last executing test programs: 2m46.564335584s ago: executing program 4 (id=323): ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x40046109, &(0x7f0000000180)={0xf0, 0x2}) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000080)=0x2) 2m46.439890377s ago: executing program 4 (id=324): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_IMMEDIATE_DATA={0xc, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, 'L'}]}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x14}]}}}]}]}], {0x14}}, 0x104}}, 0x0) 2m46.396920449s ago: executing program 4 (id=325): kexec_load(0x3, 0x2, &(0x7f00000005c0)=[{&(0x7f0000000f00)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4ba1683339879a11b854a7478f898805f327af12eaab8ac918c201b7f932e124796f1aba03e031312bd7e67403651abac282b310f420dbcdea31d52854783d6952a2a7b10f3d9cc833ad18e3080ed86ee9ce1472b5ecee312d87de1125df3137ad96a37f5afb14919a92a1435b28b7fc70c747e2286210dd8933ef1e131986c3e44d10b46eb35ee6b44a2dcd402bf23bbebf591db542e687f3918320f0453d16ffb018a56524ab9f2efdce6cf889db1b8eb0161104098f408a8e059e31c2e0f376945c94e9234ac41b083c70708c98451a329c5d79ab3dd667703519bf828e59874aea9ad0dd77b3e6ac321b674f396bd9eb2fffeba8eff8160eb4cde33", 0x161, 0x7, 0x754}, {&(0x7f0000000700)="9e9755be8948c65379aa1f6dfaf9386626377fac7831d0", 0x17, 0x100, 0x9}], 0x100000) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, 0x0}}], 0x1, 0x14018891) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {&(0x7f0000000580)="0d85913ea5457f29a3f16cba6379a1c774f605a32c3efbf105d75616d0", 0x1d}], 0x1}, 0x41) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050) r0 = socket(0x2, 0x80805, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000500)=ANY=[@ANYBLOB="060000000000020005000000000000000100000000000000", @ANYRES32=r0, @ANYBLOB="00000000b50b"]) sendmsg$inet(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2}, 0x20005005) sendmmsg$alg(r3, &(0x7f0000007640)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)="bd9c629b909dddebc0508bf412865663aded7919352b141faa7dc00680ce5a44ff1ed1c813c6c1e58e28c509cd269d0e79fff4d2ea4c1da69fa672c4f5eb15788aa929e9f5c94e443cf68a1759ee805958a7c76c8c7f11a39ea32c019c2f2c8cce48d92d659f623081974c0135dc1fe2a057f725a843c083e0620ffa607d3b9570a5b4094fca255491844b3d5cb63bab3d76ad07f9503d1450f1fb860b18ac983285f983e51262c539312073482f1538d9588323b836e6e2b7704dff3cbf89c2b828c7613310eafd664c946b1a6728154b1877257a8abe3d983344da083b86aee35e6b9b0d930746", 0xe8}], 0x1, &(0x7f0000000600)=ANY=[@ANYBLOB="b8000000000000001701000002000000a0000000bd19a432ebf20eb0a0ee39d005e869fe74b9842d9c92be0054aa20f9dbfeb8e59fa49c486a1a51c45c98c886185e506d1cf93255718fc79d6b6d1d434c678807c5ab4264c8ba94065d11d8ee27dd16f4a0412bed8a3c79acd4bb1f9f46ef28a63b329e09a86c62f907539c9af6f1b0bc00510c3b27f64245b6f4f80e00bca3c91538839a52c3c393aada6ed6155fa03c988b6658e106d043cc8652373dd8e2a70000000018000000000000001701000004000000060000004be500000000"], 0xd0, 0x40800}, {0x0, 0x0, &(0x7f0000003900)=[{&(0x7f00000009c0)="c2debd9e2d4617d17e01e704d3576f8b26b757ffa164a105efcaa28e5d52d4383258c148e95e4ee927dab4ba9cdbf4dbf6b0e19f8b7e9a95211ec6aedfd78a09200b7076afabdae9c87c6837e202845b6cf3ac6b728856d66eef286087e0154a40c153e5fe7505615fb53b33f629928c80aeea7fd091180968d44cd4544b6bb4c116f4d6c4c3d148eb273bd4fa76ad8f709ed07bd2a91564fc364f1b971b0e005fe1d24f1b0d7f157b695c625cc39aac2d6f07b11d926c801fb1b98e", 0xbc}, {&(0x7f0000000ac0)="3fe4c8a328", 0x5}, {&(0x7f0000000b40)="86545d2157646172b815818bfd0e1457556266898579380233e0e3853e4a118a5a2bcc52eeea6b2dc4fc32c3f81f9b1d06cd70a1b428c05442da", 0x3a}, {&(0x7f0000000b80)="0d4842ef613cd072196eae2d74d31c309df1c61a888039b1a23acbea852fb54afae1761845284c6e484aa5154a2b418ffe2ac1d6363010c9d8f2d75a71eb55849202714884c6a0a760f5e028016a68fc07407f5671a5a4a8c91e9d056039df63390376a7359c6fc2059d1e3ffeec1ff0f4c09099e8e61c268324d0fc621f6dc2912e4bd5316ff808ac5126ade9b759e1489c04a517e992d7b56d9df469c0c906000e0f82c089ec12677e7ade15e68a602d", 0xb1}, {&(0x7f0000000c40)="176d6b3905505e2a41391bf6fd66d8ad4ebc86e07694005204b0151bfa8dc581a5be209d8850a950791f10f76de79651272a11f6d7267276ff1596a47826a90a0b74b425d8ff2bbea5c5732f69a908c45b4b348abc24d2cd2031a9508ef8e3594bd12ebc38c466f76d", 0x69}, {&(0x7f0000000d40)="7edb39aa76e39c9fc185dd49e1d028ba5e90ec3bb54d3c486f189f406945a495fe7b4ad51446c162f581368e4d711db9add53f7917e1dc55ae9543ea21d63f85d9a5a996f6fa32ead42a9b7e97a7ae1b4a8f76ff9321b4ec76606f9709bb57eda4e8c45e797ff2cabc03a3d03ca57b5239833610ac4306ac2a443c768b9365de67f9f9be49fe7d6f4d71abedeb55ab91ddd31154758fcaa8f25a56126152b9ba46d9bd4cd0d67de6fda9f72a37319681c1750045b363a3b90faecc5b5cbc0a241152a62edc2d081937058931cfb823591b49c610995a895f214c473ef6e1d49051b9198877e4e9d920ff", 0xea}], 0x6, 0x0, 0x0, 0xc0}], 0x2, 0x48040) r4 = socket$alg(0x26, 0x5, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0xc0400) bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000900)={0x30, r5, 0xacf5e67dd0b583a1, 0x70bd29, 0x25dfdbfc, {{0x5}, {@void, @val={0xc, 0x99, {0x2000000, 0x5d}}}}, [@NL80211_ATTR_HE_OBSS_PD={0x10, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x2f}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x91}, 