S0h8q") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x6, @empty, 0x80040}, 0x1c) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0xd, 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") mknod$loop(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20) write$FUSE_STATFS(r3, &(0x7f0000000000)={0x60, 0xfffffffffffffffe, 0x0, {{0x400, 0xffffffffffffffe4, 0x3, 0x1, 0x8, 0x40, 0x1, 0x5}}}, 0x60) renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x2) rename(0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.766758618s ago: executing program 7 (id=703): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() socket$inet_tcp(0x2, 0x1, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) syz_open_dev$MSR(&(0x7f0000000340), 0x1, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004600002c0000010000069078ac141400ac1e00010703f40000000000", @ANYRES32=0x41424344, @ANYRES32=r2, @ANYRESHEX=r3], 0x0) sendmmsg$unix(r2, 0x0, 0x0, 0xc084) r4 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000040), 0x3f00}], 0x1}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x3a) sendto$inet6(r5, &(0x7f0000000080)="800009e92208a1ce", 0xfdef, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) read(r5, &(0x7f0000000b00)=""/237, 0xed) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, 0x0) socket(0x10, 0x3, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000140)=""/216, 0xd8, 0x0) 2.700196822s ago: executing program 2 (id=704): r0 = syz_io_uring_setup(0x1237, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x3, 0x2b9}, &(0x7f0000000040), &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000018c0)=[@rights={{0x20, 0x1, 0x1, [r0, r1, r0, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c}}], 0x60, 0x4000000}}], 0x1, 0x0) 2.594481293s ago: executing program 2 (id=705): creat(0x0, 0x0) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f00000000c0)={0x0, 0xfad3, 0x1, 0xfffd, 0x12, "f6a6756c9832488c"}) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100)="1876d433b8c266f9be2253e7c12fc9ea10343a19c358547a9357a174911e926c57b51eab3d0a4a2297653ac0c62201010000881a8789adddd1ca89ebd8632972a4f65ad1505ed06b6779ed03ef849c46e3dedf604c01fae7c32f782dd9a45993a079", 0x62}], 0x1) 2.285239683s ago: executing program 4 (id=706): r0 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x1000000, 0x8010002}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001900010028bd7000fddbdf251d01020008000e00", @ANYRES32=0x0, @ANYBLOB="080005000304fd0015000100000000000402000092c904000002cb10305a0501001caf03ba9d08000000"], 0x3c}}, 0x20000) 2.016101638s ago: executing program 4 (id=707): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KIOCSOUND(r0, 0x4b2f, 0x8000000000000002) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_io_uring_setup(0x496, &(0x7f0000000400)={0x0, 0x8d146, 0x0, 0xc, 0x389}, &(0x7f0000000480)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[], 0x30}}) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c00000011000520000000000000000007000000", @ANYRES32=r9, @ANYBLOB="00000000000000000c001a800800048004000280"], 0x2c}}, 0x0) io_uring_enter(r4, 0x3519, 0x0, 0x4, 0x0, 0x0) 1.81708982s ago: executing program 7 (id=708): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="01000000000000007702"]) (fail_nth: 4) 1.496069399s ago: executing program 7 (id=709): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000180)=@gcm_128={{0x304}, "d56d9847bfcb49e2", "16549f18408d640d012ebcc31bd9870b", "bcd58d40", "4f5b22bc20c62b22"}, 0x28) sendto$inet6(r3, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) write$binfmt_aout(r3, 0x0, 0xfdef) write$binfmt_elf64(r3, 0x0, 0x78) bind$qrtr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000280)='./file1/file0\x00', r4, &(0x7f0000000380)='./file1\x00') syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000240)=ANY=[@ANYRESOCT=r1], 0x1, 0x0, 0x0) unlink(&(0x7f0000000440)='./file1\x00') link(&(0x7f0000000140)='./file0\x00', 0x0) 347.053132ms ago: executing program 7 (id=710): socket(0x10, 0x3, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x2}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0), 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x90}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) poll(&(0x7f00000021c0), 0x0, 0x6) r1 = memfd_create(0x0, 0x5) fallocate(r1, 0x0, 0x0, 0x10001) 0s ago: executing program 7 (id=711): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x4}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0xa54, 0x18}}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xffffffff, 0x5}}]}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x64}, 0x1, 0xba01, 0x0, 0x4008010}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfe, {{@in6=@empty, @in6=@remote, 0x0, 0x33, 0x0, 0x0, 0xa, 0x60, 0x30}, {0x0, 0x7f, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x200, 0xfeffffffffffffff}, {0x3, 0x0, 0x0, 0x1}, 0x6, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001140)={@map=0x1, 0x2f, 0x0, 0x0, &(0x7f0000001040)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@updpolicy={0xc4, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x23}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60, 0x0, 0x0, 0xee01}, {0x0, 0x1000000000000401, 0xfffffffffffffffc, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x77, 0x3, 0x0, 0x100000000007fff}, 0xffffffff, 0x6e6bb1, 0x1, 0x0, 0x3}, [@mark={0xc, 0x15, {0x35075b, 0x7}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) sendto$inet6(r4, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x4, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1}, 0x48) syz_usb_connect(0x2, 0x59, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ec1392106d04d308280b011a030109024700010000000009046900000e010000082402010202"], 0x0) kernel console output (not intermixed with test programs): descriptor?? [ 268.942931][ T24] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 269.071910][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 269.121570][ T7629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.130617][ T7629] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.201336][ T5986] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 269.233331][ T7650] loop6: detected capacity change from 0 to 4096 [ 269.265679][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 269.285660][ T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 269.299190][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 269.319479][ T7653] loop4: detected capacity change from 0 to 4096 [ 269.323538][ T7650] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.341311][ T10] usb 6-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 269.353439][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.366799][ T7653] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.368251][ T10] usb 6-1: Product: syz [ 269.387129][ T5986] usb 8-1: Using ep0 maxpacket: 8 [ 269.407097][ T5986] usb 8-1: unable to get BOS descriptor or descriptor too short [ 269.415386][ T10] usb 6-1: Manufacturer: syz [ 269.420229][ T10] usb 6-1: SerialNumber: syz [ 269.426271][ T5986] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 269.438195][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 269.451677][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 269.464119][ T10] usb 6-1: config 0 descriptor?? [ 269.469475][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 269.484276][ T10] usb 6-1: Found UVC 34.00 device syz (8086:0b5b) [ 269.491272][ T10] usb 6-1: No valid video chain found. [ 269.508069][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 269.562084][ T7657] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 269.961217][ T5986] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 0 [ 270.087419][ T9] usb 6-1: USB disconnect, device number 5 [ 270.093784][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 270.150302][ T5986] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB1, changing to 0x81 [ 270.164390][ T7653] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 270.253758][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.350137][ T5986] usb 8-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 270.371242][ T5986] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.390456][ T5986] usb 8-1: Product: syz [ 270.402894][ T5986] usb 8-1: Manufacturer: syz [ 270.413150][ T5986] usb 8-1: SerialNumber: syz [ 270.420986][ T6600] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.434338][ T5986] usb 8-1: config 0 descriptor?? [ 270.495677][ T5986] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 270.613200][ T7660] loop6: detected capacity change from 0 to 1024 [ 270.856701][ T7644] loop7: detected capacity change from 0 to 2048 [ 270.877375][ T7644] udf: Bad value for 'partition' [ 270.974040][ T10] usb 3-1: USB disconnect, device number 10 [ 271.025298][ T7660] loop6: detected capacity change from 0 to 164 [ 271.066625][ T5986] usb 8-1: USB disconnect, device number 5 [ 271.122441][ T7660] overlay: ./file0 is not a directory [ 271.173783][ T5871] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.214108][ T7667] loop2: detected capacity change from 0 to 128 [ 271.219613][ T6028] udevd[6028]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 271.261534][ T7667] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 271.279559][ T7667] ext4 filesystem being mounted at /102/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 272.385120][ T5867] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 272.439234][ T7678] loop4: detected capacity change from 0 to 256 [ 272.660892][ T5952] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 273.049941][ T5952] usb 7-1: unable to get BOS descriptor or descriptor too short [ 273.075610][ T5952] usb 7-1: not running at top speed; connect to a high speed hub [ 273.087342][ T5952] usb 7-1: config 4 has an invalid interface number: 32 but max is 0 [ 273.108107][ T7678] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 273.114643][ T5952] usb 7-1: config 4 has no interface number 0 [ 273.139277][ T7686] loop2: detected capacity change from 0 to 64 [ 273.164695][ T5952] usb 7-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=f1.50 [ 273.186084][ T5952] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.212930][ T5952] usb 7-1: Product: syz [ 273.240570][ T5952] usb 7-1: Manufacturer: syz [ 273.250236][ T7678] FAULT_INJECTION: forcing a failure. [ 273.250236][ T7678] name failslab, interval 1, probability 0, space 0, times 0 [ 273.276913][ T5952] usb 7-1: SerialNumber: syz [ 273.327330][ T7689] loop5: detected capacity change from 0 to 128 [ 273.340405][ T7678] CPU: 1 UID: 0 PID: 7678 Comm: syz.4.399 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 273.340436][ T7678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 273.340449][ T7678] Call Trace: [ 273.340458][ T7678] [ 273.340467][ T7678] dump_stack_lvl+0x189/0x250 [ 273.340512][ T7678] ? __pfx____ratelimit+0x10/0x10 [ 273.340542][ T7678] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.340569][ T7678] ? __pfx__printk+0x10/0x10 [ 273.340606][ T7678] ? __pfx___might_resched+0x10/0x10 [ 273.340626][ T7678] ? fs_reclaim_acquire+0x7d/0x100 [ 273.340664][ T7678] should_fail_ex+0x414/0x560 [ 273.340695][ T7678] ? __pfx_exfat_alloc_inode+0x10/0x10 [ 273.340714][ T7678] should_failslab+0xa8/0x100 [ 273.340745][ T7678] ? __pfx_exfat_alloc_inode+0x10/0x10 [ 273.340763][ T7678] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 273.340792][ T7678] ? exfat_alloc_inode+0x28/0x70 [ 273.340816][ T7678] ? __pfx_exfat_alloc_inode+0x10/0x10 [ 273.340836][ T7678] exfat_alloc_inode+0x28/0x70 [ 273.340855][ T7678] alloc_inode+0x6a/0x1b0 [ 273.340890][ T7678] new_inode+0x22/0x170 [ 273.340927][ T7678] exfat_build_inode+0x183/0x1350 [ 273.340962][ T7678] ? __brelse+0x59/0xa0 [ 273.340982][ T7678] ? exfat_put_dentry_set+0x22e/0x2b0 [ 273.341019][ T7678] exfat_lookup+0xcff/0x1770 [ 273.341066][ T7678] ? __pfx_exfat_lookup+0x10/0x10 [ 273.341160][ T7678] ? d_alloc_parallel+0x2f0/0x15e0 [ 273.341190][ T7678] ? d_alloc_parallel+0x14ae/0x15e0 [ 273.341224][ T7678] ? d_alloc_parallel+0x2f0/0x15e0 [ 273.341264][ T7678] ? __raw_spin_lock_init+0x45/0x100 [ 273.341301][ T7678] ? __init_waitqueue_head+0xa9/0x150 [ 273.341334][ T7678] __lookup_slow+0x294/0x3d0 [ 273.341361][ T7678] ? __pfx___lookup_slow+0x10/0x10 [ 273.341403][ T7678] ? down_read+0x1ad/0x2e0 [ 273.341438][ T7678] lookup_slow+0x53/0x70 [ 273.341461][ T7678] walk_component+0x2d2/0x400 [ 273.341480][ T7678] ? path_lookupat+0x156/0x430 [ 273.341505][ T7678] path_lookupat+0x163/0x430 [ 273.341537][ T7678] filename_lookup+0x212/0x570 [ 273.341567][ T7678] ? __pfx_filename_lookup+0x10/0x10 [ 273.341619][ T7678] ? strncpy_from_user+0x150/0x290 [ 273.341649][ T7678] ? getname_flags+0x1e5/0x540 [ 273.341673][ T7678] user_path_at+0x3a/0x60 [ 273.341699][ T7678] do_sys_truncate+0xa3/0x190 [ 273.341728][ T7678] ? __pfx_do_sys_truncate+0x10/0x10 [ 273.341757][ T7678] ? __pfx_ksys_write+0x10/0x10 [ 273.341783][ T7678] ? rcu_is_watching+0x15/0xb0 [ 273.341813][ T7678] __x64_sys_truncate+0x5b/0x70 [ 273.341843][ T7678] do_syscall_64+0xfa/0x3b0 [ 273.341873][ T7678] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.341902][ T7678] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.341923][ T7678] ? clear_bhb_loop+0x60/0xb0 [ 273.341948][ T7678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.341969][ T7678] RIP: 0033:0x7f723578eb69 [ 273.341989][ T7678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.342008][ T7678] RSP: 002b:00007f723663b038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 273.342032][ T7678] RAX: ffffffffffffffda RBX: 00007f72359b5fa0 RCX: 00007f723578eb69 [ 273.342048][ T7678] RDX: 0000000000000000 RSI: 0000000000001bfc RDI: 0000200000000040 [ 273.342062][ T7678] RBP: 00007f723663b090 R08: 0000000000000000 R09: 0000000000000000 [ 273.342074][ T7678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.342086][ T7678] R13: 0000000000000000 R14: 00007f72359b5fa0 R15: 00007ffd95a9d0a8 [ 273.342119][ T7678] [ 273.392011][ T5866] Bluetooth: hci0: command 0x0406 tx timeout [ 273.522618][ T7676] netlink: 4 bytes leftover after parsing attributes in process `syz.6.401'. [ 273.726495][ T7690] loop7: detected capacity change from 0 to 4096 [ 273.741081][ T7676] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 273.804142][ T7676] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 274.074448][ T7690] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 274.091884][ T7676] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.134385][ T7676] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 274.226225][ T7697] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 274.865418][ T6726] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.047279][ T7703] netlink: 12 bytes leftover after parsing attributes in process `syz.2.408'. [ 275.221420][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 275.221444][ T30] audit: type=1800 audit(1754448146.736:36): pid=7700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.407" name="file1" dev="overlay" ino=490 res=0 errno=0 [ 276.210790][ T5986] page_pool_release_retry() stalled pool shutdown: id 23, 39 inflight 121 sec [ 276.459978][ T5952] usb 7-1: Found UVC 0.02 device syz (17dc:0202) [ 276.481797][ T5952] usb 7-1: No valid video chain found. [ 276.521486][ T5952] usb 7-1: USB disconnect, device number 5 [ 276.698505][ T7716] loop6: detected capacity change from 0 to 2048 [ 277.114209][ T7728] loop2: detected capacity change from 0 to 16 [ 277.370371][ T7728] erofs (device loop2): rootino(nid 36) is not a directory(i_mode 142735) [ 277.584637][ T5233] udevd[5233]: worker [7597] terminated by signal 33 (Unknown signal 33) [ 277.626625][ T5233] udevd[5233]: worker [7597] failed while handling '/devices/virtual/block/loop6' [ 277.639539][ T5233] udevd[5233]: worker [5869] terminated by signal 33 (Unknown signal 33) [ 277.648357][ T5233] udevd[5233]: worker [5869] failed while handling '/devices/virtual/block/loop2' [ 278.019841][ T7739] loop5: detected capacity change from 0 to 8192 [ 278.070849][ T7739] FAT-fs (loop5): bogus number of reserved sectors [ 278.100911][ T7739] FAT-fs (loop5): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 278.124407][ T7739] FAT-fs (loop5): Can't find a valid FAT filesystem [ 278.390897][ T24] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 279.103561][ T7749] loop6: detected capacity change from 0 to 128 [ 279.195248][ T7749] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 279.272168][ T7749] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 279.303131][ T24] usb 3-1: unable to get BOS descriptor or descriptor too short [ 279.322076][ T24] usb 3-1: not running at top speed; connect to a high speed hub [ 279.336898][ T24] usb 3-1: config 4 has an invalid interface number: 32 but max is 0 [ 279.355623][ T24] usb 3-1: config 4 has no interface number 0 [ 279.379537][ T24] usb 3-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=f1.50 [ 279.400301][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.417520][ T24] usb 3-1: Product: syz [ 279.429499][ T24] usb 3-1: Manufacturer: syz [ 279.441135][ T24] usb 3-1: SerialNumber: syz [ 279.501810][ T7730] loop7: detected capacity change from 0 to 32768 [ 279.657501][ T7730] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 279.664206][ T7745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.423'. [ 279.676137][ T7745] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 279.684692][ T7745] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 279.730675][ T7745] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 279.741688][ T7745] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 279.762201][ T7745] batman_adv: batadv0: Interface deactivated: gretap1 [ 279.769072][ T7745] batman_adv: batadv0: Removing interface: gretap1 [ 279.939301][ T24] usb 3-1: Found UVC 0.02 device syz (17dc:0202) [ 279.945252][ T7739] loop5: detected capacity change from 0 to 32768 [ 279.969854][ T24] usb 3-1: No valid video chain found. [ 280.033804][ T24] usb 3-1: USB disconnect, device number 11 [ 280.041442][ T7739] ERROR: (device loop5): diAllocAG: error reading iag [ 280.041442][ T7739] [ 280.128055][ T7739] ialloc: diAlloc returned -5! [ 280.499286][ T6726] ocfs2: Unmounting device (7,7) on (node local) [ 281.369739][ T6600] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 281.906378][ T7786] netlink: 12 bytes leftover after parsing attributes in process `syz.7.427'. [ 282.156252][ T7784] FAULT_INJECTION: forcing a failure. [ 282.156252][ T7784] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 282.248975][ T7784] CPU: 0 UID: 0 PID: 7784 Comm: syz.5.431 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 282.248998][ T7784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 282.249009][ T7784] Call Trace: [ 282.249015][ T7784] [ 282.249021][ T7784] dump_stack_lvl+0x189/0x250 [ 282.249044][ T7784] ? __pfx____ratelimit+0x10/0x10 [ 282.249066][ T7784] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.249084][ T7784] ? __pfx__printk+0x10/0x10 [ 282.249107][ T7784] ? fs_reclaim_acquire+0x7d/0x100 [ 282.249138][ T7784] should_fail_ex+0x414/0x560 [ 282.249161][ T7784] prepare_alloc_pages+0x213/0x610 [ 282.249181][ T7784] __alloc_frozen_pages_noprof+0x123/0x370 [ 282.249200][ T7784] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 282.249222][ T7784] ? policy_nodemask+0x27c/0x720 [ 282.249242][ T7784] ? __pfx__copy_from_iter+0x10/0x10 [ 282.249268][ T7784] alloc_pages_mpol+0x232/0x4a0 [ 282.249294][ T7784] alloc_pages_noprof+0xa9/0x190 [ 282.249317][ T7784] af_alg_sendmsg+0x133a/0x22e0 [ 282.249334][ T7784] ? __pfx___might_resched+0x10/0x10 [ 282.249367][ T7784] ? __pfx_af_alg_sendmsg+0x10/0x10 [ 282.249384][ T7784] ? __pfx_aa_sk_perm+0x10/0x10 [ 282.249404][ T7784] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 282.249434][ T7784] ? __lock_acquire+0xab9/0xd20 [ 282.249454][ T7784] ? aa_sock_msg_perm+0xf1/0x1d0 [ 282.249479][ T7784] ? skcipher_sendmsg+0x26/0xf0 [ 282.249496][ T7784] ? __pfx_skcipher_sendmsg+0x10/0x10 [ 282.249516][ T7784] __sock_sendmsg+0x219/0x270 [ 282.249538][ T7784] sock_write_iter+0x258/0x330 [ 282.249558][ T7784] ? __pfx_sock_write_iter+0x10/0x10 [ 282.249585][ T7784] ? bpf_lsm_file_permission+0x9/0x20 [ 282.249611][ T7784] ? security_file_permission+0x75/0x290 [ 282.249637][ T7784] vfs_write+0x5c9/0xb30 [ 282.249660][ T7784] ? __pfx_sock_write_iter+0x10/0x10 [ 282.249679][ T7784] ? __pfx_vfs_write+0x10/0x10 [ 282.249707][ T7784] ? __fget_files+0x2a/0x420 [ 282.249749][ T7784] ksys_write+0x145/0x250 [ 282.249783][ T7784] ? __pfx_ksys_write+0x10/0x10 [ 282.249809][ T7784] ? rcu_is_watching+0x15/0xb0 [ 282.249833][ T7784] ? do_syscall_64+0xbe/0x3b0 [ 282.249859][ T7784] do_syscall_64+0xfa/0x3b0 [ 282.249883][ T7784] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.249906][ T7784] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 282.249926][ T7784] ? clear_bhb_loop+0x60/0xb0 [ 282.249954][ T7784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.249975][ T7784] RIP: 0033:0x7f53c9f8eb69 [ 282.249994][ T7784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.250012][ T7784] RSP: 002b:00007f53cadcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 282.250036][ T7784] RAX: ffffffffffffffda RBX: 00007f53ca1b5fa0 RCX: 00007f53c9f8eb69 [ 282.250051][ T7784] RDX: 00000000fffffd2c RSI: 0000200000000000 RDI: 0000000000000005 [ 282.250064][ T7784] RBP: 00007f53cadcd090 R08: 0000000000000000 R09: 0000000000000000 [ 282.250076][ T7784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.250089][ T7784] R13: 0000000000000000 R14: 00007f53ca1b5fa0 R15: 00007ffc4dbcb5e8 [ 282.250124][ T7784] [ 282.770019][ T7788] loop2: detected capacity change from 0 to 32768 [ 282.845141][ T7788] [ 282.845141][ T7788] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 282.845141][ T7788] [ 282.997428][ T7788] ERROR: (device loop2): diWrite: ixpxd invalid [ 282.997428][ T7788] [ 283.055345][ T7788] ERROR: (device loop2): remounting filesystem as read-only [ 283.103547][ T7788] ERROR: (device loop2): txCommit: [ 283.103547][ T7788] [ 283.706532][ T5866] Bluetooth: hci3: command 0x0406 tx timeout [ 284.852084][ T7814] loop5: detected capacity change from 0 to 128 [ 284.985246][ T7818] loop2: detected capacity change from 0 to 8 [ 285.039721][ T7818] SQUASHFS error: xz decompression failed, data probably corrupt [ 285.066161][ T7816] 9pnet_fd: Insufficient options for proto=fd [ 285.085264][ T7818] SQUASHFS error: Failed to read block 0x108: -5 [ 285.122945][ T7818] SQUASHFS error: Unable to read metadata cache entry [106] [ 285.131523][ T7814] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 285.153993][ T7818] SQUASHFS error: Unable to read inode 0x11f [ 285.182448][ T7814] ext4 filesystem being mounted at /48/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 285.358418][ T7823] FAULT_INJECTION: forcing a failure. [ 285.358418][ T7823] name failslab, interval 1, probability 0, space 0, times 0 [ 285.394737][ T7823] CPU: 0 UID: 0 PID: 7823 Comm: syz.6.442 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 285.394769][ T7823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 285.394783][ T7823] Call Trace: [ 285.394792][ T7823] [ 285.394801][ T7823] dump_stack_lvl+0x189/0x250 [ 285.394833][ T7823] ? __pfx____ratelimit+0x10/0x10 [ 285.394864][ T7823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.394891][ T7823] ? __pfx__printk+0x10/0x10 [ 285.394928][ T7823] ? __pfx___might_resched+0x10/0x10 [ 285.394954][ T7823] should_fail_ex+0x414/0x560 [ 285.394989][ T7823] should_failslab+0xa8/0x100 [ 285.395022][ T7823] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 285.395054][ T7823] ? __alloc_skb+0x112/0x2d0 [ 285.395091][ T7823] __alloc_skb+0x112/0x2d0 [ 285.395128][ T7823] netlink_sendmsg+0x5c6/0xb30 [ 285.395172][ T7823] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.395208][ T7823] ? aa_sock_msg_perm+0xf1/0x1d0 [ 285.395244][ T7823] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 285.395268][ T7823] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.395301][ T7823] __sock_sendmsg+0x219/0x270 [ 285.395332][ T7823] ____sys_sendmsg+0x505/0x830 [ 285.395361][ T7823] ? __pfx_____sys_sendmsg+0x10/0x10 [ 285.395394][ T7823] ? import_iovec+0x74/0xa0 [ 285.395423][ T7823] ___sys_sendmsg+0x21f/0x2a0 [ 285.395448][ T7823] ? __pfx____sys_sendmsg+0x10/0x10 [ 285.395511][ T7823] ? __fget_files+0x2a/0x420 [ 285.395543][ T7823] ? __fget_files+0x3a0/0x420 [ 285.395597][ T7823] __x64_sys_sendmsg+0x19b/0x260 [ 285.395622][ T7823] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 285.395656][ T7823] ? __pfx_ksys_write+0x10/0x10 [ 285.395682][ T7823] ? rcu_is_watching+0x15/0xb0 [ 285.395710][ T7823] ? do_syscall_64+0xbe/0x3b0 [ 285.395746][ T7823] do_syscall_64+0xfa/0x3b0 [ 285.395776][ T7823] ? lockdep_hardirqs_on+0x9c/0x150 [ 285.395805][ T7823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.395826][ T7823] ? clear_bhb_loop+0x60/0xb0 [ 285.395853][ T7823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.395874][ T7823] RIP: 0033:0x7ff6fdf8eb69 [ 285.395894][ T7823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.395913][ T7823] RSP: 002b:00007ff6fedff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.395935][ T7823] RAX: ffffffffffffffda RBX: 00007ff6fe1b5fa0 RCX: 00007ff6fdf8eb69 [ 285.395951][ T7823] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 285.395966][ T7823] RBP: 00007ff6fedff090 R08: 0000000000000000 R09: 0000000000000000 [ 285.395979][ T7823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.395991][ T7823] R13: 0000000000000000 R14: 00007ff6fe1b5fa0 R15: 00007fff6e37d738 [ 285.396025][ T7823] [ 285.780973][ T5986] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 286.064819][ T5986] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 286.074153][ T5986] usb 3-1: New USB device strings: Mfr=13, Product=2, SerialNumber=3 [ 286.090867][ T5986] usb 3-1: Product: syz [ 286.095582][ T5986] usb 3-1: Manufacturer: syz [ 286.100840][ T5986] usb 3-1: SerialNumber: syz [ 286.120956][ T5986] r8152-cfgselector 3-1: Unknown version 0x0000 [ 286.127476][ T5986] r8152-cfgselector 3-1: config 0 descriptor?? [ 286.899365][ T6483] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 286.962649][ T7843] FAULT_INJECTION: forcing a failure. [ 286.962649][ T7843] name failslab, interval 1, probability 0, space 0, times 0 [ 286.977494][ T7843] CPU: 0 UID: 0 PID: 7843 Comm: syz.6.448 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 286.977525][ T7843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 286.977538][ T7843] Call Trace: [ 286.977549][ T7843] [ 286.977559][ T7843] dump_stack_lvl+0x189/0x250 [ 286.977589][ T7843] ? __pfx____ratelimit+0x10/0x10 [ 286.977618][ T7843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.977644][ T7843] ? __pfx__printk+0x10/0x10 [ 286.977680][ T7843] ? __pfx___might_resched+0x10/0x10 [ 286.977707][ T7843] should_fail_ex+0x414/0x560 [ 286.977739][ T7843] should_failslab+0xa8/0x100 [ 286.977772][ T7843] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 286.977803][ T7843] ? __alloc_skb+0x112/0x2d0 [ 286.977839][ T7843] __alloc_skb+0x112/0x2d0 [ 286.977876][ T7843] netlink_sendmsg+0x5c6/0xb30 [ 286.977918][ T7843] ? __pfx_netlink_sendmsg+0x10/0x10 [ 286.977953][ T7843] ? aa_sock_msg_perm+0xf1/0x1d0 [ 286.977989][ T7843] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 286.978013][ T7843] ? __pfx_netlink_sendmsg+0x10/0x10 [ 286.978046][ T7843] __sock_sendmsg+0x219/0x270 [ 286.978077][ T7843] ____sys_sendmsg+0x505/0x830 [ 286.978105][ T7843] ? __pfx_____sys_sendmsg+0x10/0x10 [ 286.978137][ T7843] ? import_iovec+0x74/0xa0 [ 286.978165][ T7843] ___sys_sendmsg+0x21f/0x2a0 [ 286.978189][ T7843] ? __pfx____sys_sendmsg+0x10/0x10 [ 286.978250][ T7843] ? __fget_files+0x2a/0x420 [ 286.978281][ T7843] ? __fget_files+0x3a0/0x420 [ 286.978326][ T7843] __x64_sys_sendmsg+0x19b/0x260 [ 286.978350][ T7843] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 286.978382][ T7843] ? __pfx_ksys_write+0x10/0x10 [ 286.978408][ T7843] ? rcu_is_watching+0x15/0xb0 [ 286.978435][ T7843] ? do_syscall_64+0xbe/0x3b0 [ 286.978476][ T7843] do_syscall_64+0xfa/0x3b0 [ 286.978505][ T7843] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.978533][ T7843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.978554][ T7843] ? clear_bhb_loop+0x60/0xb0 [ 286.978579][ T7843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.978599][ T7843] RIP: 0033:0x7ff6fdf8eb69 [ 286.978618][ T7843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.978637][ T7843] RSP: 002b:00007ff6fedff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 286.978659][ T7843] RAX: ffffffffffffffda RBX: 00007ff6fe1b5fa0 RCX: 00007ff6fdf8eb69 [ 286.978675][ T7843] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 286.978688][ T7843] RBP: 00007ff6fedff090 R08: 0000000000000000 R09: 0000000000000000 [ 286.978701][ T7843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.978713][ T7843] R13: 0000000000000000 R14: 00007ff6fe1b5fa0 R15: 00007fff6e37d738 [ 286.978746][ T7843] [ 286.988568][ T7818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.289166][ T7845] loop7: detected capacity change from 0 to 64 [ 287.325839][ T7818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.383139][ T7818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.521932][ T7818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.663271][ T5986] r8152-cfgselector 3-1: Unknown version 0x0000 [ 287.935296][ T5986] r8152-cfgselector 3-1: bad CDC descriptors [ 288.012641][ T5986] r8152-cfgselector 3-1: USB disconnect, device number 12 [ 288.453141][ T5880] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 288.462961][ T5880] CPU: 1 UID: 0 PID: 5880 Comm: kworker/u9:8 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 288.462990][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 288.463001][ T5880] Workqueue: hci0 hci_rx_work [ 288.463022][ T5880] Call Trace: [ 288.463030][ T5880] [ 288.463037][ T5880] dump_stack_lvl+0x189/0x250 [ 288.463061][ T5880] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.463080][ T5880] ? __pfx__printk+0x10/0x10 [ 288.463105][ T5880] ? kernfs_path_from_node+0x250/0x290 [ 288.463122][ T5880] ? kernfs_path_from_node+0x2f/0x290 [ 288.463142][ T5880] sysfs_create_dir_ns+0x259/0x280 [ 288.463161][ T5880] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 288.463178][ T5880] ? do_raw_spin_unlock+0x122/0x240 [ 288.463201][ T5880] kobject_add_internal+0x59f/0xb40 [ 288.463236][ T5880] kobject_add+0x155/0x220 [ 288.463264][ T5880] ? __pfx_kobject_add+0x10/0x10 [ 288.463288][ T5880] ? _raw_spin_unlock+0x28/0x50 [ 288.463310][ T5880] ? get_device_parent+0x366/0x3a0 [ 288.463330][ T5880] device_add+0x408/0xb50 [ 288.463349][ T5880] hci_conn_add_sysfs+0xd5/0x1e0 [ 288.463368][ T5880] le_conn_complete_evt+0xc3a/0x1220 [ 288.463401][ T5880] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 288.463424][ T5880] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 288.463445][ T5880] ? __asan_memcpy+0x40/0x70 [ 288.463467][ T5880] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 288.463489][ T5880] ? skb_pull_data+0xfb/0x200 [ 288.463511][ T5880] hci_le_conn_complete_evt+0x187/0x450 [ 288.463539][ T5880] hci_event_packet+0x78c/0x1200 [ 288.463559][ T5880] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 288.463582][ T5880] ? __pfx_hci_event_packet+0x10/0x10 [ 288.463601][ T5880] ? kcov_remote_start+0x4d3/0x7f0 [ 288.463623][ T5880] ? lockdep_hardirqs_on+0x10/0x150 [ 288.463646][ T5880] ? hci_send_to_monitor+0xe2/0x570 [ 288.463671][ T5880] hci_rx_work+0x46a/0xe80 [ 288.463696][ T5880] ? process_scheduled_works+0x9ef/0x17b0 [ 288.463713][ T5880] process_scheduled_works+0xade/0x17b0 [ 288.463751][ T5880] ? __pfx_process_scheduled_works+0x10/0x10 [ 288.463779][ T5880] worker_thread+0x8a0/0xda0 [ 288.463797][ T5880] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 288.463824][ T5880] ? __kthread_parkme+0x7b/0x200 [ 288.463865][ T5880] kthread+0x70e/0x8a0 [ 288.463888][ T5880] ? __pfx_worker_thread+0x10/0x10 [ 288.463903][ T5880] ? __pfx_kthread+0x10/0x10 [ 288.463930][ T5880] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.463956][ T5880] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.463990][ T5880] ? __pfx_kthread+0x10/0x10 [ 288.464019][ T5880] ret_from_fork+0x3f9/0x770 [ 288.464048][ T5880] ? __pfx_ret_from_fork+0x10/0x10 [ 288.464069][ T5880] ? __switch_to_asm+0x39/0x70 [ 288.464090][ T5880] ? __switch_to_asm+0x33/0x70 [ 288.464109][ T5880] ? __pfx_kthread+0x10/0x10 [ 288.464129][ T5880] ret_from_fork_asm+0x1a/0x30 [ 288.464163][ T5880] [ 288.464200][ T5880] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 288.780828][ T5880] Bluetooth: hci0: failed to register connection device [ 289.588348][ T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 289.759071][ T24] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 290.164347][ T7871] fido_id[7871]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 290.626630][ T7879] syz.6.456 (7879): attempted to duplicate a private mapping with mremap. This is not supported. [ 290.845041][ T7883] loop2: detected capacity change from 0 to 128 [ 290.940077][ T7883] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 290.958425][ T5986] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 290.973857][ T7883] ext4 filesystem being mounted at /112/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 291.130832][ T5986] usb 7-1: Using ep0 maxpacket: 16 [ 291.165465][ T5986] usb 7-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 291.186755][ T5986] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.220935][ T5986] usb 7-1: Product: syz [ 291.225254][ T5986] usb 7-1: Manufacturer: syz [ 291.229879][ T5986] usb 7-1: SerialNumber: syz [ 291.256387][ T5986] usb 7-1: config 0 descriptor?? [ 291.540357][ T7889] 9pnet_fd: Insufficient options for proto=fd [ 291.979446][ T6726] hfs: node 4:3 still has 1 user(s)! [ 291.991151][ T5986] usb 7-1: ignoring: not an USB2CAN converter [ 292.141417][ T5986] usb 7-1: USB disconnect, device number 6 [ 292.160485][ T7893] FAULT_INJECTION: forcing a failure. [ 292.160485][ T7893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.210855][ T7893] CPU: 1 UID: 0 PID: 7893 Comm: syz.4.461 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 292.210891][ T7893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 292.210905][ T7893] Call Trace: [ 292.210913][ T7893] [ 292.210922][ T7893] dump_stack_lvl+0x189/0x250 [ 292.210953][ T7893] ? __pfx____ratelimit+0x10/0x10 [ 292.210983][ T7893] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.211008][ T7893] ? __pfx__printk+0x10/0x10 [ 292.211052][ T7893] should_fail_ex+0x414/0x560 [ 292.211084][ T7893] _copy_from_user+0x2d/0xb0 [ 292.211110][ T7893] __copy_msghdr+0x3c5/0x5b0 [ 292.211136][ T7893] ___sys_sendmsg+0x1a5/0x2a0 [ 292.211161][ T7893] ? __pfx____sys_sendmsg+0x10/0x10 [ 292.211221][ T7893] ? __fget_files+0x2a/0x420 [ 292.211253][ T7893] ? __fget_files+0x3a0/0x420 [ 292.211297][ T7893] __x64_sys_sendmsg+0x19b/0x260 [ 292.211323][ T7893] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 292.211355][ T7893] ? __pfx_ksys_write+0x10/0x10 [ 292.211381][ T7893] ? rcu_is_watching+0x15/0xb0 [ 292.211408][ T7893] ? do_syscall_64+0xbe/0x3b0 [ 292.211444][ T7893] do_syscall_64+0xfa/0x3b0 [ 292.211481][ T7893] ? lockdep_hardirqs_on+0x9c/0x150 [ 292.211510][ T7893] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.211532][ T7893] ? clear_bhb_loop+0x60/0xb0 [ 292.211557][ T7893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.211578][ T7893] RIP: 0033:0x7f723578eb69 [ 292.211597][ T7893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.211616][ T7893] RSP: 002b:00007f723663b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 292.211639][ T7893] RAX: ffffffffffffffda RBX: 00007f72359b5fa0 RCX: 00007f723578eb69 [ 292.211654][ T7893] RDX: 0000000000004011 RSI: 00002000000001c0 RDI: 0000000000000003 [ 292.211668][ T7893] RBP: 00007f723663b090 R08: 0000000000000000 R09: 0000000000000000 [ 292.211681][ T7893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.211702][ T7893] R13: 0000000000000000 R14: 00007f72359b5fa0 R15: 00007ffd95a9d0a8 [ 292.211735][ T7893] [ 293.692350][ T7911] loop6: detected capacity change from 0 to 1024 [ 293.798266][ T7914] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 293.861723][ T6426] hfsplus: b-tree write err: -5, ino 4 [ 293.875125][ T5880] Bluetooth: hci1: command 0x041b tx timeout [ 294.069129][ T5867] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 294.142068][ T7919] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 294.142068][ T7919] program syz.6.464 not setting count and/or reply_len properly [ 294.250823][ T7918] loop7: detected capacity change from 0 to 4096 [ 294.372660][ T7918] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.857491][ T982] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 296.697038][ T982] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz0 [ 296.798740][ T7918] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 297.280522][ T6726] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.492453][ T7929] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 297.492453][ T7929] program syz.6.468 not setting count and/or reply_len properly [ 297.642677][ T7927] fido_id[7927]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 297.925282][ T7935] 9pnet_fd: Insufficient options for proto=fd [ 298.814550][ T24] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 299.114668][ T7938] [U] V3Fپ"S/4:XTZWTLW= [ 299.132749][ T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 299.175225][ T24] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 299.185513][ T24] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 299.204675][ T24] usb 8-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 299.229761][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.257562][ T24] usb 8-1: Product: syz [ 299.301756][ T24] usb 8-1: Manufacturer: syz [ 299.317754][ T24] usb 8-1: SerialNumber: syz [ 299.346484][ T24] usb 8-1: config 0 descriptor?? [ 299.376261][ T24] usb 8-1: Found UVC 34.00 device syz (8086:0b5b) [ 299.400423][ T7942] FAULT_INJECTION: forcing a failure. [ 299.400423][ T7942] name failslab, interval 1, probability 0, space 0, times 0 [ 299.420414][ T24] usb 8-1: No valid video chain found. [ 299.456448][ T7942] CPU: 1 UID: 0 PID: 7942 Comm: syz.4.473 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 299.456482][ T7942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 299.456496][ T7942] Call Trace: [ 299.456505][ T7942] [ 299.456515][ T7942] dump_stack_lvl+0x189/0x250 [ 299.456545][ T7942] ? __pfx____ratelimit+0x10/0x10 [ 299.456576][ T7942] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.456601][ T7942] ? __pfx__printk+0x10/0x10 [ 299.456636][ T7942] ? __pfx___might_resched+0x10/0x10 [ 299.456654][ T7942] ? fs_reclaim_acquire+0x7d/0x100 [ 299.456687][ T7942] should_fail_ex+0x414/0x560 [ 299.456718][ T7942] should_failslab+0xa8/0x100 [ 299.456750][ T7942] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 299.456778][ T7942] ? __d_alloc+0x36/0x7a0 [ 299.456806][ T7942] __d_alloc+0x36/0x7a0 [ 299.456833][ T7942] d_alloc_parallel+0xe5/0x15e0 [ 299.456875][ T7942] ? __d_lookup+0x66/0x780 [ 299.456903][ T7942] ? __pfx_d_alloc_parallel+0x10/0x10 [ 299.456936][ T7942] ? filldir64+0x64b/0x690 [ 299.456980][ T7942] fuse_readdir+0x1d2d/0x2bb0 [ 299.457050][ T7942] ? stack_trace_save+0x9c/0xe0 [ 299.457085][ T7942] ? __pfx_stack_trace_save+0x10/0x10 [ 299.457112][ T7942] ? __pfx_fuse_readdir+0x10/0x10 [ 299.457143][ T7942] ? check_path+0x21/0x40 [ 299.457174][ T7942] ? lockdep_unlock+0x89/0x120 [ 299.457202][ T7942] ? validate_chain+0x897/0x2140 [ 299.457288][ T7942] ? down_read_killable+0x1d1/0x350 [ 299.457316][ T7942] iterate_dir+0x399/0x570 [ 299.457352][ T7942] __se_sys_getdents64+0xe4/0x260 [ 299.457384][ T7942] ? __pfx___se_sys_getdents64+0x10/0x10 [ 299.457410][ T7942] ? ksys_write+0x22a/0x250 [ 299.457435][ T7942] ? __pfx_filldir64+0x10/0x10 [ 299.457464][ T7942] ? __pfx_ksys_write+0x10/0x10 [ 299.457489][ T7942] ? rcu_is_watching+0x15/0xb0 [ 299.457517][ T7942] ? do_syscall_64+0xbe/0x3b0 [ 299.457552][ T7942] do_syscall_64+0xfa/0x3b0 [ 299.457582][ T7942] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.457610][ T7942] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.457631][ T7942] ? clear_bhb_loop+0x60/0xb0 [ 299.457655][ T7942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.457676][ T7942] RIP: 0033:0x7f723578eb69 [ 299.457692][ T7942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.457705][ T7942] RSP: 002b:00007f723661a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 299.457722][ T7942] RAX: ffffffffffffffda RBX: 00007f72359b6080 RCX: 00007f723578eb69 [ 299.457733][ T7942] RDX: 00000000000000c0 RSI: 0000000000000000 RDI: 0000000000000004 [ 299.457742][ T7942] RBP: 00007f723661a090 R08: 0000000000000000 R09: 0000000000000000 [ 299.457751][ T7942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.457760][ T7942] R13: 0000000000000000 R14: 00007f72359b6080 R15: 00007ffd95a9d0a8 [ 299.457783][ T7942] [ 299.790263][ T7943] Illegal XDP return value 4294967282 on prog (id 85) dev N/A, expect packet loss! [ 299.804512][ T24] usb 8-1: USB disconnect, device number 6 [ 300.020849][ T7936] [U] J"E:" [ 300.090855][ T7946] FAULT_INJECTION: forcing a failure. [ 300.090855][ T7946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.106105][ T7946] CPU: 1 UID: 0 PID: 7946 Comm: syz.5.474 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 300.106136][ T7946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 300.106149][ T7946] Call Trace: [ 300.106157][ T7946] [ 300.106165][ T7946] dump_stack_lvl+0x189/0x250 [ 300.106196][ T7946] ? __pfx____ratelimit+0x10/0x10 [ 300.106235][ T7946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.106261][ T7946] ? __pfx__printk+0x10/0x10 [ 300.106297][ T7946] ? __might_fault+0xb0/0x130 [ 300.106338][ T7946] should_fail_ex+0x414/0x560 [ 300.106371][ T7946] core_sys_select+0x724/0xa20 [ 300.106415][ T7946] ? __pfx_core_sys_select+0x10/0x10 [ 300.106472][ T7946] ? __pfx_set_user_sigmask+0x10/0x10 [ 300.106506][ T7946] __se_sys_pselect6+0x27a/0x300 [ 300.106543][ T7946] ? __pfx___se_sys_pselect6+0x10/0x10 [ 300.106573][ T7946] ? __pfx_ksys_write+0x10/0x10 [ 300.106598][ T7946] ? rcu_is_watching+0x15/0xb0 [ 300.106626][ T7946] ? __x64_sys_pselect6+0x21/0xf0 [ 300.106659][ T7946] do_syscall_64+0xfa/0x3b0 [ 300.106689][ T7946] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.106718][ T7946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.106739][ T7946] ? clear_bhb_loop+0x60/0xb0 [ 300.106765][ T7946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.106786][ T7946] RIP: 0033:0x7f53c9f8eb69 [ 300.106805][ T7946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.106824][ T7946] RSP: 002b:00007f53cadcd038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 300.106846][ T7946] RAX: ffffffffffffffda RBX: 00007f53ca1b5fa0 RCX: 00007f53c9f8eb69 [ 300.106862][ T7946] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000040 [ 300.106875][ T7946] RBP: 00007f53cadcd090 R08: 0000000000000000 R09: 0000000000000000 [ 300.106889][ T7946] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001 [ 300.106903][ T7946] R13: 0000000000000000 R14: 00007f53ca1b5fa0 R15: 00007ffc4dbcb5e8 [ 300.106941][ T7946] [ 300.614129][ T7951] FAULT_INJECTION: forcing a failure. [ 300.614129][ T7951] name failslab, interval 1, probability 0, space 0, times 0 [ 300.652422][ T7951] CPU: 1 UID: 0 PID: 7951 Comm: syz.7.477 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 300.652453][ T7951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 300.652468][ T7951] Call Trace: [ 300.652476][ T7951] [ 300.652485][ T7951] dump_stack_lvl+0x189/0x250 [ 300.652516][ T7951] ? __pfx____ratelimit+0x10/0x10 [ 300.652547][ T7951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.652573][ T7951] ? __pfx__printk+0x10/0x10 [ 300.652611][ T7951] ? __pfx___might_resched+0x10/0x10 [ 300.652631][ T7951] ? fs_reclaim_acquire+0x7d/0x100 [ 300.652670][ T7951] should_fail_ex+0x414/0x560 [ 300.652703][ T7951] should_failslab+0xa8/0x100 [ 300.652737][ T7951] __kmalloc_noprof+0xcb/0x4f0 [ 300.652764][ T7951] ? kfree+0x4d/0x440 [ 300.652787][ T7951] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 300.652814][ T7951] tomoyo_realpath_from_path+0xe3/0x5d0 [ 300.652837][ T7951] ? tomoyo_domain+0xd9/0x130 [ 300.652865][ T7951] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 300.652894][ T7951] tomoyo_path_number_perm+0x1e8/0x5a0 [ 300.652927][ T7951] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 300.652984][ T7951] ? __lock_acquire+0xab9/0xd20 [ 300.653038][ T7951] ? __fget_files+0x2a/0x420 [ 300.653075][ T7951] ? __fget_files+0x2a/0x420 [ 300.653105][ T7951] ? __fget_files+0x3a0/0x420 [ 300.653136][ T7951] ? __fget_files+0x2a/0x420 [ 300.653173][ T7951] security_file_ioctl+0xcb/0x2d0 [ 300.653205][ T7951] __se_sys_ioctl+0x47/0x170 [ 300.653234][ T7951] do_syscall_64+0xfa/0x3b0 [ 300.653264][ T7951] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.653293][ T7951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.653314][ T7951] ? clear_bhb_loop+0x60/0xb0 [ 300.653341][ T7951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.653361][ T7951] RIP: 0033:0x7f93e078eb69 [ 300.653379][ T7951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.653399][ T7951] RSP: 002b:00007f93e164a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 300.653421][ T7951] RAX: ffffffffffffffda RBX: 00007f93e09b5fa0 RCX: 00007f93e078eb69 [ 300.653437][ T7951] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000003 [ 300.653451][ T7951] RBP: 00007f93e164a090 R08: 0000000000000000 R09: 0000000000000000 [ 300.653465][ T7951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.653477][ T7951] R13: 0000000000000000 R14: 00007f93e09b5fa0 R15: 00007fffe3fdbee8 [ 300.653511][ T7951] [ 300.653520][ T7951] ERROR: Out of memory at tomoyo_realpath_from_path. [ 301.051953][ T7958] FAULT_INJECTION: forcing a failure. [ 301.051953][ T7958] name failslab, interval 1, probability 0, space 0, times 0 [ 301.126046][ T7958] CPU: 0 UID: 0 PID: 7958 Comm: syz.4.479 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 301.126079][ T7958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 301.126092][ T7958] Call Trace: [ 301.126101][ T7958] [ 301.126111][ T7958] dump_stack_lvl+0x189/0x250 [ 301.126152][ T7958] ? __pfx____ratelimit+0x10/0x10 [ 301.126182][ T7958] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.126208][ T7958] ? __pfx__printk+0x10/0x10 [ 301.126241][ T7958] ? __lock_acquire+0xab9/0xd20 [ 301.126284][ T7958] should_fail_ex+0x414/0x560 [ 301.126317][ T7958] should_failslab+0xa8/0x100 [ 301.126352][ T7958] kmem_cache_alloc_noprof+0x73/0x3c0 [ 301.126380][ T7958] ? skb_clone+0x212/0x3a0 [ 301.126409][ T7958] skb_clone+0x212/0x3a0 [ 301.126436][ T7958] __netlink_deliver_tap+0x404/0x850 [ 301.126482][ T7958] ? netlink_deliver_tap+0x2e/0x1b0 [ 301.126515][ T7958] netlink_deliver_tap+0x19c/0x1b0 [ 301.126548][ T7958] netlink_unicast+0x7fa/0x9e0 [ 301.126587][ T7958] ? __pfx_netlink_unicast+0x10/0x10 [ 301.126617][ T7958] ? netlink_sendmsg+0x642/0xb30 [ 301.126646][ T7958] ? skb_put+0x11b/0x210 [ 301.126669][ T7958] netlink_sendmsg+0x805/0xb30 [ 301.126711][ T7958] ? __pfx_netlink_sendmsg+0x10/0x10 [ 301.126746][ T7958] ? aa_sock_msg_perm+0xf1/0x1d0 [ 301.126781][ T7958] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 301.126804][ T7958] ? __pfx_netlink_sendmsg+0x10/0x10 [ 301.126836][ T7958] __sock_sendmsg+0x219/0x270 [ 301.126867][ T7958] ____sys_sendmsg+0x505/0x830 [ 301.126896][ T7958] ? __pfx_____sys_sendmsg+0x10/0x10 [ 301.126934][ T7958] ? import_iovec+0x74/0xa0 [ 301.126966][ T7958] ___sys_sendmsg+0x21f/0x2a0 [ 301.126991][ T7958] ? __pfx____sys_sendmsg+0x10/0x10 [ 301.127053][ T7958] ? __fget_files+0x2a/0x420 [ 301.127086][ T7958] ? __fget_files+0x3a0/0x420 [ 301.127138][ T7958] __x64_sys_sendmsg+0x19b/0x260 [ 301.127164][ T7958] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 301.127198][ T7958] ? __pfx_ksys_write+0x10/0x10 [ 301.127224][ T7958] ? rcu_is_watching+0x15/0xb0 [ 301.127252][ T7958] ? do_syscall_64+0xbe/0x3b0 [ 301.127286][ T7958] do_syscall_64+0xfa/0x3b0 [ 301.127316][ T7958] ? lockdep_hardirqs_on+0x9c/0x150 [ 301.127345][ T7958] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.127366][ T7958] ? clear_bhb_loop+0x60/0xb0 [ 301.127393][ T7958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.127414][ T7958] RIP: 0033:0x7f723578eb69 [ 301.127433][ T7958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.127452][ T7958] RSP: 002b:00007f723663b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 301.127475][ T7958] RAX: ffffffffffffffda RBX: 00007f72359b5fa0 RCX: 00007f723578eb69 [ 301.127491][ T7958] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 301.127504][ T7958] RBP: 00007f723663b090 R08: 0000000000000000 R09: 0000000000000000 [ 301.127518][ T7958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.127530][ T7958] R13: 0000000000000000 R14: 00007f72359b5fa0 R15: 00007ffd95a9d0a8 [ 301.127563][ T7958] [ 301.130102][ T7958] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.479'. [ 301.943325][ T24] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 302.145219][ T24] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz0] on syz0 [ 304.117610][ T7970] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.483'. [ 304.140200][ T7972] binder: BINDER_SET_CONTEXT_MGR already set [ 304.147687][ T7972] binder: 7966:7972 ioctl 4018620d 200000004a80 returned -16 [ 304.218812][ T7973] : entered promiscuous mode [ 304.480196][ T7977] FAULT_INJECTION: forcing a failure. [ 304.480196][ T7977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.500868][ T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 304.550229][ T7971] fido_id[7971]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 304.559998][ T7977] CPU: 0 UID: 0 PID: 7977 Comm: syz.7.484 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 304.560036][ T7977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 304.560050][ T7977] Call Trace: [ 304.560060][ T7977] [ 304.560070][ T7977] dump_stack_lvl+0x189/0x250 [ 304.560107][ T7977] ? __pfx____ratelimit+0x10/0x10 [ 304.560142][ T7977] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.560171][ T7977] ? __pfx__printk+0x10/0x10 [ 304.560207][ T7977] ? __might_fault+0xb0/0x130 [ 304.560255][ T7977] should_fail_ex+0x414/0x560 [ 304.560294][ T7977] _copy_from_iter+0x1db/0x16f0 [ 304.560350][ T7977] ? __pfx__copy_from_iter+0x10/0x10 [ 304.560390][ T7977] ? __pfx_woken_wake_function+0x10/0x10 [ 304.560426][ T7977] ? file_tty_write+0x323/0xa20 [ 304.560462][ T7977] ? rcu_is_watching+0x15/0xb0 [ 304.560486][ T7977] ? kfree+0x4d/0x440 [ 304.560522][ T7977] file_tty_write+0x4bc/0xa20 [ 304.560570][ T7977] vfs_write+0x5c9/0xb30 [ 304.560617][ T7977] ? __pfx_tty_write+0x10/0x10 [ 304.560652][ T7977] ? __pfx_vfs_write+0x10/0x10 [ 304.560702][ T7977] ? __fget_files+0x2a/0x420 [ 304.560753][ T7977] ksys_write+0x145/0x250 [ 304.560789][ T7977] ? __pfx_ksys_write+0x10/0x10 [ 304.560817][ T7977] ? rcu_is_watching+0x15/0xb0 [ 304.560846][ T7977] ? do_syscall_64+0xbe/0x3b0 [ 304.560885][ T7977] do_syscall_64+0xfa/0x3b0 [ 304.560918][ T7977] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.560950][ T7977] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.560975][ T7977] ? clear_bhb_loop+0x60/0xb0 [ 304.561004][ T7977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.561027][ T7977] RIP: 0033:0x7f93e078eb69 [ 304.561049][ T7977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.561071][ T7977] RSP: 002b:00007f93e164a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 304.561097][ T7977] RAX: ffffffffffffffda RBX: 00007f93e09b5fa0 RCX: 00007f93e078eb69 [ 304.561115][ T7977] RDX: 00000000fffffedf RSI: 0000200000000000 RDI: 0000000000000004 [ 304.561130][ T7977] RBP: 00007f93e164a090 R08: 0000000000000000 R09: 0000000000000000 [ 304.561146][ T7977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.561161][ T7977] R13: 0000000000000000 R14: 00007f93e09b5fa0 R15: 00007fffe3fdbee8 [ 304.561198][ T7977] [ 304.906901][ T7979] loop4: detected capacity change from 0 to 256 [ 304.991160][ T24] usb 7-1: config 0 has an invalid interface number: 170 but max is 0 [ 304.999402][ T24] usb 7-1: config 0 has no interface number 0 [ 305.034620][ T24] usb 7-1: config 0 interface 170 altsetting 0 endpoint 0x3 has an invalid bInterval 31, changing to 7 [ 305.088395][ T24] usb 7-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6 [ 305.160793][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.269383][ T24] usb 7-1: config 0 descriptor?? [ 305.280962][ T982] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 305.315806][ T24] HFC-S_USB 7-1:0.170: probe with driver HFC-S_USB failed with error -5 [ 305.481162][ T982] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.516643][ T982] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 305.532453][ T982] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 305.563632][ T982] usb 8-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 305.577175][ T982] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.593865][ T982] usb 8-1: Product: syz [ 305.606136][ T982] usb 8-1: Manufacturer: syz [ 305.617199][ T982] usb 8-1: SerialNumber: syz [ 305.634988][ T982] usb 8-1: config 0 descriptor?? [ 305.671220][ T5866] Bluetooth: hci2: unknown advertising packet type: 0x14 [ 305.671259][ T5866] Bluetooth: hci2: unknown advertising packet type: 0x08 [ 305.679101][ T5866] Bluetooth: hci2: Dropping invalid advertising data [ 305.693422][ T5866] Bluetooth: hci2: Malformed LE Event: 0x02 [ 305.704497][ T982] usb 8-1: Found UVC 34.00 device syz (8086:0b5b) [ 305.712302][ T982] usb 8-1: No valid video chain found. [ 306.173273][ T982] usb 8-1: USB disconnect, device number 7 [ 306.406864][ T30] audit: type=1326 audit(1754448177.936:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7985 comm="syz.2.488" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f12a518eb69 code=0x0 [ 306.517440][ T7989] loop2: detected capacity change from 0 to 512 [ 307.585747][ T9] usb 7-1: USB disconnect, device number 7 [ 308.835548][ T8016] loop4: detected capacity change from 0 to 2048 [ 308.942562][ T8016] NILFS (loop4): Invalid checkpoint (checkpoint number=2) [ 308.951721][ T8016] NILFS (loop4): error -22 while loading last checkpoint (checkpoint number=2) [ 310.272836][ T8025] loop6: detected capacity change from 0 to 32768 [ 310.358871][ T8025] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 310.638381][ T8025] XFS (loop6): Ending clean mount [ 311.233260][ T8041] [U] V3Fپ"S/4:XTZWTLW= [ 311.454700][ T8037] [U] J"E:" [ 311.877951][ T5935] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 312.923843][ T5935] usb 5-1: unable to get BOS descriptor or descriptor too short [ 312.957205][ T5935] usb 5-1: not running at top speed; connect to a high speed hub [ 313.029062][ T5935] usb 5-1: config 4 has an invalid interface number: 32 but max is 0 [ 313.044174][ T5935] usb 5-1: config 4 has no interface number 0 [ 313.054983][ T5935] usb 5-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=f1.50 [ 313.064469][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.073104][ T5935] usb 5-1: Product: syz [ 313.077450][ T5935] usb 5-1: Manufacturer: syz [ 313.107993][ T5935] usb 5-1: SerialNumber: syz [ 313.440021][ T8045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.502'. [ 313.535944][ T8045] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.547198][ T8045] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.555191][ T24] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 313.653267][ T8045] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 313.699354][ T8045] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.745275][ T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 313.776206][ T24] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 313.790627][ T24] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 313.857880][ T24] usb 8-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 313.884245][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.970817][ T24] usb 8-1: Product: syz [ 313.975270][ T24] usb 8-1: Manufacturer: syz [ 313.980402][ T24] usb 8-1: SerialNumber: syz [ 314.024667][ T24] usb 8-1: config 0 descriptor?? [ 314.038790][ T24] usb 8-1: Found UVC 34.00 device syz (8086:0b5b) [ 314.048995][ T24] usb 8-1: No valid video chain found. [ 314.114793][ T8051] syz.6.496 (8051) used greatest stack depth: 16264 bytes left [ 314.189198][ T5935] usb 5-1: Found UVC 0.02 device syz (17dc:0202) [ 314.197708][ T5935] usb 5-1: No valid video chain found. [ 314.227417][ T5935] usb 5-1: USB disconnect, device number 8 [ 314.272687][ T979] usb 8-1: USB disconnect, device number 8 [ 314.298808][ T8062] netlink: 'syz.5.506': attribute type 1 has an invalid length. [ 314.310850][ T8062] netlink: 'syz.5.506': attribute type 1 has an invalid length. [ 314.444043][ T6600] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 314.978011][ T8066] loop4: detected capacity change from 0 to 4096 [ 315.046482][ T8062] loop5: detected capacity change from 0 to 32768 [ 315.054770][ T8062] XFS: noikeep mount option is deprecated. [ 315.056778][ T8066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.091505][ T8062] xfs: Unknown parameter 'dont_measure' [ 315.098372][ T8069] loop6: detected capacity change from 0 to 2048 [ 315.100015][ T8073] netlink: 16 bytes leftover after parsing attributes in process `syz.7.510'. [ 316.472949][ T5855] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 317.601313][ T8066] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 317.903898][ T5855] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz0] on syz0 [ 318.447288][ T5871] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 318.516326][ T8086] fido_id[8086]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 318.618213][ T8092] netlink: 4 bytes leftover after parsing attributes in process `syz.5.516'. [ 318.663236][ T8092] netlink: 4 bytes leftover after parsing attributes in process `syz.5.516'. [ 318.704993][ T8092] netlink: 4 bytes leftover after parsing attributes in process `syz.5.516'. [ 319.930918][ T5855] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 319.984737][ T5935] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 320.122911][ T5855] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.142038][ T5855] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 320.163988][ T5855] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 320.187241][ T5935] usb 6-1: Using ep0 maxpacket: 32 [ 320.198483][ T5855] usb 8-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 320.210376][ T5855] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.215190][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.233858][ T5855] usb 8-1: Product: syz [ 320.239466][ T5855] usb 8-1: Manufacturer: syz [ 320.248797][ T8114] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 320.251772][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.262857][ T5855] usb 8-1: SerialNumber: syz [ 320.277815][ T5935] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 320.297251][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.337573][ T5855] usb 8-1: config 0 descriptor?? [ 320.349547][ T5935] usb 6-1: config 0 descriptor?? [ 320.356419][ T5855] usb 8-1: Found UVC 34.00 device syz (8086:0b5b) [ 320.356456][ T5855] usb 8-1: No valid video chain found. [ 320.406710][ T5935] hub 6-1:0.0: USB hub found [ 320.462788][ T8118] loop2: detected capacity change from 0 to 1024 [ 320.483464][ T8118] EXT4-fs: Ignoring removed bh option [ 320.496417][ T8118] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 320.547359][ T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 320.568932][ T24] usb 8-1: USB disconnect, device number 9 [ 320.589108][ T8118] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 320.625964][ T5935] hub 6-1:0.0: config failed, hub has too many ports! (err -19) [ 320.693939][ T5855] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 320.715424][ T5855] hid-generic 0000:0000:0000.000B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 320.751042][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 320.765920][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 320.787354][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 320.808893][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 320.840966][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 320.890624][ T8107] loop5: detected capacity change from 0 to 512 [ 320.899165][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 320.924121][ T8122] fido_id[8122]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 320.943922][ T8107] EXT4-fs: Ignoring removed bh option [ 320.950495][ T8107] EXT4-fs: quotafile must be on filesystem root [ 320.957874][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 320.970259][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 321.006081][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 321.058401][ T5935] usbhid 6-1:0.0: can't add hid device: -71 [ 321.066777][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 321.113458][ T5935] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 321.153125][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 321.182600][ T5935] usb 6-1: USB disconnect, device number 6 [ 321.227493][ T9] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 321.253035][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 321.282242][ T9] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 321.297918][ T8118] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 321.307731][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 321.333328][ T8125] overlayfs: failed to resolve './file0': -2 [ 321.433672][ T9] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 321.465604][ T9] usb 5-1: string descriptor 0 read error: -22 [ 321.472478][ T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 321.493780][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.539518][ T9] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 321.756803][ T8133] overlayfs: failed to resolve './file0': -2 [ 322.070251][ T8109] loop4: detected capacity change from 0 to 4096 [ 322.095699][ T5867] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.253737][ T8135] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 322.356692][ T30] audit: type=1800 audit(1754448193.876:38): pid=8109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.521" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 322.518228][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.524739][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.860451][ T30] audit: type=1326 audit(1754448194.396:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8108 comm="syz.4.