0x0) r6 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 2m45.903634805s ago: executing program 4 (id=327): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f00000000c0)='./file4\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="6e6f696e6c696e655f78617474722c6163746976655f6c6f67733d342c646973636172642c6661756c745f696e6a656374696f6e3d30303030303030303030303030303034313136302c6661756c745f747970653d30303030303030303030303030303030303737302c6d6f64653d6c66732c696e6c696e655f646174612c66617374626f6f742c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c00cb"], 0x21, 0x5548, &(0x7f00000058c0)="$eJzs3E1vG1UXAOBjp2nffrwlQizYdVCFlEi1Vacfgl2BVny2qgosWIFju5Zb2xPFrhu66oIlYsE/QSCxYslvYMGaHWIBYocE8txJoS2VKsWOSfM80vjMvXPnzL2jJNKZiRzAgbWS/f5rJU7G0YhYiogTEcV+pdwKl1J4MSJORUT1H1ul7H/QcTgijkXEyWnylLNSHvryzOT0hV/e+e27H44cOv7Vtz8ubtXAor0cEYPNtH93kGLeTfFW2d+c9Io4OD8pYzowuF228xTvdjaKDHebO+OaRTzXTePzzTujabzZb7amsdu7WfRvDtMFR5PuTp7ihFvNraLd7mwUsTfKi9i9l+a1fS/9bbs3Gqc87TLfp0X6GI93YurvbHfSejZvF7E1HJf9KW/e7mxP46SM5eWilffbxTw2dnOn/9Neeq83vLOdTTpbo14+zC7UG6/UGxdrja283Rl3zteag/bF89lqtz8dVht3moNL3Tzv9jv1Vj5Yy1a7rVat0chWL3c2es3h/Uajfq5+tnZhLUt7Z7I3r32Y9dvZ6jS+3hveGff6o+xmvpWlM9ay9fq5V9ey043s/avXs+s3rly5ev2Djy9/dO21q2+/UQ56bFrZ6vrZ9fVa42xtvbG2uxsw0/Vnc17/Z+WkZ7h+2JXKoicAsP+o/4FFmF/9v3Uj4vH6vzrj+j/U/zOxr+rfg17/z2H9sCvqfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA+un5a/fKnZWUvt42f//suv5sl2JiGpE/PkvluLwQzmXyjzLTxi//Mgcvq9EkWF6jSPldiwiLpXbH8/N+y4AAADAs+ub+6e+SNV6+lh5qrOOznlW7JH00KZ64pMZ5atExPLKzzPKVp1+vDCjZMXP96HYnlG24gHW/2aULD1yOzSrbE+l+HV/N4UHKylCJYXqo2fMbLUAAMDCLD0U9rYKAQAAYC99/sQjt/d0HuyxSuy8ytx5F1z85/3fL/uOprZXfwAAALB/VRY9AQAAAGDuivrf9/8BAADAsy19/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NxNbtpAGAbgz8Yu9E9FVfe9SndwjB6hyy4rDtBLcAR6hV6AM5BdjhBBhMdBISIJxGNQoueR7MGWeT3mZzEz0gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECfrurF9N+f73+75qw33eR5GgAAAOCQVb2YNi/G6fhje/5ze+pre1xERBkRh8bug3i3lzloc+pHrq8f9OF/RJOwvcew3T5ExI+0beJL358CAAAAvEnVdreczSdptJ5240v3is5O+A7TpE356WemWxcRUY+vM6WV27xvmcKa33cVvzOlNRNYo0xhacqtypV2lObvvpu1G91ritSUT78/27MDAABnNNhrzjsKAQAA4Jx+XboD9OH9s1cUcbeUuVsKHKZmtBdhsQ8AAABer+LSHQAAAAB614z/T6n/F8fU/6uy1/+LG/X/AAAA4MVS/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6tKoX0+VsPumas950k+dpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALhlf95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmf7Q8U1yh4iouBBL3a7ra29iQclePBPEEK6rbFbf7Q52FKEXLxJzr2IHkUEJd76D3jqTWihl3rrYQ8VRPCyMrMz2UkTcGPIzJp8PvDmfXcymfd9MxDynTcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURu9M4yTbdCZxXOy79/jWStbff6LP3Nl4sJi1LI7qTPr/4aXqh6jbXCIAAAAcHUlZ34cQHqabS1kfd/L6Py2PyWr+b5+ZxGU9/2TdX/Zl7Z+1X35+9MLWQJ3JONlJL60OB6d3ptI6uFnOt2f/9YhWfuXzZy9JfkPi99efH6X59Yy+vnv33XYeHqsjWwDgvzhV9kVQ/j6U9f0mEwPgyGhVCu+i/v8r6TScFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEANRuvhqTKOQgiLrWmcuf/41spu/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8HEJoavS3i+lf+XCGg0No5PocVPD3eDze03cdbz7nfQVxcbNnOLg9Lzk3HzT4QwkAgEMpLVpW1z9MN5eyfdFCCOPvttf/r1XiMGP9/+ij8/eqY1Xr/35tM5x/vbWrn/Wu37j5xurV5cuDy4NP3jzTf6t/9sK5cxd6+bOSnicmAAAA7E+7aNX6P17Yuf5/shKHGev/z7/pfzkd6bd8q/7fabro13QmAAAAR9tzr/z5R7TL/qjdDl8sr61d60+2W5/PTLYNpLpnx4pWrf+ThaazAgAAAOowWo+2rf9frMRhxvX/p79/8cfqOZMQwoli/f/UyqfDi/VNZ67V8efETc8RAACAZp0oWnX9P83f/4+3XnmIQwivvzqJi38DOFP9n7z31Q/VsZLK+/9n65viXIq7k+uR990QWt1tX/61scQAAAA4lI4XLSv2f083lz7+6eQHbe//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTtnwAAAP//gQBD5A==") mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207) mount$overlay(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@userxattr}], [], 0x2c}) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x52ccb0403fc4090e, 0x0, 0x0, 0x0, &(0x7f0000000040)) renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2001, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000280)={{0x200000, 0x10000, 0x9, 0xff, 0x2, 0x5, 0x2, 0xd, 0x1, 0xe7, 0x9, 0x1}, {0x8080000, 0x26000, 0xd, 0x7, 0x5, 0x9, 0x5, 0xc, 0x2, 0x58, 0xff, 0x1}, {0x2, 0xf000, 0xc, 0x3, 0x0, 0x2, 0x5, 0x24, 0x29, 0x5, 0x80, 0xe}, {0x1, 0x6000, 0x14, 0x4, 0x1, 0x3, 0x8, 0x1, 0x4, 0x8, 0x2, 0x6}, {0xfec0d000, 0x2000, 0x3, 0x9, 0x10, 0x58, 0x41, 0x6, 0xc6, 0x6, 0x6, 0x4}, {0x54000, 0x40000, 0xc, 0x10, 0x4d, 0x34, 0x2, 0x1, 0x3, 0x9, 0x8, 0xfc}, {0x80a0000, 0xe000, 0x8, 0x0, 0x6, 0x5, 0x0, 0x3, 0x3, 0x4, 0x9}, {0x2221e000, 0x30000, 0xf, 0x1, 0xb9, 0x18, 0x0, 0xa7, 0x7, 0x0, 0xdc, 0x2}, {0x0, 0x8}, {0xf7f72fff, 0xfcf8}, 0x10026, 0x0, 0x2, 0x40100, 0x3, 0x2001, 0x60000, [0x2, 0x7, 0x8, 0x5]}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_GET_REGS(r3, 0x8090ae81, &(0x7f00000000c0)) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a0000000212a277", 0x8) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f"], 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="80"], 0x9) r4 = fsopen(&(0x7f0000000140)='nfs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000000)='acl\x00JN\xa0\xc3\xcd,\xebL>', 0x0, r4) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2004000, &(0x7f00000022c0)={[{@jqfmt_vfsv1}, {@errors_remount}, {@abort}]}, 0x1, 0x563, &(0x7f00000007c0)="$eJzs3c9rHFUcAPDvbHbbpK02BSnoQQI9WKndtIk/KnioR9FiQe91SaahZNMt2U1pYsH2oBcvUgQRC+If4N1j8R/wryhooUgJevASmWQ22Ta7m1/bZHU/H5j2vZnZefPmzXv5vp1dNoCBNZb9U4h4OSK+SSKOt2wrRr5xbG2/5Se3p7IliZWVT/5MIsnXNfdP8v+PNjPFiF+/jDhT2FxufXFptlKtpvN5frwxd2O8vrh09tpcZSadSa9PTE5eeGty4t133u5ZXV+//Pf3Hz/44MLXp5a/+/nRiXtJXIxj+bbWeuzBndbMWIzl16QUF5/Z8XwPCusnyUGfALsylPfzUmRjwPEYyns98P/3RUSsAANpJBL9HwZUMw5ozu035sHDBxiV7J/H769NgDbXv7j23kgMr86NjiwnT82MsvnuaA/Kz8r45Y/797Ilevc+BMCW7tyNiHPF4ubxL8nHv907t419ni3D+Af750EW/7zRLv4prMc/0Sb+Odqm7+7G1v2/8KgHxXSUxX/vtY1/1x9ajQ7luRciRkajlFy9Vk2zse3FiDgdpcNZvtvznAvLD1c6bWuN/7IlK78ZC+bn8ah4+OnXTFcalb3UudXjuxGvtI1/k/X2T9q0f3Y9Lm+zjJPp/Vc7bdu6/s/Xyk8Rr7Vt/40nWkn355Pjq/fDePOu2Oyvr07+1qn8g65/1v5Hutd/NGl9XlvfeRk/Dv+Tdtq22/v/UPLpavpQvu5WpdGYPx9xKPlo8/qJjdc28839s/qfPtV9/Gt3/49ExGfbrH+3mXQ/tP/0jtp/54mHH37+Q6fy8/qXomv7v7maOp2v2c74t90T3Mu1AwAAAAAAgH5TiIhjkRTK6+lCoVxe+3zHS3GkUK3VG2eu1hauT8fqd2VHo1RoPuk+vpZPmp9/GG3JTzyTn4yIExHx7dDIar48VatOH3TlAQAAAAAAAAAAAAAAAAAAoE8c7fD9/8zvQwd9dsBz5ye/YXBt2f978UtPQF/a7d//+R6fB7D/xP8wuPR/GFz6Pwwu/R8Gl/4Pg0v/h8Gl/wMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXb50KVtWlp/cnsry0zcXF2ZrN89Op/XZ8tzCVHmqNn+jPFOrzVTT8lRtbqvjVWu1G+cnYuHWeCOtN8bri0tX5moL1xtXrs1VZtIraWlfagUAAAAAAAAAAAAAAAAAAAD/LfXFpdlKtZrOS/RzYvg5HfnO3o9T7IfrI7HjRBLd9znokQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvwbAAD//+f9MzI=") chdir(&(0x7f0000000100)='./file0\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x4000050, &(0x7f00000000c0)={0xa, 0x4e23, 0xb, @loopback, 0xffffffff}, 0x1c) 2m42.711988846s ago: executing program 4 (id=343): r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x10) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) accept$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000280)=0x14) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f0000002300)=[0x0], 0x0, 0x0, 0x0, 0x1}) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003d000b08d25a80648c7494f90224fc60580002400c000400030082c137153e3719ac018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000740)='./file1\x00', 0xa00004, &(0x7f0000000300)=ANY=[@ANYBLOB='iocharset=cp860,gid=ignore,anchor=00000000000000000010,shortad,nostrict,utf8,umask=00000000000000000000012,novrs,longad,iocharset=macromanian,rootdir=00000000G00000000013,nostrict,nostrict,\x00'], 0x5, 0xc7f, &(0x7f0000001300)="$eJzs3U9sHNd9B/DfG5LiSmljJk4VJ42DTVuksmK5+hdTtgp3VdNsA8iyEIq5BeBKpNSFKZIgqUY23JbppYceAhRFDzkRbYUCKRoETRH0yLQukFyMosipJ6KFjaDogS0CBGiRbjGzb8UVRVq0SIqS/PnY1Hd35r2Z92ZWMxTBNy8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIjffOXc8RNpkxV9+9AYAOCBuDD25eMnN7v/AwCPrUtb/fsfAAAAAAAAAAAAAAB4WKQo4slIMXdhLU1U7ztq51sDN26Oj4xuXu1gqmr2VeXLr9qJk6dOf/H54TPdPN+aeZ/6u+3T8drYpXP1l2evz81PLSxMTdbHZ1pXZientr2Fndbf6Gh1AOrXX78xefXqQv3kc6fuWH1z6L3BjxweOjv8zLGnu2XHR0ZHx9aL1HrL9993Qzq2GuFxIIo4Fime/faPUzMiitj5sag92HO/0cGqE0erToyPjFYdmW41ZxbLlRe7B6KIqPdUanSP0ebnIvoHHmgfttaIWCqbXzb4aNm9sbnmfPPy9FT9YnN+sbXYmp25mDqtLftTjyLOpIjliFgdvHtzA1FEf6T45hNr6XJ+6kd1HL5QDQzeuh3FHvZxG8p21gcilotH4Jw9xAajiFcjxU/ePhJX8nWmutZ8PuLVMr8XcavMlyJS+cE4HfHuJp8jHk39UcQfl+f/7FqarK4H3evK+a/UvzRzdbanbPe68gHvD3ddKfbp/nBwQz4YD/m1qRZFNKsr/lq6/292AAAAAAAAAAAAAAAAANhtB6OIT0WKV/7ld6txxVGNS3/i7PBvDf1875jxp+6xnbLscxGxVGxvTO6BPDDwYrqY0j6PJf4wq0URv5fH/319vxsDAAAAAAAAAAAAAAAAAADwoVbEjyLFi+8cScvRO6d4a+Za/VLz8nRnVtju3L/dOdPb7Xa7njrZyDmRcynncs6VnKs5o8j1czZyTuRcyrmccyXnas7oy/VzNnJO5FzKuZxzJedqzujP9XM2ck7kXMq5nHMl52rOeEjm7gUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeJwUUcTPIsU3vraWIkVEI2IiOrkyuN+tAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKg6mI70aK+m83bi/rj4hU/d9xpPzjdDQOlPnxaAyX+VI0zuVsVtnf+Po+tJ+dGUhF/DBSDNa+c/uE5/M/0Hl3+2MQt95af/fp/k72dVcOvTf4kcNPnB0e/exTW71OmzXg6PnWzI2b9fGR0dGxnsX9ee8f71k2lPdb7E7XiYiFN958vTk9PTV//y/Kj8B9Vu+eyR3svfPiozvuxXZepP5daOpOXvzfvu79w/ci+vdv77vy92Infb9DbR+uTey98v7/bqT4tXf+tXvD79z/a/FznXe37/Dx099fv/+/uHFD27z/92+sl+//5Z1gs/v/kz3LXszfjQz0R9QWr88NHI6oLbzx5rHW9ea1qWtTM6ePH39hePiFU8cHDkTUrramp3pe7crhAgAAAAAAAAAAAAAAAHhwUhG/ESmaP1xL9Yi4WY3XGjo7/Myxp/uirxpvdce47dfGLp2rvzx7fW5+amFharI+PtO6Mjs5td3d1arhXuMjo3vSmXs6uMftP1h7eXbujfnWtd9Z3HT9odq5ywuL880rm6+Og1FENHqXHK0aPD4yWjV6utWcqape3HQw/Qc3kIr4t0hx5XQ9fS4vy+P/N47wj1tvvXD7s7C0cUO7OP7/s4fWx/99rKdouc+UivhppPjVP3kqPle181Dcdcxyub+MFEfPfCaXiwNluW4bOs8V6IwMLMv+V6T425/dWbY7HvLJ9bInPtDBfQSU5/+JSPHdP/pW/FJedufzH3rP//rxO7RxQ3v0/IdP9Cw7dMfzCnbcdfL5PxYpXnryO/HL1ZL/ed/nf3Sf2HCkU3j9+Rx7dP5/oWfZUN7vr+xW5wEAAAAAAAAAAB5hA6mIv4oU3x/tT8/nZdv5/b/JjRvao9//+mTPssndma/oni92fFABAAAA4CExkIr4UaS4tvjn/9wdQ33n+O+e8Z+/vj7+cyRtWFv9nO+j1XMDbv/MrzuAegc//+s1lPc7sbMuAwAAAAAAAAAAAAAAAAAAwEMnpSKez/OpT1Tj+Se3nE99JVK88h/P5nLpcFmuOw/8UPVn7cLszLFz09OztVhsXp6eqo/NNa9MlXU/ESnW/uIzuW5Rza/enW++M8f7+lzs85Fi9K+7ZTtzsXfnJu/MB15rtyNOlGU/Fin+/W/uLJunps5zR1fbPVmW/bNI8dW/37zs4fWyp8qy34oUP/hqvVv2UFm2+3zUT66Xfe7KbLEHZwUAAAAAAAAAAAAAAAAAAIAPm4FUxB9Giv+8vnx7LH+e/3+g523l1ls98/1vcLOa83+omv9/q9f3M/9/9VyBpa32CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj6cURbwZKeYurKWVwfJ9R+18a+bGzfGR0c2rHUxVzb6qfPlVO3Hy1OkvPj98ppvvX3+3fSpeG7t0rv7y7PW5+amFhanJ+vhM68rs5NS2t7DT+hsdrQ5A/frrNyavXl2on3zu1B2rbw69N/iRw0Nnh5859nS37PjI6OhYT5n+gfve+13SFssPRBF/Gime/faP0/cHI4rY+bG4x2dnrx2sOnG06sT4yGjVkelWc2axXHmxeyCKiHpPpUb3GN3zXPxvu91+UF3ZRCNiqWx+2eCjZffG5przzcvTU/WLzfnF1mJrduZi6rS27E89ijiTIpYjYnXw7s0NRBGvR4pvPrGW/mEwoq97HL5wYezLx09u3Y5iD/u4DWU76wMRy8V2zhlbGYwi/i5S/OTtI/GPgxH90fmKz0e8Wub3Im5F53yn8oNxOuLdTT5HPJr6o4j/Ls//2bX09mB5PeheV85/pf6lmauzPWW715Ud3h/a7fYflLl/94cH6SG/NtWiiB9UV/y19E/+XgMAAAAAAAAAAAAAAAA8RIr4xUjx4jtHUjU++PaY4tbMtfql5uXpzrC+7ti/7pjpdrvdrqdONnJO5FzKuZxzJedqzihy/ZyNMmvt9kR+v5RzOedKztWc0Zfr91XDFduN/H4i51LO5ZwrOVdzRn+un7ORcyLnUs7lnCs5V3PGQzJ2DwAAAAAAAAAAAAAAAAAAeLwU1X8pvvG1tdQe7MwvPRGdXDEf6GPv/wMAAP//oID2KA==") r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x20083, 