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f723578eb69 code=0x7ffc0000 [ 322.884885][ T30] audit: type=1326 audit(1754448194.426:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8108 comm="syz.4.521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f723578eb69 code=0x7ffc0000 [ 323.930365][ T30] audit: type=1800 audit(1754448195.396:41): pid=8115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.521" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 323.969061][ T8156] FAULT_INJECTION: forcing a failure. [ 323.969061][ T8156] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.034642][ T8154] loop6: detected capacity change from 0 to 4096 [ 324.072547][ T5866] Bluetooth: hci1: unknown advertising packet type: 0x14 [ 324.072597][ T5866] Bluetooth: hci1: unknown advertising packet type: 0x08 [ 324.081550][ T5866] Bluetooth: hci1: Dropping invalid advertising data [ 324.095616][ T5866] Bluetooth: hci1: Malformed LE Event: 0x02 [ 324.110225][ T8156] CPU: 1 UID: 0 PID: 8156 Comm: syz.5.530 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 324.110257][ T8156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 324.110270][ T8156] Call Trace: [ 324.110278][ T8156] [ 324.110288][ T8156] dump_stack_lvl+0x189/0x250 [ 324.110319][ T8156] ? __pfx____ratelimit+0x10/0x10 [ 324.110348][ T8156] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.110374][ T8156] ? __pfx__printk+0x10/0x10 [ 324.110416][ T8156] should_fail_ex+0x414/0x560 [ 324.110449][ T8156] _copy_to_user+0x31/0xb0 [ 324.110475][ T8156] simple_read_from_buffer+0xe1/0x170 [ 324.110512][ T8156] proc_fail_nth_read+0x1b3/0x220 [ 324.110541][ T8156] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 324.110569][ T8156] ? rw_verify_area+0x2a6/0x4d0 [ 324.110594][ T8156] ? __lock_acquire+0xab9/0xd20 [ 324.110622][ T8156] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 324.110649][ T8156] vfs_read+0x1fd/0xa30 [ 324.110679][ T8156] ? fdget_pos+0x247/0x320 [ 324.110702][ T8156] ? __pfx___mutex_lock+0x10/0x10 [ 324.110733][ T8156] ? __pfx_vfs_read+0x10/0x10 [ 324.110763][ T8156] ? __fget_files+0x2a/0x420 [ 324.110799][ T8156] ? __fget_files+0x3a0/0x420 [ 324.110830][ T8156] ? __fget_files+0x2a/0x420 [ 324.110872][ T8156] ksys_read+0x145/0x250 [ 324.110904][ T8156] ? __pfx_ksys_read+0x10/0x10 [ 324.110928][ T8156] ? rcu_is_watching+0x15/0xb0 [ 324.110957][ T8156] ? do_syscall_64+0xbe/0x3b0 [ 324.110992][ T8156] do_syscall_64+0xfa/0x3b0 [ 324.111021][ T8156] ? lockdep_hardirqs_on+0x9c/0x150 [ 324.111049][ T8156] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.111071][ T8156] ? clear_bhb_loop+0x60/0xb0 [ 324.111105][ T8156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.111127][ T8156] RIP: 0033:0x7f53c9f8d57c [ 324.111147][ T8156] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 324.111166][ T8156] RSP: 002b:00007f53cadcd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 324.111188][ T8156] RAX: ffffffffffffffda RBX: 00007f53ca1b5fa0 RCX: 00007f53c9f8d57c [ 324.111204][ T8156] RDX: 000000000000000f RSI: 00007f53cadcd0a0 RDI: 0000000000000004 [ 324.111218][ T8156] RBP: 00007f53cadcd090 R08: 0000000000000000 R09: 0000000000000000 [ 324.111232][ T8156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.111244][ T8156] R13: 0000000000000000 R14: 00007f53ca1b5fa0 R15: 00007ffc4dbcb5e8 [ 324.111278][ T8156] [ 324.790392][ T8163] loop2: detected capacity change from 0 to 8 [ 325.421487][ T8163] SQUASHFS error: xz decompression failed, data probably corrupt [ 325.631354][ T8163] SQUASHFS error: Failed to read block 0x108: -5 [ 325.637759][ T8163] SQUASHFS error: Unable to read metadata cache entry [106] [ 325.754570][ T8163] SQUASHFS error: Unable to read inode 0x11f [ 325.959645][ T982] usb 5-1: USB disconnect, device number 9 [ 325.995577][ T8170] loop5: detected capacity change from 0 to 1024 [ 326.005927][ T9] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 326.087613][ T8170] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.100033][ T8178] loop2: detected capacity change from 0 to 128 [ 326.170528][ T8179] block device autoloading is deprecated and will be removed. [ 326.184948][ T8170] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 326.204674][ T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 326.227883][ T9] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 326.231214][ T8170] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 326.252172][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 326.255175][ T9] usb 8-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 326.285316][ T30] audit: type=1800 audit(1754448197.746:42): pid=8170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.535" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 326.356406][ T30] audit: type=1800 audit(1754448197.746:43): pid=8170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.535" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 326.529222][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.575824][ T9] usb 8-1: Product: syz [ 326.602019][ T9] usb 8-1: Manufacturer: syz [ 326.617196][ T9] usb 8-1: SerialNumber: syz [ 326.669830][ T9] usb 8-1: config 0 descriptor?? [ 326.675923][ T6483] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.707563][ T9] usb 8-1: Found UVC 34.00 device syz (8086:0b5b) [ 326.721168][ T9] usb 8-1: No valid video chain found. [ 326.967532][ T9] usb 8-1: USB disconnect, device number 10 [ 327.023927][ T8178] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 327.051832][ T8178] System zones: 1-3, 19-19, 35-36 [ 327.097999][ T8178] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 327.202084][ T8178] ext4 filesystem being mounted at /125/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 327.248717][ T8186] 9pnet_fd: Insufficient options for proto=fd [ 328.249779][ T8197] loop7: detected capacity change from 0 to 256 [ 328.582794][ T8199] loop6: detected capacity change from 0 to 40427 [ 328.613956][ T8199] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 328.621929][ T8199] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 328.639241][ T8197] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d) [ 328.643798][ T8199] F2FS-fs (loop6): invalid crc value [ 328.751621][ T8199] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 328.796838][ T8199] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 328.803949][ T8199] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 329.266209][ T30] audit: type=1800 audit(1754448200.716:44): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.543" name="file1" dev="loop6" ino=10 res=0 errno=0 [ 329.950946][ T8207] netlink: 12 bytes leftover after parsing attributes in process `syz.5.544'. [ 330.301003][ T8209] loop5: detected capacity change from 0 to 512 [ 330.313501][ T8209] ext4: Unknown parameter 'fscontext' [ 331.009548][ T8178] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 331.134998][ T8211] loop7: detected capacity change from 0 to 764 [ 331.191678][ T8211] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 331.292511][ T8215] netlink: 12 bytes leftover after parsing attributes in process `syz.6.545'. [ 331.704745][ T8221] loop6: detected capacity change from 0 to 512 [ 331.718438][ T8221] ext4: Unknown parameter 'fscontext' [ 332.372432][ T8222] loop5: detected capacity change from 0 to 4096 [ 332.470279][ T8222] NILFS (loop5): The specified checkpoint is not a snapshot (checkpoint number=1) [ 332.534844][ T8213] loop2: detected capacity change from 0 to 8192 [ 332.572052][ T8213] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 332.652701][ T8224] netlink: 'syz.7.549': attribute type 2 has an invalid length. [ 332.671279][ T8224] netlink: 'syz.7.549': attribute type 1 has an invalid length. [ 332.678979][ T8224] netlink: 193500 bytes leftover after parsing attributes in process `syz.7.549'. [ 332.732910][ T8213] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 332.772783][ T8213] ntfs3(loop2): Failed to load $Extend (-2). [ 332.832680][ T8213] ntfs3(loop2): Failed to initialize $Extend. [ 333.074524][ T8225] loop7: detected capacity change from 0 to 8192 [ 333.137222][ T8225] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 333.225006][ T8224] overlay: filesystem on ./bus not supported [ 333.231480][ T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 333.286080][ T8225] FAT-fs (loop7): error, invalid access to FAT (entry 0x00000001) [ 333.308016][ T8236] netlink: 20 bytes leftover after parsing attributes in process `syz.4.553'. [ 333.317205][ T8225] FAT-fs (loop7): Filesystem has been set read-only [ 333.413403][ T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 333.430602][ T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 333.480868][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 333.487808][ T12] bond0: (slave bond_slave_0): interface is now down [ 333.502578][ T8235] bond0: option arp_validate: invalid value (18446744073491447809) [ 333.533707][ T8239] loop7: detected capacity change from 0 to 256 [ 333.541172][ T12] bond0: (slave bond_slave_1): interface is now down [ 333.543299][ T9] usb 7-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 333.579369][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.606649][ T12] bond0: now running without any active interface! [ 333.620844][ T9] usb 7-1: Product: syz [ 333.637361][ T9] usb 7-1: Manufacturer: syz [ 333.638459][ T8239] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 333.658669][ T9] usb 7-1: SerialNumber: syz [ 333.707181][ T8239] FAT-fs (loop7): Filesystem has been set read-only [ 333.997595][ T8242] loop4: detected capacity change from 0 to 40427 [ 334.021721][ T8242] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 334.027745][ T6726] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 334.029514][ T8242] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 334.034111][ T9] usb 7-1: config 0 descriptor?? [ 334.063330][ T8242] F2FS-fs (loop4): invalid crc value [ 334.168919][ T8242] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 334.181925][ T9] usb 7-1: Found UVC 34.00 device syz (8086:0b5b) [ 334.188449][ T9] usb 7-1: No valid video chain found. [ 334.197275][ T8242] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 334.204419][ T8242] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 334.441179][ T9] usb 7-1: USB disconnect, device number 8 [ 334.443696][ T5935] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 334.863961][ T30] audit: type=1800 audit(1754448206.136:45): pid=8255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.555" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 335.242472][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 335.260932][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 335.270824][ T5935] usb 6-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 335.279902][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.301641][ T5935] usb 6-1: config 0 descriptor?? [ 335.748549][ T5935] arvo 0003:1E7D:30D4.000C: unknown main item tag 0x0 [ 335.788515][ T5935] arvo 0003:1E7D:30D4.000C: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.5-1/input0 [ 335.935986][ T8253] loop7: detected capacity change from 0 to 32768 [ 336.070274][ T8253] FAULT_INJECTION: forcing a failure. [ 336.070274][ T8253] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 336.156310][ T8253] CPU: 1 UID: 0 PID: 8253 Comm: syz.7.556 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 336.156343][ T8253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 336.156356][ T8253] Call Trace: [ 336.156365][ T8253] [ 336.156375][ T8253] dump_stack_lvl+0x189/0x250 [ 336.156407][ T8253] ? __pfx____ratelimit+0x10/0x10 [ 336.156438][ T8253] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.156464][ T8253] ? __pfx__printk+0x10/0x10 [ 336.156508][ T8253] should_fail_ex+0x414/0x560 [ 336.156543][ T8253] _copy_to_user+0x31/0xb0 [ 336.156570][ T8253] simple_read_from_buffer+0xe1/0x170 [ 336.156607][ T8253] proc_fail_nth_read+0x1b3/0x220 [ 336.156636][ T8253] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 336.156664][ T8253] ? rw_verify_area+0x2a6/0x4d0 [ 336.156689][ T8253] ? __lock_acquire+0xab9/0xd20 [ 336.156717][ T8253] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 336.156743][ T8253] vfs_read+0x1fd/0xa30 [ 336.156769][ T8253] ? fdget_pos+0x247/0x320 [ 336.156793][ T8253] ? __pfx___mutex_lock+0x10/0x10 [ 336.156825][ T8253] ? __pfx_vfs_read+0x10/0x10 [ 336.156855][ T8253] ? __fget_files+0x2a/0x420 [ 336.156892][ T8253] ? __fget_files+0x3a0/0x420 [ 336.156923][ T8253] ? __fget_files+0x2a/0x420 [ 336.156965][ T8253] ksys_read+0x145/0x250 [ 336.156991][ T8253] ? __pfx_filldir+0x10/0x10 [ 336.157020][ T8253] ? __pfx_ksys_read+0x10/0x10 [ 336.157045][ T8253] ? rcu_is_watching+0x15/0xb0 [ 336.157074][ T8253] ? do_syscall_64+0xbe/0x3b0 [ 336.157118][ T8253] do_syscall_64+0xfa/0x3b0 [ 336.157148][ T8253] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.157177][ T8253] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.157198][ T8253] ? clear_bhb_loop+0x60/0xb0 [ 336.157225][ T8253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.157246][ T8253] RIP: 0033:0x7f93e078d57c [ 336.157265][ T8253] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 336.157284][ T8253] RSP: 002b:00007f93e164a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 336.157307][ T8253] RAX: ffffffffffffffda RBX: 00007f93e09b5fa0 RCX: 00007f93e078d57c [ 336.157323][ T8253] RDX: 000000000000000f RSI: 00007f93e164a0a0 RDI: 0000000000000005 [ 336.157336][ T8253] RBP: 00007f93e164a090 R08: 0000000000000000 R09: 0000000000000000 [ 336.157356][ T8253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.157369][ T8253] R13: 0000000000000000 R14: 00007f93e09b5fa0 R15: 00007fffe3fdbee8 [ 336.157403][ T8253] [ 336.417736][ T9] page_pool_release_retry() stalled pool shutdown: id 23, 39 inflight 181 sec [ 336.559266][ T5855] usb 6-1: USB disconnect, device number 7 [ 336.920431][ T8260] loop6: detected capacity change from 0 to 32768 [ 336.932286][ T8273] loop2: detected capacity change from 0 to 16 [ 336.990581][ T8273] erofs (device loop2): mounted with root inode @ nid 36. [ 337.104486][ T8269] loop7: detected capacity change from 0 to 4096 [ 337.126734][ T8260] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 337.232660][ T8269] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 337.273343][ T6600] (syz-executor,6600,0):ocfs2_inode_is_valid_to_delete:928 ERROR: Skipping delete of root inode. [ 337.288815][ T8269] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 337.393303][ T6600] ocfs2: Unmounting device (7,6) on (node local) [ 337.978851][ T8275] erofs (device loop2): invalid de[0].nameoff 0 @ nid 36 [ 338.245052][ T6726] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.555590][ T8273] erofs (device loop2): corrupted dir block 72 @ nid 36 [ 338.709220][ T982] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 338.914066][ T982] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz0] on syz0 [ 339.574149][ T8287] fido_id[8287]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 339.705168][ T8271] loop4: detected capacity change from 0 to 32768 [ 339.802303][ T8271] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 339.857397][ T8299] loop7: detected capacity change from 0 to 512 [ 339.885357][ T8294] loop2: detected capacity change from 0 to 128 [ 339.934494][ T8294] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 339.992880][ T8278] loop5: detected capacity change from 0 to 32768 [ 340.005672][ T8294] ext4 filesystem being mounted at /132/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 340.034828][ T8271] XFS (loop4): Ending clean mount [ 340.036512][ T8299] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.569: invalid indirect mapped block 4294967295 (level 1) [ 340.068424][ T8271] XFS (loop4): Quotacheck needed: Please wait. [ 340.088619][ T8278] [ 340.088619][ T8278] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.088619][ T8278] [ 340.186914][ T8283] loop6: detected capacity change from 0 to 32768 [ 340.195546][ T8299] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.569: invalid indirect mapped block 4294967295 (level 1) [ 340.237676][ T8278] [ 340.237676][ T8278] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.237676][ T8278] [ 340.310410][ T8283] [ 340.310410][ T8283] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.310410][ T8283] [ 340.326155][ T8278] [ 340.326155][ T8278] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.326155][ T8278] [ 340.370873][ T8278] [ 