0x0) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='sysv\x00', 0x8000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x5) r8 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) r9 = dup(r8) write$binfmt_elf32(r9, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c464a030103ff0700000000000002000300040000003e03000038000000d600000097700000fe0320000103"], 0x58) execveat(r9, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x2}, {0x40000001, 0x0, 0x8000000000000000}]}) 2m41.992906849s ago: executing program 4 (id=347): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$VT_WAITACTIVE(r0, 0x5607) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0) r6 = socket(0x25, 0x1, 0x0) sendmsg$TEAM_CMD_NOOP(r6, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x1) 2m41.619889991s ago: executing program 32 (id=347): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$VT_WAITACTIVE(r0, 0x5607) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0) r6 = socket(0x25, 0x1, 0x0) sendmsg$TEAM_CMD_NOOP(r6, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x1) 1m12.133380466s ago: executing program 5 (id=1176): socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x723080, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000017c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r2, @ANYBLOB='\a'], 0x0) 1m10.135794386s ago: executing program 5 (id=1200): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x3a, [0xfffffff8, 0x0, 0x5, 0x10009, 0x8, 0x155f, 0x6, 0x2, 0x25cd, 0x401, 0x40000b4, 0xa, 0xb2b9, 0x24, 0x81, 0xe4, 0x6, 0xfc000000, 0x10003, 0xbc0, 0x1000, 0x1, 0x48, 0x100d, 0x3, 0x12a0, 0x8000, 0x1, 0x7, 0x6, 0x5, 0x81, 0x40008a, 0x79, 0x2, 0x10001, 0x4, 0x91, 0x4, 0xe769, 0x16, 0x2, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x84, 0x9, 0xf9a2, 0x80000001, 0xff, 0x2, 0x2, 0x2, 0x2, 0x7, 0x8, 0x7, 0x5, 0x4007f, 0xffffffff, 0x6], [0x3, 0x16e, 0x6, 0xf6ca, 0x4, 0xda, 0xb8a9, 0x20000070, 0x8e, 0xd50, 0x7, 0x5, 0xfffffffe, 0x80d, 0x5, 0xa7, 0x1000, 0x0, 0x200b395, 0x400000, 0x80000000, 0x4, 0x19, 0x7, 0x400001, 0x3, 0x3, 0x8, 0xffffff7f, 0x401, 0x6, 0x200, 0x96, 0x0, 0xfffffff6, 0x401, 0x101, 0xf1, 0x6, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x0, 0x1ce, 0x1, 0x80000004, 0x80000001, 0x2, 0x2, 0x9, 0x95, 0x80000000, 0x4, 0xfffffff9, 0x40000003, 0x1000, 0xfffff804, 0x5], [0x2, 0xfffffffe, 0xfffc, 0x6, 0x2, 0x2e6bf783, 0x5, 0x5, 0x400005, 0x491, 0x8d3, 0x200006, 0x5, 0x400, 0x2, 0x400, 0x41, 0x5, 0xee4b, 0x2008004, 0x1, 0x691, 0x5, 0x89, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xffe, 0x10000a, 0x8000, 0x401, 0x3e55, 0x9, 0xd3, 0x8, 0x3417, 0x2, 0xd, 0x7, 0x601, 0x101, 0x200dd80, 0x60a0, 0x1, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x4, 0x8000, 0x0, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xa, 0x10000, 0x3, 0x8, 0x1], [0xa772, 0x2, 0x7, 0x1afa, 0xbfc, 0x8, 0x3, 0x7f, 0x55, 0x40, 0xc, 0x1005, 0x1, 0x8000007, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xfffffeff, 0xffbffff7, 0x8, 0x7, 0x5396, 0x939, 0x6, 0x80008005, 0x7777, 0x7fffffff, 0x2, 0x100, 0xffffffff, 0x7fffffff, 0x4009, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0x6, 0x10000, 0x0, 0x8004, 0x6fff, 0x2, 0x3, 0xf, 0xe, 0x10, 0x26c, 0x6, 0xfffffff9, 0x4, 0xfffffff8, 0x9, 0xf, 0x463f, 0x4, 0xdad, 0x8003, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000015000103000000000000e7"], 0x1c}, 0x1, 0x0, 0x0, 0x4044015}, 0x4000000) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x20000010}, 0x20044000) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x8, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x204344}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x9}], 0x1, 0x1d, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1m9.080927928s ago: executing program 5 (id=1211): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x41000, 0x106000, 0xfffffffd}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x50000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f00000003c0)={0xb000, 0xd000, 0x1}) 1m8.905440523s ago: executing program 5 (id=1214): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x81899, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x80000, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f00000003c0)={0x2020}, 0x2020) 1m8.779817937s ago: executing program 5 (id=1216): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000180)=""/75, 0x4b}, {0x0}, {0x0}], 0x4, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) mkdir(0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f0000000180)={{}, "afe1658d587e93ab4b5fca380cdddd71e95c81000bac90d9689507b96ace5d2f9f55fddb8b36c7cac9209681a5fa01cd3874b06f2fcadd0d6c3b2543560ad96ffb3b3bb528250d54c3849e85a72f9805820433eaf86b855cc6bb316351ebf38753b22f619e6525c21a5050c57297595293366a0ed2ad9b308f845f1d9af97cf6384f5ec26ca2afea4eb950f209116b1d8b58fe396fcfb8ae0b8898f212b216cbb7d1bbd57a726d194a29a4e15e035b8162b139c67404e6a503db799c06078f56258de59c08f1812611aff6d4485a01f3413b9b4a11412629c2a4810db413d940af170b313dcf9a1e08e0156a7784c413ffa69bfb6b135b6093ad19c7f8bc70e5f9a0bcf07eb164c44642489845d93c25064c768ff253b3faf52378653b61ed2f3460a2221e6d9b2c04e99cd9fe74c005a330a08f558771a77771a1d1eb8b110912dbc327e07869f73b857cb841b5a47296a81d956c030dee87fda743cf9e56d08856a82ee26a390ac2569a31ca9beccda0251f28b124ee1e8ea6babc1b1e2d81fc795de9620301d65ded5865c5a9f6ce7422536d40694c2aa987542364f7f0bb75bdb0182d10b18a64045c7dadc0c82a47eab7e735fe240f27bb5da305cd08c86314a4a5fef8487c96bc1ea97409d73e1cc6ceba35f74eea39f2bf881833298b1e1a201eb9ea9c0754d41ef9a91b4deefcaeff08ee35a1f31b2d780b3934d5913626ef4a0f31c8e057e43ff14fc6fbf5e4a86b906b1ba320f3c52b629974a1324d97067935df1e4340b071130ee953bababf9dc0229e4a2f29cf1ae2713ffe85a5a9bd374c928ed416e1bd2516657bd4d3a9ac114ed279fcd89645245df7c55454fc367513ffae594d5236b320ad103f2d0956b3da7344a29fc910040027ca8b239d00ab5e79eeb83e25275fb61ceb65f6ace88cb43f106e128330ae709e19f209afd87b934dbd0faf470dfb52fdfd73bfa9a7a983b36d78469568ae69a0481cdc764c554d5ac03e607781cf3a5e209bffce2276529929d800f6d9b8a2f100108d7b883b5ce5e19da38ae5c99a8351b4e41c538fee7299a890edc630abbfe604c0b8847a7b5b4eec1dc00ed60e95b5374270ec634ff6d6ccbcd08145f9df1c2082c9447482ed42b4d0ea9a73bc9a68e36ee9e118bb5c08e1e7c2bd2627e82902d2c6f0da90bdbc52103f3992663653fd2b41a4294aa8f222812fa8b5e1864b75748f992bc2b396c03e202e8bfe9a1ccca1cb8b28c9c6faa47cc6b871140ddc45a0d02c752175a0498c3ba30e79c12d6ebbc32d5533d0216529e0f713eac725fe41bad4c9051d364bf38e3b72641510b09b2645447ea13b440d568adc9aa9ce85c967d78a14bdbd2fcfe0c7324a556ee841fc9ffd7a3c784fe41a349ced68e01c145db8847a547086c5595b9f6299bf7432e0e9c9a4a9108a24f7ad49c18a3ec771953480a0a0fdfeaded6b74f174ea2def77a0b9799f6b75a77a6314a4165e194be616eb5c98726d88da79f54fd01d39e751837a6bd0d77ca79073b3a7e62686fd8e089b0258645db505bb674174d626b1d1cfdf0f32b0d880884b73c63bc78a231a8cb45a12884907c021f87cdd7b2f1de020044666d38a866983c8ffa0cc6963a745c108e80a3b54eedac65b68c897043d914f146ba4ca18a61e144e7746d31879fa7ae7c2a43747e6060d79669bf9a8edcc229b7f1a0fe239b398692a6a65acd19c58442dfa8997430aab89aae8fb8f201bb1fd58605cf9dfe5c85a15e0928542a8fd7768f4b7750c7aeab8d9ced7c9fdea6cc38bc38209f608cc3d7c8bc9240b5b7d1661b8bfd231f30047befefd70183fb8330d184394159cd4153990c6a43ccded133adecced28499e73c4b25ee86e5d68848670736362931be74fe0aab5708ce05f4d6d7a068c590d36f99a0ba3501df60d9c01f54a7c366727287996de354c4a3a5e1ece988e5f59087c730afa107edbab31de441a88061ad799fefef86254a2f2891aa47420dd3f6267833a5345bf001d10c9f1fd121401ae846a9a5df517210cd0beb50a5139854aa1747115bca24522dae42667ef9ce893c4db108941198ed5323f582f11c4b13385f60b3038fa661f3ed276504fb51fb966ef88cbbb953c269ea2ed989ced5e8988839c55b398dbce98ce1e976c2065b2ded80f929dc6ef8afad6b61145686ce14e2d26f0694fda1e52a6c5155c0d8ea91544c76548a25376f13de7245b48e7298421d2c2433a472a8c89c3e621c5370654e1c7bba0f3d8bdf40c36cdbf02f6b5a7c4138b9e3931896fd89272b4d61a9875c00ba0d8d1bd960b9aaee3b6f127db1155680d7eefc5eaa6d4c648fca303706796bef110fbdb731d9e671f937e55ebf5d2e64f7cdcc073c905c134e8d3852689ed81c95be0c259816e7ff7b979557684aa1b6c2dd42754bda93e3e55c5ffc1122c988ca171fd57ab24ebe789e819c60ff3f9f1a9465ff4a9bdc5c2b2d9c351ffef5ab375f9024e297a26642b15108781fdf3c55d0aa9a8cb68ba93b7b13cd6d05b9b16502d7f9d72d015059e7999cc4ed880fd5ebf626ea409b9f0c4ded2974bb3daf88cc1930818dc3e09200897389211d3e780faa0acd64e37c60924a3fd0a16a7146a41b1b01e43fecf610c7d11d42baac5a60db7638077162cd58b3f734070e81ee71c5092422eaac366b41dd996723124df9005cbae4e2ec47f8a06616bd7faa5da6c0200c872c2ef929a16c823c57f2d4f798061e49102cab3af65a5cc9f8856dc5d3c0de1440c4d8df50a7ec09491d2e651ee5f5a76b8fc2d20a07def1a8951b9770f85728b42cd9dafce7c341c26a90b7d1c2e36f03f74eda3bfb2c40eec5c454c38e90f4d31e6a0f23b2ad53a429f73761713181b7839792cc494f21c5be9dd7f167a6681720ccd3cfcdd4b427058b995505a82993805a1860d5ea75e61c216ec9594adfd39cab47511578d57e312f2f3e0d2da8f2d8dbe3fc1fd281bdd8e7dbd203e4ec3e7d3b468ad2b81a76c5bac460f497e3cdb6bf0c6be5ceae4bd488b9597b13a37885b95426d8ea06760516ec13aa339084407d1f45e331e5dd77ac73306f70996728a0d67b48a833e9a3ddf22968e898b59e4b4c9a16aa9ea8120202737746e1a5ec2cca9640d69df2b27900de7abe573b7c023a88d7f3fcc3469a3a4e7f9f9095a6fed55fbb1d3582807407e62b55a38d33e70a0203513f30d37a4e6f03acd9d0fd2f3438eb485aa5e693806c002efd0811ab92518c41856039d7f36cf9981981231b3cea3493f0e8988bd05d3d424a5bfc8d1cdfd0e09e3ce12cab6edfb7f6d80c1edbb4d1d51a1500b0876e13e5173bfeba378c71046e70b590cf542094d01f458a3cec642fb1ce13a992765eca608579e85f03e7d871dbdbd882ce4821a944179e48a920d346ae21b08ee043cbbf3284c3a67d9b9417a5fed1202ca537f7711650f692df044f145587467dfdd45405d7caeb064bfa12b52057e90d2b5d2885bbaf032db769654af272dd78bb8ec8446344d0c1ca57d51fe1243e0a02ada90371e75418223f171f014f9a970964828cdd9faf3b66789cefd0374437f2a271c2765d9876943fb93205cb12448d4cccf68c28259e85a540e013ac77414a147fb1e0f0fc4a4d859a928eaef6e952a103a944052534c9264c85f4200cc8b465f66725c779f49312a308dda8fe7e423ebbee16e64ad6e112b3efd95584160f08c83595fdddfa39c4b89867fcf23085a24c53a6d846863b95f5605beb9b0a1cc6d191524da81ce89c0f7767652d887661b5299e300f2e83a6c962cf9089d82b139f4bedcc14bbf6611258d52e1f3d5a5e3ac05cfa4d066550b2180c31695a52da12c1412e55cdbe6660d86fe4c8eda51f2adf34b81af8ec55b549c3bbcc588c5f074e0dc76bb9bbd0cdea26dd47d84d9321f970912d374a081c9ebb74700a0792dbbb2da41ae7e3aa5230bdd260bd208b68100dc2f7bf2132d7cb34084e999b6ee2b91356ce766523a80359147af20fa15febc42b89d43e4a48d13cb8ed6678f346aa981954e0520ea8cd0a0c16281e57f33a5e3fd97d55d24386832c17f22b1c1fb91d5b1f362f3bc8aa8369c18444fc10e9d1285f6a3bcf24e2606b69fbd89f337f7ee3c27b1a2c7e8dec2c38c84c6712de1e7f1d790d86d8e0a402c40d406d39c13879f4d103adcbca13570eadcd424f8e06155885b054e1d7f994723fd22a6d704a89e6b126271ec5c19ea7b814c36f9ca9a0223da630324ca0f2a3010f4e53426d8d514bcc3303e6fa429c00244b918c01a444f74dd376bccb5709ed103514484a67240c4b992c722601e27dee6ba8b37608ba66e2065f8298a6df8c0a491113bf10e0bf18867dda3e1170fa1853b355fdf41898de4a339927872e8d9fb8a4d1c31833ac1355695a20c75ff6dafb70244a3754cb58feee89045e3408da902a7987e6a66dad0f044951a560954ee812abe142e9a4db701bdc46fabb0b98b4be01dadd629cffc661a3816744bcacdc38777494289ba156b272ade8f4ed3e32ce48958863b09bb09fb6999281164c0c5b50a77350d5f3c78d951fa76d1db68587e58bd40f824a68fd59c4ebd4f7e22e8e1458911012472b876ab15ca8c48ef664b1da41bd1ad9a5b799a1de8b2962c477f1726cbbe4f285a5c387842ac723b3877f5826503b68602c4bdaea94544b4b056142876d995d0db128a38f5c4547f12cf9d1cbc678cd42eebf67519484ab251855dbda09dd04ddc031860a69fd592fa1c12d59adc4699c246a666f6f6c20c1a21562f05f8db43ff424cea0d16789a6a69dc8552f4865bb3fac5b650b549432a0383c8f95c79084ca4841903f0c04319135f2bfc94ec8837374f0c1eccaacf8a0722d54b1a0e748a79e6c7ecdcdbfe376d080d9747a9a5a13cc7eb4111345216d1c787f05c992df3712d2a194ac325bb568abc6a97011bc62110ee12ba209d76f690ddb4e4b417f5b5db52ee7ad97159dfcf82b1c2a4eb5a97396fa24e52ba1c47330f7caca91b2965bac75dbcb86ac85a07b774dbf82be5fc92a8621e80973418d94a0bc10905a3815e04d1a668ea8cb5ffb293893b06bd372c75b477118b78dd69a04097ca8ff8f8fb21a5293d2fe6785e33d15d61008c4ca84121a8e48fabba3656250fba7e058ffc1705c7fa13509fc7c96fc9b16d0b21a26b11ebfc3325a2ca682bc014ec54dc8433af105ada5566f491d3ebe5e1e5f0859b28a576fb7978f2a1b4897890c1c9b0c1f4f8c7351ca738a6100c4f64092d865bc65a8b92007b117e5a4dd7988d3281aa2ccebb36f9af5032eeca2c8a72888c84346d3945507a6bb956b84f03d88a90bb9ecc466c7d94a3670783e11b312ecb4f9eb8489df8d129110b6bd710138476c8be75327e9ea6a0b94b8567b31692fee2d9c17d7e20d3d23cc4d317710537f608793e87d9158cd61a43306898da40d01b544fc951ccd13f11b4b8fbf47d694df601fd6677d796818571ee3125089316e3d33c5684affe9f29f12186bb5dc4c5eaee94e41d07a03c9c59db95bc42c23da55c497caa6a64c73ea3059a8c80955a9730666a0e02c3bf87cfb79542d84a529d7bf9c3ac60b323952fa439c2e5fd512c3bfe3770178b4e8d7efa223bd76830a6b8b604e15773d63d9fec504ea6561793723ff4f6fbdd016372e1a98a9252e8d1607512e5397c78498f68d3792ef7a28f74f4b15358afa5674d4340863a2897af87499bd073a06aef8215f76c9418f5b82b79b77f0a01dfc059b510794cda70b7daf2c74950652e"}) r0 = socket$kcm(0xa, 0x3, 0x3a) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xfe80000000000000, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)='\x00\x00', 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) mkdir(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x0) socket$packet(0x11, 0x2, 0x300) 1m8.556008914s ago: executing program 5 (id=1219): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000a40)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x1c, &(0x7f0000000300)={@ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/89, 0x59, 0x1, 0x1b}, @flat=@weak_binder={0x77622a85, 0x100, 0x2}, @flat=@weak_handle={0x77682a85, 0x0, 0x1}}, &(0x7f0000000a00)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 1m8.37364944s ago: executing program 33 (id=1219): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000a40)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x1c, &(0x7f0000000300)={@ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/89, 0x59, 0x1, 0x1b}, @flat=@weak_binder={0x77622a85, 0x100, 0x2}, @flat=@weak_handle={0x77682a85, 0x0, 0x1}}, &(0x7f0000000a00)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 8.061900203s ago: executing program 6 (id=1806): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x400000}, 0x50) r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, r1, 0x7, 0x0, @val=@tcx={@void, @value=r0}}, 0x1c) bpf$LINK_DETACH(0x22, &(0x7f0000000140)=r2, 0x4) close(r2) 7.880063168s ago: executing program 6 (id=1807): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_create1(0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000240)=0x2) ioctl$PPPIOCBRIDGECHAN(r4, 