340.370873][ T8278] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.370873][ T8278] [ 340.382822][ T8299] EXT4-fs (loop7): 2 truncates cleaned up [ 340.405207][ T8299] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 340.414363][ T8283] [ 340.414363][ T8283] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.414363][ T8283] [ 340.430321][ T8278] [ 340.430321][ T8278] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.430321][ T8278] [ 340.460890][ T8278] [ 340.460890][ T8278] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.460890][ T8278] [ 340.482036][ T8271] XFS (loop4): Quotacheck: Done. [ 340.485231][ T8283] [ 340.485231][ T8283] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.485231][ T8283] [ 340.526377][ T111] [ 340.526377][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.526377][ T111] [ 340.548831][ T8283] [ 340.548831][ T8283] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.548831][ T8283] [ 340.572713][ T8297] EXT4-fs error (device loop7): ext4_validate_block_bitmap:432: comm syz.7.569: bg 0: block 5: invalid block bitmap [ 340.582744][ T8283] [ 340.582744][ T8283] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.582744][ T8283] [ 340.631372][ T8283] [ 340.631372][ T8283] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.631372][ T8283] [ 340.647319][ T971] [ 340.647319][ T971] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.647319][ T971] [ 340.659332][ T5871] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 340.693879][ T111] [ 340.693879][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.693879][ T111] [ 340.702414][ T6726] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 340.714132][ T971] [ 340.714132][ T971] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.714132][ T971] [ 340.729036][ T6435] [ 340.729036][ T6435] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.729036][ T6435] [ 340.730866][ T112] [ 340.730866][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.730866][ T112] [ 340.780488][ T6483] [ 340.780488][ T6483] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.780488][ T6483] [ 340.793886][ T6435] [ 340.793886][ T6435] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.793886][ T6435] [ 340.806555][ T6483] [ 340.806555][ T6483] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.806555][ T6483] [ 340.829169][ T6600] [ 340.829169][ T6600] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.829169][ T6600] [ 340.889234][ T111] [ 340.889234][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.889234][ T111] [ 340.902539][ T6600] [ 340.902539][ T6600] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.902539][ T6600] [ 341.199780][ T5867] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 341.430099][ T8310] 9pnet_fd: Insufficient options for proto=fd [ 342.225015][ T8318] netlink: 12 bytes leftover after parsing attributes in process `syz.7.575'. [ 342.291116][ T8315] loop6: detected capacity change from 0 to 2048 [ 342.574080][ T8321] loop5: detected capacity change from 0 to 4096 [ 342.710982][ T8324] loop7: detected capacity change from 0 to 512 [ 342.724640][ T8324] ext4: Unknown parameter 'fscontext' [ 343.310873][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 343.344627][ T8321] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 343.467495][ T8329] loop7: detected capacity change from 0 to 1024 [ 343.482607][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 343.531054][ T24] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 343.621584][ T8332] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 344.089869][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 344.142628][ T8333] loop2: detected capacity change from 0 to 1764 [ 344.184241][ T24] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 344.210453][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.321575][ T24] usb 5-1: Product: syz [ 344.326022][ T24] usb 5-1: Manufacturer: syz [ 344.614634][ T6483] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.640805][ T24] usb 5-1: SerialNumber: syz [ 344.732634][ T24] usb 5-1: config 0 descriptor?? [ 344.789921][ T24] usb 5-1: Found UVC 34.00 device syz (8086:0b5b) [ 345.124859][ T8342] loop7: detected capacity change from 0 to 32768 [ 345.132695][ T8339] loop2: detected capacity change from 0 to 40427 [ 345.142301][ T8339] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 345.150084][ T8339] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 345.181892][ T24] usb 5-1: No valid video chain found. [ 345.195964][ T24] usb 5-1: USB disconnect, device number 10 [ 345.274615][ T8339] F2FS-fs (loop2): invalid crc value [ 345.297139][ T8342] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 345.437454][ T8339] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 345.457198][ T8339] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 345.464639][ T8339] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 345.486170][ T8341] loop5: detected capacity change from 0 to 40427 [ 345.521249][ T8341] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 345.529175][ T8341] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 345.545837][ T8341] F2FS-fs (loop5): invalid crc value [ 345.676129][ T8341] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 345.728805][ T8341] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 345.736035][ T8341] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 346.001149][ T30] audit: type=1800 audit(1754448217.526:46): pid=8354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.579" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 347.558105][ T30] audit: type=1800 audit(1754448219.096:47): pid=8355 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.578" name="file1" dev="loop5" ino=10 res=0 errno=0 [ 347.780415][ T6726] ocfs2: Unmounting device (7,7) on (node local) [ 347.981125][ T8359] netlink: 20 bytes leftover after parsing attributes in process `syz.7.581'. [ 348.101390][ T8357] loop4: detected capacity change from 0 to 128 [ 348.214346][ T8357] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 348.240353][ T8357] ext4 filesystem being mounted at /114/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 348.667244][ T8365] loop6: detected capacity change from 0 to 4096 [ 348.712687][ T8365] ntfs3(loop6): Different NTFS sector size (2048) and media sector size (512). [ 348.922197][ T8371] mmap: syz.5.585 (8371) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 349.193021][ T8378] loop5: detected capacity change from 0 to 64 [ 349.212736][ T5871] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 349.246646][ T8378] hfs: unable to locate alternate MDB [ 349.252741][ T8378] hfs: continuing without an alternate MDB [ 349.293464][ T8378] FAULT_INJECTION: forcing a failure. [ 349.293464][ T8378] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.329392][ T8376] : entered promiscuous mode [ 349.389680][ T8378] CPU: 1 UID: 0 PID: 8378 Comm: syz.5.588 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 349.389712][ T8378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 349.389726][ T8378] Call Trace: [ 349.389734][ T8378] [ 349.389744][ T8378] dump_stack_lvl+0x189/0x250 [ 349.389776][ T8378] ? __pfx____ratelimit+0x10/0x10 [ 349.389806][ T8378] ? __pfx_dump_stack_lvl+0x10/0x10 [ 349.389833][ T8378] ? __pfx__printk+0x10/0x10 [ 349.389863][ T8378] ? __might_fault+0xb0/0x130 [ 349.389905][ T8378] should_fail_ex+0x414/0x560 [ 349.389940][ T8378] _copy_from_user+0x2d/0xb0 [ 349.389965][ T8378] __se_sys_sendfile64+0xa6/0x190 [ 349.390003][ T8378] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 349.390035][ T8378] ? rcu_is_watching+0x15/0xb0 [ 349.390062][ T8378] ? do_syscall_64+0xbe/0x3b0 [ 349.390098][ T8378] do_syscall_64+0xfa/0x3b0 [ 349.390126][ T8378] ? lockdep_hardirqs_on+0x9c/0x150 [ 349.390155][ T8378] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.390176][ T8378] ? clear_bhb_loop+0x60/0xb0 [ 349.390202][ T8378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.390223][ T8378] RIP: 0033:0x7f53c9f8eb69 [ 349.390241][ T8378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.390260][ T8378] RSP: 002b:00007f53cadcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 349.390282][ T8378] RAX: ffffffffffffffda RBX: 00007f53ca1b5fa0 RCX: 00007f53c9f8eb69 [ 349.390298][ T8378] RDX: 0000200000000080 RSI: 0000000000000004 RDI: 0000000000000004 [ 349.390311][ T8378] RBP: 00007f53cadcd090 R08: 0000000000000000 R09: 0000000000000000 [ 349.390325][ T8378] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000001 [ 349.390338][ T8378] R13: 0000000000000000 R14: 00007f53ca1b5fa0 R15: 00007ffc4dbcb5e8 [ 349.390371][ T8378] [ 349.733335][ T8383] loop4: detected capacity change from 0 to 64 [ 349.826299][ T8383] hfs: unable to locate alternate MDB [ 349.856406][ T8383] hfs: continuing without an alternate MDB [ 349.963520][ T8383] bpf: Bad value for 'gid' [ 350.040396][ T8390] loop5: detected capacity change from 0 to 136 [ 350.670313][ T8397] loop5: detected capacity change from 0 to 40427 [ 350.700165][ T8397] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 350.708457][ T8397] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 350.741667][ T8397] F2FS-fs (loop5): invalid crc value [ 350.829540][ T8397] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 350.844558][ T8397] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 350.851793][ T8397] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 351.296501][ T30] audit: type=1800 audit(1754448222.766:48): pid=8405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.595" name="file1" dev="loop5" ino=10 res=0 errno=0 [ 352.108599][ T8385] loop6: detected capacity change from 0 to 32768 [ 352.170115][ T8385] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 352.304939][ T8385] XFS (loop6): Ending clean mount [ 352.529928][ T8414] netlink: 'syz.6.591': attribute type 5 has an invalid length. [ 352.707784][ T6600] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 353.019903][ T8393] loop2: detected capacity change from 0 to 32768 [ 353.059021][ T8416] netlink: 20 bytes leftover after parsing attributes in process `syz.5.596'. [ 353.142733][ T8393] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 353.221220][ T8393] (syz.2.593,8393,1):ocfs2_mknod:505 ERROR: status = -2 [ 353.257183][ T8421] loop5: detected capacity change from 0 to 128 [ 353.284725][ T8393] (syz.2.593,8393,1):ocfs2_create:678 ERROR: status = -2 [ 353.385189][ T8422] loop7: detected capacity change from 0 to 4096 [ 353.392284][ T8421] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 353.422929][ T5867] (syz-executor,5867,1):ocfs2_inode_is_valid_to_delete:928 ERROR: Skipping delete of root inode. [ 353.541089][ T8421] ext4 filesystem being mounted at /85/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 353.723066][ T5867] ocfs2: Unmounting device (7,2) on (node local) [ 353.743474][ T8422] ntfs3(loop7): ino=3, ntfs_set_state failed, -22. [ 353.750032][ T8422] ntfs3(loop7): Failed to initialize $Extend/$ObjId. [ 354.020390][ T6415] ntfs3(loop7): ino=3, ntfs3_write_inode failed, -22. [ 354.050189][ T6726] ntfs3(loop7): ino=3, ntfs_set_state failed, -22. [ 354.070199][ T6726] ntfs3(loop7): Mark volume as dirty due to NTFS errors [ 354.093165][ T6726] ntfs3(loop7): ino=3, ntfs_set_state failed, -22. [ 354.103243][ T13] ntfs3(loop7): ino=3, ntfs3_write_inode failed, -22. [ 354.249642][ T8438] loop2: detected capacity change from 0 to 256 [ 354.295222][ T8438] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 354.359205][ T6483] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 354.361815][ T8438] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 354.414610][ T8438] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 355.817390][ T8452] loop5: detected capacity change from 0 to 16 [ 355.875553][ T8458] loop7: detected capacity change from 0 to 136 [ 355.895023][ T8452] erofs (device loop5): unidentified incompatible feature 6000000, please upgrade kernel [ 356.266670][ T8464] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 356.790945][ T5952] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 357.125405][ T5952] usb 5-1: unable to get BOS descriptor or descriptor too short [ 357.154020][ T5952] usb 5-1: not running at top speed; connect to a high speed hub [ 357.184832][ T5952] usb 5-1: config 4 has an invalid interface number: 32 but max is 0 [ 357.199916][ T5952] usb 5-1: config 4 has no interface number 0 [ 357.210597][ T5952] usb 5-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=f1.50 [ 357.251793][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.285429][ T5952] usb 5-1: Product: syz [ 357.295273][ T5952] usb 5-1: Manufacturer: syz [ 357.311123][ T5952] usb 5-1: SerialNumber: syz [ 357.566118][ T8452] loop5: detected capacity change from 0 to 32768 [ 357.592741][ T8456] netlink: 4 bytes leftover after parsing attributes in process `syz.4.606'. [ 357.645553][ T8452] XFS (loop5): DAX unsupported by block device. Turning off DAX. [ 357.703203][ T8452] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 357.827702][ T8452] XFS (loop5): Ending clean mount [ 357.913382][ T8452] XFS (loop5): Quotacheck needed: Please wait. [ 357.933331][ T5952] usb 5-1: Found UVC 0.02 device syz (17dc:0202) [ 357.939875][ T5952] usb 5-1: No valid video chain found. [ 357.953872][ T8472] loop6: detected capacity change from 0 to 40427 [ 357.993724][ T8472] F2FS-fs (loop6): Small segment_count (9 < 1 * 24) [ 357.993753][ T5952] usb 5-1: USB disconnect, device number 11 [ 358.020987][ T8472] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 358.073979][ T8472] F2FS-fs (loop6): invalid crc value [ 358.091154][ T8452] XFS (loop5): Quotacheck: Done. [ 358.127622][ T8472] F2FS-fs (loop6): Wrong journal entry on segno 65538 [ 358.183295][ T8472] F2FS-fs (loop6): Failed to initialize F2FS segment manager (-117) [ 358.584867][ T8497] loop7: detected capacity change from 0 to 128 [ 358.642463][ T9] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 358.704674][ T8497] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 358.803228][ T8497] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 358.863305][ T6483] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 359.304301][ T8509] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 359.304301][ T8509] program syz.6.620 not setting count and/or reply_len properly [ 359.423974][ T8505] loop4: detected capacity change from 0 to 4096 [ 359.561446][ T8484] loop2: detected capacity change from 0 to 32768 [ 359.614479][ T8484] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.613 (8484) [ 359.734378][ T6726] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 359.757821][ T8484] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 359.841824][ T8484] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 359.872888][ T8484] BTRFS info (device loop2): using free-space-tree [ 360.347266][ T5855] kernel write not supported for file bpf-prog (pid: 5855 comm: kworker/0:3) [ 360.420979][ T8539] [U] V3Fپ"S/4:XTZWTLW= [ 360.553048][ T5867] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 361.216272][ T8523] loop7: detected capacity change from 0 to 32768 [ 361.255532][ T8523] jfs: Unknown parameter ' ' [ 361.387967][ T8531] loop5: detected capacity change from 0 to 32768 [ 361.450014][ T8531] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.623 (8531) [ 361.454739][ T8534] [U] J"E:" [ 361.571568][ T8531] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 361.640869][ T8531] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 361.672550][ T8531] BTRFS info (device loop5): disk space caching is enabled [ 361.700821][ T8531] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 362.047828][ T8531] BTRFS info (device loop5): rebuilding free space tree [ 362.172155][ T8531] BTRFS info (device loop5): disabling free space tree [ 362.195487][ T8531] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 