0x40047435, &(0x7f0000000200)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 7.754845593s ago: executing program 6 (id=1809): syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x2000000000000013, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xb8, &(0x7f0000000140)=""/184, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x0, 0x4e}, 0x28) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed50004"], 0x11) request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) socket$nl_route(0x10, 0x3, 0x0) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) 7.680542225s ago: executing program 1 (id=1810): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x3a, [0xfffffff8, 0x0, 0x5, 0x10009, 0x8, 0x155f, 0x6, 0x2, 0x25cd, 0x401, 0x40000b4, 0xa, 0xb2b9, 0x24, 0x81, 0xe4, 0x6, 0xfc000000, 0x10003, 0xbc0, 0x1000, 0x1, 0x48, 0x100d, 0x3, 0x12a0, 0x8000, 0x1, 0x7, 0x6, 0x5, 0x81, 0x40008a, 0x79, 0x2, 0x10001, 0x4, 0x91, 0x4, 0xe769, 0x16, 0x2, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x84, 0x9, 0xf9a2, 0x80000001, 0xff, 0x2, 0x2, 0x2, 0x2, 0x7, 0x8, 0x7, 0x5, 0x4007f, 0xffffffff, 0x6], [0x3, 0x16e, 0x6, 0xf6ca, 0x4, 0xda, 0xb8a9, 0x20000070, 0x8e, 0xd50, 0x7, 0x5, 0xfffffffe, 0x80d, 0x5, 0xa7, 0x1000, 0x0, 0x200b395, 0x400000, 0x80000000, 0x4, 0x19, 0x7, 0x400001, 0x3, 0x3, 0x8, 0xffffff7f, 0x401, 0x6, 0x200, 0x96, 0x0, 0xfffffff6, 0x401, 0x101, 0xf1, 0x6, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x0, 0x1ce, 0x1, 0x80000004, 0x80000001, 0x2, 0x2, 0x9, 0x95, 0x80000000, 0x4, 0xfffffff9, 0x40000003, 0x1000, 0xfffff804, 0x5], [0x2, 0xfffffffe, 0xfffc, 0x6, 0x2, 0x2e6bf783, 0x5, 0x5, 0x400005, 0x491, 0x8d3, 0x200006, 0x5, 0x400, 0x2, 0x400, 0x41, 0x5, 0xee4b, 0x2008004, 0x1, 0x691, 0x5, 0x89, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xffe, 0x10000a, 0x8000, 0x401, 0x3e55, 0x9, 0xd3, 0x8, 0x3417, 0x2, 0xd, 0x7, 0x601, 0x101, 0x200dd80, 0x60a0, 0x1, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x4, 0x8000, 0x0, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xa, 0x10000, 0x3, 0x8, 0x1], [0xa772, 0x2, 0x7, 0x1afa, 0xbfc, 0x8, 0x3, 0x7f, 0x55, 0x40, 0xc, 0x1005, 0x1, 0x8000007, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xfffffeff, 0xffbffff7, 0x8, 0x7, 0x5396, 0x939, 0x6, 0x80008005, 0x7777, 0x7fffffff, 0x2, 0x100, 0xffffffff, 0x7fffffff, 0x4009, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0x6, 0x10000, 0x0, 0x8004, 0x6fff, 0x2, 0x3, 0xf, 0xe, 0x10, 0x26c, 0x6, 0xfffffff9, 0x4, 0xfffffff8, 0x9, 0xf, 0x463f, 0x4, 0xdad, 0x8003, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000015000103"], 0x1c}, 0x1, 0x0, 0x0, 0x4044015}, 0x4000000) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x20000010}, 0x20044000) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x8, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x204344}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x9}], 0x1, 0x1d, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 6.627881407s ago: executing program 1 (id=1814): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x48}}, 0x400400c0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, 0x0, {0x7, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_XOR={0x8, 0x7, 0x9}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}]}}]}, 0x4c}}, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0) close(r1) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r6 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f00000004c0)=@xdp={0x2c, 0x0, r3, 0x18}, 0x80, &(0x7f00000008c0)=[{&(0x7f00000001c0)="27030200dc0f14000e00000000acc10200000011125ce882cbf400930bf4533f00429c65112a093bbf60b85bcb06", 0x2e}], 0x1}, 0x4005) 5.54950439s ago: executing program 0 (id=1819): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_create1(0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000240)=0x2) ioctl$PPPIOCBRIDGECHAN(r4, 0x40047435, &(0x7f0000000200)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 5.376098075s ago: executing program 0 (id=1820): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xfff3}, {}, {0x9, 0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x7}}) r8 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2c, 0x2, {0x0, 0x0, 0x0, r9, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29d}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x8, 0x80000001, 0x7}, 0x1d}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4894}, 0x2) r10 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r10, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r10, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r9, 0x42}, 0x80, &(0x7f0000000440)=[{&(0x7f00000001c0)="27030200dc0f14000e0003000024c1020000ff1107c2fb7fe0406e52534b4f6b3d327db412f40000000000000000", 0x2e}], 0x1}, 0x4005) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newtfilter={0x30, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xf, 0x1}, {}, {0xffff, 0x6}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) 4.050101976s ago: executing program 6 (id=1828): openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000300), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb702000008"], 