362.262224][ T8531] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 362.358124][ T8544] loop6: detected capacity change from 0 to 40427 [ 362.423818][ T8544] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 362.471902][ T8544] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 362.748884][ T8569] loop7: detected capacity change from 0 to 4096 [ 362.835536][ T6483] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 362.886917][ T8544] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 362.988927][ T8544] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 363.002257][ T8544] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 363.024579][ T8546] loop2: detected capacity change from 0 to 40427 [ 363.112247][ T30] audit: type=1326 audit(1754448234.626:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6fdf8eb69 code=0x7ffc0000 [ 363.157774][ T8546] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 363.179675][ T8546] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 363.222356][ T30] audit: type=1326 audit(1754448234.626:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6fdf8eb69 code=0x7ffc0000 [ 363.259614][ T8581] loop5: detected capacity change from 0 to 128 [ 363.286589][ T30] audit: type=1326 audit(1754448234.626:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6fdf8eb69 code=0x7ffc0000 [ 363.348171][ T8581] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 363.351483][ T8579] loop4: detected capacity change from 0 to 4096 [ 363.372474][ T30] audit: type=1326 audit(1754448234.626:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7ff6fdf8eb69 code=0x7ffc0000 [ 363.400565][ T8581] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 363.488153][ T30] audit: type=1326 audit(1754448234.626:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6fdf8eb69 code=0x7ffc0000 [ 363.558084][ T30] audit: type=1326 audit(1754448234.626:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6fdf8eb69 code=0x7ffc0000 [ 363.584109][ T8546] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 363.634491][ T30] audit: type=1326 audit(1754448234.626:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6fdf8eb69 code=0x7ffc0000 [ 363.703371][ T8579] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 363.745952][ T8546] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 363.791105][ T8546] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 363.798359][ T30] audit: type=1326 audit(1754448234.626:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff6fdf85b27 code=0x7ffc0000 [ 363.822010][ T30] audit: type=1326 audit(1754448234.626:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff6fdf2ad69 code=0x7ffc0000 [ 363.847035][ T30] audit: type=1326 audit(1754448234.626:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8543 comm="syz.6.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff6fdf8eb69 code=0x7ffc0000 [ 363.909341][ T8594] FAULT_INJECTION: forcing a failure. [ 363.909341][ T8594] name failslab, interval 1, probability 0, space 0, times 0 [ 363.999933][ T8595] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 364.030786][ T8594] CPU: 0 UID: 0 PID: 8594 Comm: syz.2.628 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 364.030816][ T8594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 364.030829][ T8594] Call Trace: [ 364.030837][ T8594] [ 364.030846][ T8594] dump_stack_lvl+0x189/0x250 [ 364.030878][ T8594] ? __pfx____ratelimit+0x10/0x10 [ 364.030909][ T8594] ? __pfx_dump_stack_lvl+0x10/0x10 [ 364.030936][ T8594] ? __pfx__printk+0x10/0x10 [ 364.030973][ T8594] ? __pfx___might_resched+0x10/0x10 [ 364.030998][ T8594] should_fail_ex+0x414/0x560 [ 364.031032][ T8594] should_failslab+0xa8/0x100 [ 364.031066][ T8594] kmem_cache_alloc_noprof+0x73/0x3c0 [ 364.031095][ T8594] ? getname_flags+0xb8/0x540 [ 364.031120][ T8594] getname_flags+0xb8/0x540 [ 364.031138][ T8594] ? __fget_files+0x3a0/0x420 [ 364.031174][ T8594] user_path_at+0x24/0x60 [ 364.031200][ T8594] do_fchownat+0x105/0x270 [ 364.031223][ T8594] ? __pfx_do_fchownat+0x10/0x10 [ 364.031243][ T8594] ? __pfx_ksys_write+0x10/0x10 [ 364.031280][ T8594] __x64_sys_lchown+0x85/0xa0 [ 364.031302][ T8594] do_syscall_64+0xfa/0x3b0 [ 364.031332][ T8594] ? lockdep_hardirqs_on+0x9c/0x150 [ 364.031361][ T8594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.031390][ T8594] ? clear_bhb_loop+0x60/0xb0 [ 364.031416][ T8594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.031437][ T8594] RIP: 0033:0x7f12a518eb69 [ 364.031457][ T8594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.031475][ T8594] RSP: 002b:00007f12a4fd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 364.031498][ T8594] RAX: ffffffffffffffda RBX: 00007f12a53b6080 RCX: 00007f12a518eb69 [ 364.031520][ T8594] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000100 [ 364.031534][ T8594] RBP: 00007f12a4fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 364.031547][ T8594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 364.031560][ T8594] R13: 0000000000000001 R14: 00007f12a53b6080 R15: 00007ffdbf14b868 [ 364.031592][ T8594] [ 364.055728][ T5233] udevd[5233]: worker [7898] terminated by signal 33 (Unknown signal 33) [ 364.074292][ T8592] loop7: detected capacity change from 0 to 4096 [ 364.260870][ T5233] udevd[5233]: worker [7898] failed while handling '/devices/virtual/block/loop5' [ 364.392619][ T6483] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 364.573248][ T8592] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 364.639111][ T5871] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 364.744467][ T8599] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 364.963489][ T8601] loop4: detected capacity change from 0 to 2048 [ 365.147317][ T6726] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 365.579203][ T8611] 9pnet_fd: Insufficient options for proto=fd [ 365.644011][ T5866] Bluetooth: hci0: unknown advertising packet type: 0x14 [ 365.644054][ T5866] Bluetooth: hci0: unknown advertising packet type: 0x08 [ 365.651470][ T5866] Bluetooth: hci0: Dropping invalid advertising data [ 365.666518][ T5866] Bluetooth: hci0: Malformed LE Event: 0x02 [ 366.391162][ T979] usb 3-1: new low-speed USB device number 13 using dummy_hcd [ 366.424863][ T8623] loop7: detected capacity change from 0 to 2048 [ 366.602041][ T8628] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 366.602041][ T8628] program syz.5.648 not setting count and/or reply_len properly [ 366.610936][ T979] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 366.759975][ T979] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 366.788187][ T979] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 366.797806][ T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.107053][ T979] usb 3-1: config 0 descriptor?? [ 367.535514][ T8627] loop4: detected capacity change from 0 to 4096 [ 368.333437][ T8637] loop2: detected capacity change from 0 to 8192 [ 368.388266][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 368.388287][ T30] audit: type=1800 audit(1754448239.916:106): pid=8637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.639" name="file1" dev="loop2" ino=1048635 res=0 errno=0 [ 368.617136][ T8620] loop6: detected capacity change from 0 to 32768 [ 368.657344][ T8620] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.644 (8620) [ 368.774839][ T8620] BTRFS info (device loop6): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 368.829688][ T8620] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm [ 368.871566][ T8620] BTRFS info (device loop6): using free-space-tree [ 369.739208][ T9] usb 3-1: USB disconnect, device number 13 [ 369.876282][ T6600] BTRFS info (device loop6): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 370.230247][ T8645] loop7: detected capacity change from 0 to 40427 [ 370.307642][ T8645] F2FS-fs (loop7): invalid crc value [ 370.436024][ T8639] loop4: detected capacity change from 0 to 40427 [ 371.452358][ T8639] F2FS-fs (loop4): invalid crc value [ 371.467918][ T8639] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-4) [ 371.555813][ T8645] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 371.749948][ T8683] overlayfs: overlapping lowerdir path [ 372.335166][ T8683] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 372.345482][ T8683] overlayfs: missing 'lowerdir' [ 372.666033][ T8689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.658'. [ 372.784727][ T8691] loop2: detected capacity change from 0 to 2048 [ 374.134446][ T8705] netlink: 4 bytes leftover after parsing attributes in process `syz.6.663'. [ 374.201337][ T8705] netlink: 12 bytes leftover after parsing attributes in process `syz.6.663'. [ 374.308730][ T8707] loop6: detected capacity change from 0 to 512 [ 374.353557][ T8707] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 374.557778][ T8707] EXT4-fs (loop6): 1 truncate cleaned up [ 374.565621][ T8707] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 374.796373][ T8705] 9pnet_fd: Insufficient options for proto=fd [ 374.835726][ T8723] loop5: detected capacity change from 0 to 4096 [ 374.899230][ T8720] sctp: [Deprecated]: syz.7.659 (pid 8720) Use of int in max_burst socket option deprecated. [ 374.899230][ T8720] Use struct sctp_assoc_value instead [ 375.401451][ T8723] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 375.570531][ T6600] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 375.769886][ T8736] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 375.968799][ T8737] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x1b [ 377.500093][ T6483] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 378.612599][ T8771] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 378.709343][ T8774] FAULT_INJECTION: forcing a failure. [ 378.709343][ T8774] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 378.739841][ T8774] CPU: 0 UID: 0 PID: 8774 Comm: syz.6.684 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 378.739876][ T8774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 378.739896][ T8774] Call Trace: [ 378.739905][ T8774] [ 378.739916][ T8774] dump_stack_lvl+0x189/0x250 [ 378.739958][ T8774] ? __pfx_dump_stack_lvl+0x10/0x10 [ 378.739988][ T8774] ? __pfx__printk+0x10/0x10 [ 378.740040][ T8774] should_fail_ex+0x414/0x560 [ 378.740089][ T8774] _copy_from_user+0x2d/0xb0 [ 378.740118][ T8774] __sys_bpf+0x1ed/0x870 [ 378.740154][ T8774] ? __pfx___sys_bpf+0x10/0x10 [ 378.740210][ T8774] ? rcu_is_watching+0x15/0xb0 [ 378.740245][ T8774] __x64_sys_bpf+0x7c/0x90 [ 378.740274][ T8774] do_syscall_64+0xfa/0x3b0 [ 378.740308][ T8774] ? lockdep_hardirqs_on+0x9c/0x150 [ 378.740342][ T8774] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.740366][ T8774] ? clear_bhb_loop+0x60/0xb0 [ 378.740395][ T8774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.740424][ T8774] RIP: 0033:0x7ff6fdf8eb69 [ 378.740446][ T8774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.740467][ T8774] RSP: 002b:00007ff6fedff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 378.740493][ T8774] RAX: ffffffffffffffda RBX: 00007ff6fe1b5fa0 RCX: 00007ff6fdf8eb69 [ 378.740511][ T8774] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a [ 378.740526][ T8774] RBP: 00007ff6fedff090 R08: 0000000000000000 R09: 0000000000000000 [ 378.740540][ T8774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 378.740554][ T8774] R13: 0000000000000000 R14: 00007ff6fe1b5fa0 R15: 00007fff6e37d738 [ 378.740591][ T8774] [ 378.942041][ T8763] loop4: detected capacity change from 0 to 131072 [ 379.136682][ T8763] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 379.150642][ T8763] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 379.156470][ T8776] overlayfs: missing 'lowerdir' [ 379.165852][ T8763] F2FS-fs (loop4): invalid crc value [ 379.262539][ T8763] F2FS-fs (loop4): Failed to read root inode [ 379.657946][ T8765] loop5: detected capacity change from 0 to 32768 [ 379.677253][ T8785] FAULT_INJECTION: forcing a failure. [ 379.677253][ T8785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 379.710536][ T8765] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.679 (8765) [ 379.767309][ T8785] CPU: 0 UID: 0 PID: 8785 Comm: syz.4.687 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 379.767341][ T8785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 379.767355][ T8785] Call Trace: [ 379.767363][ T8785] [ 379.767372][ T8785] dump_stack_lvl+0x189/0x250 [ 379.767405][ T8785] ? __pfx____ratelimit+0x10/0x10 [ 379.767434][ T8785] ? __pfx_dump_stack_lvl+0x10/0x10 [ 379.767460][ T8785] ? __pfx__printk+0x10/0x10 [ 379.767503][ T8785] should_fail_ex+0x414/0x560 [ 379.767537][ T8785] _copy_to_user+0x31/0xb0 [ 379.767564][ T8785] simple_read_from_buffer+0xe1/0x170 [ 379.767600][ T8785] proc_fail_nth_read+0x1b3/0x220 [ 379.767628][ T8785] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 379.767655][ T8785] ? rw_verify_area+0x2a6/0x4d0 [ 379.767681][ T8785] ? __lock_acquire+0xab9/0xd20 [ 379.767710][ T8785] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 379.767736][ T8785] vfs_read+0x1fd/0xa30 [ 379.767762][ T8785] ? fdget_pos+0x247/0x320 [ 379.767784][ T8785] ? __pfx___mutex_lock+0x10/0x10 [ 379.767817][ T8785] ? __pfx_vfs_read+0x10/0x10 [ 379.767847][ T8785] ? __fget_files+0x2a/0x420 [ 379.767891][ T8785] ? __fget_files+0x3a0/0x420 [ 379.767922][ T8785] ? __fget_files+0x2a/0x420 [ 379.767964][ T8785] ksys_read+0x145/0x250 [ 379.767995][ T8785] ? __pfx_ksys_read+0x10/0x10 [ 379.768029][ T8785] ? rcu_is_watching+0x15/0xb0 [ 379.768059][ T8785] ? do_syscall_64+0xbe/0x3b0 [ 379.768098][ T8785] do_syscall_64+0xfa/0x3b0 [ 379.768128][ T8785] ? lockdep_hardirqs_on+0x9c/0x150 [ 379.768157][ T8785] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.768178][ T8785] ? clear_bhb_loop+0x60/0xb0 [ 379.768204][ T8785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.768225][ T8785] RIP: 0033:0x7f723578d57c [ 379.768245][ T8785] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 379.768264][ T8785] RSP: 002b:00007f723663b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 379.768287][ T8785] RAX: ffffffffffffffda RBX: 00007f72359b5fa0 RCX: 00007f723578d57c [ 379.768303][ T8785] RDX: 000000000000000f RSI: 00007f723663b0a0 RDI: 0000000000000005 [ 379.768317][ T8785] RBP: 00007f723663b090 R08: 0000000000000000 R09: 0000000000000000 [ 379.768330][ T8785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 379.768342][ T8785] R13: 0000000000000000 R14: 00007f72359b5fa0 R15: 00007ffd95a9d0a8 [ 379.768376][ T8785] [ 379.789583][ T8765] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 380.042067][ T8765] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 380.054848][ T8765] BTRFS info (device loop5): disk space caching is enabled [ 380.065028][ T8765] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 380.088445][ T8787] FAULT_INJECTION: forcing a failure. [ 380.088445][ T8787] name failslab, interval 1, probability 0, space 0, times 0 [ 380.106620][ T8787] CPU: 1 UID: 0 PID: 8787 Comm: syz.4.689 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 380.106655][ T8787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 380.106669][ T8787] Call Trace: [ 380.106678][ T8787] [ 380.106689][ T8787] dump_stack_lvl+0x189/0x250 [ 380.106721][ T8787] ? __pfx____ratelimit+0x10/0x10 [ 380.106754][ T8787] ? __pfx_dump_stack_lvl+0x10/0x10 [ 380.106780][ T8787] ? __pfx__printk+0x10/0x10 [ 380.106819][ T8787] ? __pfx___might_resched+0x10/0x10 [ 380.106841][ T8787] ? fs_reclaim_acquire+0x7d/0x100 [ 380.106883][ T8787] should_fail_ex+0x414/0x560 [ 380.106918][ T8787] should_failslab+0xa8/0x100 [ 380.106962][ T8787] __kmalloc_noprof+0xcb/0x4f0 [ 380.106993][ T8787] ? kfree+0x4d/0x440 [ 380.107018][ T8787] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 380.107046][ T8787] tomoyo_realpath_from_path+0xe3/0x5d0 [ 380.107072][ T8787] ? tomoyo_domain+0xd9/0x130 [ 380.107103][ T8787] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 380.107136][ T8787] tomoyo_path_number_perm+0x1e8/0x5a0 [ 380.107171][ T8787] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 380.107234][ T8787] ? __lock_acquire+0xab9/0xd20 [ 380.107295][ T8787] ? __fget_files+0x2a/0x420 [ 380.107337][ T8787] ? __fget_files+0x2a/0x420 [ 380.107371][ T8787] ? __fget_files+0x3a0/0x420 [ 380.107404][ T8787] ? __fget_files+0x2a/0x420 [ 380.107445][ T8787] security_file_ioctl+0xcb/0x2d0 [ 380.107478][ T8787] __se_sys_ioctl+0x47/0x170 [ 380.107510][ T8787] do_syscall_64+0xfa/0x3b0 [ 380.107542][ T8787] ? lockdep_hardirqs_on+0x9c/0x150 [ 380.107574][ T8787] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.107597][ T8787] ? clear_bhb_loop+0x60/0xb0 [ 380.107626][ T8787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.107649][ T8787] RIP: 0033:0x7f723578eb69 [ 380.107672][ T8787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.107712][ T8787] RSP: 002b:00007f723663b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 380.107739][ T8787] RAX: ffffffffffffffda RBX: 00007f72359b5fa0 RCX: 00007f723578eb69 [ 380.107756][ T8787] RDX: 0000200000000080 RSI: 000000004048aecb RDI: 0000000000000006 [ 380.107771][ T8787] RBP: 00007f723663b090 R08: 0000000000000000 R09: 0000000000000000 [ 380.107785][ T8787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 380.107799][ T8787] R13: 0000000000000000 R14: 00007f72359b5fa0 R15: 00007ffd95a9d0a8 [ 380.107837][ T8787] [ 380.108418][ T8787] ERROR: Out of memory at tomoyo_realpath_from_path. [ 380.489712][ T8765] BTRFS info (device loop5): rebuilding free space tree [ 380.611200][ T8765] BTRFS info (device loop5): disabling free space tree [ 380.618174][ T8765] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 380.682310][ T8765] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 380.701129][ T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 380.910728][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 380.938991][ T6483] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 380.942794][ T9] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 380.995841][ T9] usb 3-1: config 0 has no interface number 0 [ 381.013418][ T9] usb 3-1: config 0 interface 132 has no altsetting 0 [ 381.068448][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=9901, bcdDevice=39.75 [ 381.103252][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.164658][ T9] usb 3-1: Product: syz [ 381.168902][ T9] usb 3-1: Manufacturer: syz [ 381.196598][ T9] usb 3-1: SerialNumber: syz [ 381.208044][ T8816] loop4: detected capacity change from 0 to 128 [ 381.221572][ T9] usb 3-1: config 0 descriptor?? [ 381.361578][ T8816] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 381.429256][ T8816] ext4 filesystem being mounted at /140/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 381.989682][ T9] cdc_subset 3-1:0.132 usb0: register 'cdc_subset' at usb-dummy_hcd.2-1, Belkin, eTEK, or compatible, e6:6b:49:26:fb:4f [ 382.039385][ T8837] input: syz0 as /devices/virtual/input/input9 [ 382.541137][ T5871] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 382.593201][ T24] usb 3-1: USB disconnect, device number 14 [ 382.769352][ T24] cdc_subset 3-1:0.132 usb0: unregister 'cdc_subset' usb-dummy_hcd.2-1, Belkin, eTEK, or compatible [ 382.828604][ T8852] kAFS: unable to lookup cell '.Sjˡ8' [ 383.138714][ T8860] loop5: detected capacity change from 0 to 64 [ 383.218844][ T8860] MINIX-fs: bad superblock [ 383.275942][ T9] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 383.450823][ T9] usb 7-1: Using ep0 maxpacket: 16 [ 383.467434][ T9] usb 7-1: unable to get BOS descriptor or descriptor too short [ 383.495915][ T9] usb 7-1: config 48 has an invalid interface number: 1 but max is 0 [ 383.520815][ T9] usb 7-1: config 48 has no interface number 0 [ 383.547448][ T9] usb 7-1: config 48 interface 1 has no altsetting 0 [ 383.580988][ T9] usb 7-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=e3.b3 [ 383.589623][ T8869] [U] V3Fپ"S/4:XTZWTLW= [ 383.599765][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.623514][ T9] usb 7-1: Product: syz [ 383.657302][ T9] usb 7-1: Manufacturer: 第궤쎙骫ꈷ쑙糡䣌衁卼꫟⼠ꩅꌦ說꿹诙닣篪 碊ᘐ组噘蕰閯壟ꇎྑ፲귻몎漢囦鑩碷ਭ쏸玛ᭌ셉Ⴎ畡윾⿖茝ꮋ覑괚謦Ճ㊲】눾䣹璦쨐뽘瀥㌩៌萣⻫ [ 383.764382][ T9] usb 7-1: SerialNumber: syz [ 383.965444][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.971884][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.140739][ T8866] loop5: detected capacity change from 0 to 32768 [ 384.167553][ T8866] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.702 (8866) [ 384.243237][ T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 384.317608][ T8866] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 384.341816][ T8867] [U] J"E:" [ 384.348047][ T8866] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 384.361056][ T8866] BTRFS info (device loop5): disk space caching is enabled [ 384.371466][ T8866] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 384.420875][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 384.439471][ T24] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 384.465308][ T24] usb 5-1: config 0 has no interface number 0 [ 384.494278][ T24] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 384.518984][ T24] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 384.536654][ T24] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 384.774287][ T8866] BTRFS info (device loop5): rebuilding free space tree [ 384.776950][ T24] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 384.801624][ T24] usb 5-1: Product: syz [ 384.812818][ T24] usb 5-1: SerialNumber: syz [ 384.905862][ T8866] BTRFS info (device loop5): disabling free space tree [ 385.600969][ T8866] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 385.643777][ T24] usb 5-1: config 0 descriptor?? [ 385.653413][ T8866] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 385.708342][ T24] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 385.838297][ T24] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input10 [ 385.935130][ T24] ------------[ cut here ]------------ [ 385.941300][ T24] URB ffff888028544e00 submitted while active [ 385.986768][ T24] WARNING: drivers/usb/core/urb.c:379 at usb_submit_urb+0xfc1/0x1830, CPU#1: kworker/1:0/24 [ 385.997611][ T24] Modules linked in: [ 386.003062][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 386.014203][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 386.024641][ T24] Workqueue: usb_hub_wq hub_event [ 386.029993][ T24] RIP: 0010:usb_submit_urb+0xfc1/0x1830 [ 386.035875][ T24] Code: 44 89 f2 e8 31 88 ff f9 e9 13 fc ff ff e8 c7 a4 92 fa c6 05 af a2 5f 08 01 90 48 c7 c7 00 6d 34 8c 48 89 de e8 70 3c 56 fa 90 <0f> 0b 90 90 e9 b7 f0 ff ff e8 a1 a4 92 fa eb 11 e8 9a a4 92 fa bd [ 386.055749][ T24] RSP: 0018:ffffc900001e6b40 EFLAGS: 00010246 [ 386.062133][ T24] RAX: 2b8bf0aa66621000 RBX: ffff888028544e00 RCX: 0000000000100000 [ 386.070172][ T24] RDX: ffffc90019957000 RSI: 0000000000037cee RDI: 0000000000037cef [ 386.078364][ T24] RBP: 000000000000000f R08: ffff8880b8724253 R09: 1ffff110170e484a [ 386.086561][ T24] R10: dffffc0000000000 R11: ffffed10170e484b R12: dffffc0000000000 [ 386.094728][ T24] R13: ffff88805f601848 R14: ffff888028544e08 R15: 0000000000000cc0 [ 386.102991][ T24] FS: 0000000000000000(0000) GS:ffff888125d24000(0000) knlGS:0000000000000000 [ 386.112336][ T24] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 386.119511][ T24] CR2: 0000200000013000 CR3: 00000000300a6000 CR4: 00000000003526f0 [ 386.127635][ T24] Call Trace: [ 386.131010][ T24] [ 386.133986][ T24] ? __pm_runtime_resume+0x129/0x180 [ 386.139339][ T24] cm109_input_open+0x1fe/0x4b0 [ 386.144339][ T24] input_open_device+0x1d0/0x390 [ 386.149341][ T24] kbd_connect+0xed/0x140 [ 386.153802][ T24] input_register_device+0xcfd/0x1140 [ 386.159249][ T24] cm109_usb_probe+0x118c/0x1690 [ 386.164463][ T24] usb_probe_interface+0x668/0xc30 [ 386.169740][ T24] ? __pfx_usb_probe_interface+0x10/0x10 [ 386.175907][ T24] really_probe+0x26a/0x9e0 [ 386.180483][ T24] __driver_probe_device+0x18c/0x2f0 [ 386.185884][ T24] driver_probe_device+0x4f/0x430 [ 386.191021][ T24] __device_attach_driver+0x2ce/0x530 [ 386.196450][ T24] bus_for_each_drv+0x251/0x2e0 [ 386.202153][ T24] ? __pfx___device_attach_driver+0x10/0x10 [ 386.208107][ T24] ? __pfx_bus_for_each_drv+0x10/0x10 [ 386.213656][ T24] __device_attach+0x2b8/0x400 [ 386.218485][ T24] ? __pfx___device_attach+0x10/0x10 [ 386.223962][ T24] ? do_raw_spin_unlock+0x122/0x240 [ 386.229227][ T24] bus_probe_device+0x185/0x260 [ 386.234211][ T24] device_add+0x7b6/0xb50 [ 386.238684][ T24] usb_set_configuration+0x1a87/0x20e0 [ 386.244279][ T24] usb_generic_driver_probe+0x8d/0x150 [ 386.249801][ T24] usb_probe_device+0x1c1/0x390 [ 386.254788][ T24] ? __pfx_usb_probe_device+0x10/0x10 [ 386.260213][ T24] really_probe+0x26a/0x9e0 [ 386.264969][ T24] __driver_probe_device+0x18c/0x2f0 [ 386.270408][ T24] driver_probe_device+0x4f/0x430 [ 386.275575][ T24] __device_attach_driver+0x2ce/0x530 [ 386.281115][ T24] bus_for_each_drv+0x251/0x2e0 [ 386.286035][ T24] ? __pfx___device_attach_driver+0x10/0x10 [ 386.292081][ T24] ? __pfx_bus_for_each_drv+0x10/0x10 [ 386.297526][ T24] __device_attach+0x2b8/0x400 [ 386.302485][ T24] ? __pfx___device_attach+0x10/0x10 [ 386.307830][ T24] ? do_raw_spin_unlock+0x122/0x240 [ 386.313139][ T24] bus_probe_device+0x185/0x260 [ 386.318060][ T24] device_add+0x7b6/0xb50 [ 386.322803][ T24] usb_new_device+0xa39/0x16f0 [ 386.327645][ T24] ? __pfx_usb_new_device+0x10/0x10 [ 386.332980][ T24] ? preempt_schedule_thunk+0x16/0x30 [ 386.338436][ T24] hub_event+0x2958/0x4a20 [ 386.343011][ T24] ? __pfx_hub_event+0x10/0x10 [ 386.347932][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 386.353947][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 386.359212][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 386.365019][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 386.370895][ T24] process_scheduled_works+0xade/0x17b0 [ 386.376560][ T24] ? __pfx_process_scheduled_works+0x10/0x10 [ 386.382738][ T24] worker_thread+0x8a0/0xda0 [ 386.387412][ T24] kthread+0x70e/0x8a0 [ 386.391673][ T24] ? __pfx_worker_thread+0x10/0x10 [ 386.396830][ T24] ? __pfx_kthread+0x10/0x10 [ 386.401707][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 386.406965][ T24] ? lockdep_hardirqs_on+0x9c/0x150 [ 386.412255][ T24] ? __pfx_kthread+0x10/0x10 [ 386.416915][ T24] ret_from_fork+0x3f9/0x770 [ 386.421611][ T24] ? __pfx_ret_from_fork+0x10/0x10 [ 386.426787][ T24] ? __switch_to_asm+0x39/0x70 [ 386.431824][ T24] ? __switch_to_asm+0x33/0x70 [ 386.436633][ T24] ? __pfx_kthread+0x10/0x10 [ 386.441729][ T24] ret_from_fork_asm+0x1a/0x30 [ 386.446575][ T24] [ 386.449637][ T24] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 386.456963][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) [ 386.468362][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 386.478823][ T24] Workqueue: usb_hub_wq hub_event [ 386.484084][ T24] Call Trace: [ 386.488080][ T24] [ 386.491025][ T24] dump_stack_lvl+0x99/0x250 [ 386.495730][ T24] ? __asan_memcpy+0x40/0x70 [ 386.500348][ T24] ? __pfx_dump_stack_lvl+0x10/0x10 [ 386.505567][ T24] ? __pfx__printk+0x10/0x10 [ 386.510200][ T24] vpanic+0x281/0x750 [ 386.514203][ T24] ? __pfx_vpanic+0x10/0x10 [ 386.518730][ T24] ? is_bpf_text_address+0x292/0x2b0 [ 386.524041][ T24] ? is_bpf_text_address+0x26/0x2b0 [ 386.529297][ T24] panic+0xb9/0xc0 [ 386.533075][ T24] ? __pfx_panic+0x10/0x10 [ 386.537539][ T24] ? ret_from_fork_asm+0x1a/0x30 [ 386.542709][ T24] __warn+0x334/0x4c0 [ 386.546715][ T24] ? usb_submit_urb+0xfc1/0x1830 [ 386.553947][ T24] ? usb_submit_urb+0xfc1/0x1830 [ 386.558997][ T24] report_bug+0x2be/0x4f0 [ 386.563504][ T24] ? usb_submit_urb+0xfc1/0x1830 [ 386.568648][ T24] ? usb_submit_urb+0xfc1/0x1830 [ 386.573598][ T24] ? usb_submit_urb+0xfc3/0x1830 [ 386.578573][ T24] handle_bug+0x84/0x160 [ 386.582841][ T24] exc_invalid_op+0x1a/0x50 [ 386.587366][ T24] asm_exc_invalid_op+0x1a/0x20 [ 386.592229][ T24] RIP: 0010:usb_submit_urb+0xfc1/0x1830 [ 386.597790][ T24] Code: 44 89 f2 e8 31 88 ff f9 e9 13 fc ff ff e8 c7 a4 92 fa c6 05 af a2 5f 08 01 90 48 c7 c7 00 6d 34 8c 48 89 de e8 70 3c 56 fa 90 <0f> 0b 90 90 e9 b7 f0 ff ff e8 a1 a4 92 fa eb 11 e8 9a a4 92 fa bd [ 386.617592][ T24] RSP: 0018:ffffc900001e6b40 EFLAGS: 00010246 [ 386.623818][ T24] RAX: 2b8bf0aa66621000 RBX: ffff888028544e00 RCX: 0000000000100000 [ 386.631812][ T24] RDX: ffffc90019957000 RSI: 0000000000037cee RDI: 0000000000037cef [ 386.639800][ T24] RBP: 000000000000000f R08: ffff8880b8724253 R09: 1ffff110170e484a [ 386.647783][ T24] R10: dffffc0000000000 R11: ffffed10170e484b R12: dffffc0000000000 [ 386.655774][ T24] R13: ffff88805f601848 R14: ffff888028544e08 R15: 0000000000000cc0 [ 386.663890][ T24] ? __pm_runtime_resume+0x129/0x180 [ 386.669210][ T24] cm109_input_open+0x1fe/0x4b0 [ 386.674092][ T24] input_open_device+0x1d0/0x390 [ 386.679147][ T24] kbd_connect+0xed/0x140 [ 386.683500][ T24] input_register_device+0xcfd/0x1140 [ 386.688904][ T24] cm109_usb_probe+0x118c/0x1690 [ 386.693980][ T24] usb_probe_interface+0x668/0xc30 [ 386.699138][ T24] ? __pfx_usb_probe_interface+0x10/0x10 [ 386.704992][ T24] really_probe+0x26a/0x9e0 [ 386.709550][ T24] __driver_probe_device+0x18c/0x2f0 [ 386.714864][ T24] driver_probe_device+0x4f/0x430 [ 386.719997][ T24] __device_attach_driver+0x2ce/0x530 [ 386.725567][ T24] bus_for_each_drv+0x251/0x2e0 [ 386.730497][ T24] ? __pfx___device_attach_driver+0x10/0x10 [ 386.736513][ T24] ? __pfx_bus_for_each_drv+0x10/0x10 [ 386.741935][ T24] __device_attach+0x2b8/0x400 [ 386.746737][ T24] ? __pfx___device_attach+0x10/0x10 [ 386.752052][ T24] ? do_raw_spin_unlock+0x122/0x240 [ 386.757281][ T24] bus_probe_device+0x185/0x260 [ 386.762163][ T24] device_add+0x7b6/0xb50 [ 386.766686][ T24] usb_set_configuration+0x1a87/0x20e0 [ 386.772201][ T24] usb_generic_driver_probe+0x8d/0x150 [ 386.777682][ T24] usb_probe_device+0x1c1/0x390 [ 386.782566][ T24] ? __pfx_usb_probe_device+0x10/0x10 [ 386.788138][ T24] really_probe+0x26a/0x9e0 [ 386.792756][ T24] __driver_probe_device+0x18c/0x2f0 [ 386.798168][ T24] driver_probe_device+0x4f/0x430 [ 386.803226][ T24] __device_attach_driver+0x2ce/0x530 [ 386.808632][ T24] bus_for_each_drv+0x251/0x2e0 [ 386.813506][ T24] ? __pfx___device_attach_driver+0x10/0x10 [ 386.819426][ T24] ? __pfx_bus_for_each_drv+0x10/0x10 [ 386.824858][ T24] __device_attach+0x2b8/0x400 [ 386.829643][ T24] ? __pfx___device_attach+0x10/0x10 [ 386.834997][ T24] ? do_raw_spin_unlock+0x122/0x240 [ 386.840224][ T24] bus_probe_device+0x185/0x260 [ 386.845209][ T24] device_add+0x7b6/0xb50 [ 386.849556][ T24] usb_new_device+0xa39/0x16f0 [ 386.854357][ T24] ? __pfx_usb_new_device+0x10/0x10 [ 386.859570][ T24] ? preempt_schedule_thunk+0x16/0x30 [ 386.864974][ T24] hub_event+0x2958/0x4a20 [ 386.869642][ T24] ? __pfx_hub_event+0x10/0x10 [ 386.874683][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 386.880462][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 386.885779][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 386.891520][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 386.897282][ T24] process_scheduled_works+0xade/0x17b0 [ 386.902884][ T24] ? __pfx_process_scheduled_works+0x10/0x10 [ 386.908894][ T24] worker_thread+0x8a0/0xda0 [ 386.913523][ T24] kthread+0x70e/0x8a0 [ 386.917619][ T24] ? __pfx_worker_thread+0x10/0x10 [ 386.922758][ T24] ? __pfx_kthread+0x10/0x10 [ 386.927371][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 386.932766][ T24] ? lockdep_hardirqs_on+0x9c/0x150 [ 386.938032][ T24] ? __pfx_kthread+0x10/0x10 [ 386.942736][ T24] ret_from_fork+0x3f9/0x770 [ 386.947352][ T24] ? __pfx_ret_from_fork+0x10/0x10 [ 386.952488][ T24] ? __switch_to_asm+0x39/0x70 [ 386.957381][ T24] ? __switch_to_asm+0x33/0x70 [ 386.962160][ T24] ? __pfx_kthread+0x10/0x10 [ 386.966783][ T24] ret_from_fork_asm+0x1a/0x30 [ 386.971597][ T24] [ 386.974958][ T24] Kernel Offset: disabled [ 386.979298][ T24] Rebooting in 86400 seconds..