0x0, 0x4, 0x1002, &(0x7f00000014c0)=""/4098, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03", 0x3}], 0x1}, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000300)=ANY=[@ANYBLOB='p\x00\t'], 0xc) write$nci(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="5001"], 0x14) 3.954970959s ago: executing program 1 (id=1829): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0xa, 0x2a, [@random={0xdd, 0x4, 'abcd'}]}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x2c}}, 0x0) 3.858380772s ago: executing program 0 (id=1831): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_create1(0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000240)=0x2) ioctl$PPPIOCBRIDGECHAN(r4, 0x40047435, &(0x7f0000000200)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 3.749340705s ago: executing program 0 (id=1833): socket$nl_netfilter(0x10, 0x3, 0xc) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000003a00030724bd7002f8dbdf250d"], 0x14}}, 0x4008800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r1) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="0100003d03da910000000100000008000100911b3d37"], 0x30}, 0x1, 0x0, 0x0, 0xc082}, 0xc000) kexec_load(0x3, 0x4, &(0x7f00000005c0)=[{&(0x7f0000000000)="6509534a17aa723cba21a9d63c6a556b30b910a580cb50d65e9fab1ed59a7eb00a7109e4a355bed417bce60d6a5baab4bbecc5b2faaf2eba28c331345b612f1f4cbfdfa7bcb9bd2a0fbc8d7786bb68cff61167b98ef0adfbb79545bbb2c409be3adb3b54846920f1b194db5258279e8d06b863d51c0f90cd79ecb1f5ed3c44eb6353c0b451fe3f9b118422addd3f936d8cd5562d6ce55bf378ee8c0d0fc5", 0x9e, 0x5, 0xff}, {&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4ba1683339879a11b854a7478f898805f327af12eaab8ac918c201b7f932e124796f1aba03e031312bd7e67403651abac282b310f420dbcdea31d52854783d6952a2a7b10", 0xa8, 0x5, 0xffffffff}, {0x0, 0x0, 0x5, 0x4}, {0x0, 0xfffffffffffffdf9, 0x7, 0x2}], 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000640)=ANY=[@ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB="3a6d61784522770080319023efb46e7125759b75f3051a09b15c0136329c5ece3ee9c30059227140e42caeb11c45e9b65b7aace0bed8821ddcc710570b3f1e144034adc658ad8c9f7f337dd17e374d5c25901a9debca240d6133b382e6f2ba57c57a0eefbd5442b2e34af6d4852e60aa70c382ca6c22ca2833817554fa63d851baae79d55609234dd0711e3b658ec9d1d53ba1cdffc970b461c44b98a8207cb974fafdb74832d5754f10e7dede215916907ee8ec5e962ba8832130d499fb7b50c9acda0e"]) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 3.426149955s ago: executing program 3 (id=1836): r0 = socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 3.401269696s ago: executing program 3 (id=1837): creat(&(0x7f0000000ac0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x800) chown(&(0x7f00000003c0)='./file0\x00', r0, 0xee01) lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000040)={{}, {}, [], {}, [{0x8, 0x4, r1}], {0x10, 0x2}}, 0x2c, 0x0) creat(0x0, 0x0) 3.285873359s ago: executing program 3 (id=1838): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000ff07000009"], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0d000000ff0f0000040000000600000001000000", @ANYRES32=r0], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000340)=r0}, 0x20) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x7fff, r2, 0x72a8942b9f4923a6}, 0x38) 3.163429043s ago: executing program 3 (id=1839): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x48}}, 0x400400c0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, 0x0, {0x7, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_XOR={0x8, 0x7, 0x9}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}]}}]}, 0x4c}}, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0) close(r1) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r6 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f00000004c0)=@xdp={0x2c, 0x0, r3, 0x18}, 0x80, &(0x7f00000008c0)=[{&(0x7f00000001c0)="27030200dc0f14000e00000000acc10200000011125ce882cbf400930bf4533f00429c65112a093bbf60b85bcb06", 0x2e}], 0x1}, 0x4005) 2.180676793s ago: executing program 2 (id=1847): r0 = socket$alg(0x26, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x4) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x50}, 0x4000) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000040000701feffffff00000000037c2000040042801c0001800600060088480000100007"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB='8\x00\x00'], 0x38}, 0x1, 0x0, 0x0, 0x20004085}, 0x4004080) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 947.415791ms ago: executing program 2 (id=1848): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 944.696941ms ago: executing program 0 (id=1849): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r1) kexec_load(0x3, 0x4, &(0x7f00000005c0)=[{&(0x7f0000000000)="6509534a17aa723cba21a9d63c6a556b30b910a580cb50d65e9fab1ed59a7eb00a7109e4a355bed417bce60d6a5baab4bbecc5b2faaf2eba28c331345b612f1f4cbfdfa7bcb9bd2a0fbc8d7786bb68cff61167b98ef0adfbb79545bbb2c409be3adb3b54846920f1b194db5258279e8d06b863d51c0f90cd79ecb1f5ed3c44eb6353c0b451fe3f9b118422addd3f936d8cd5562d6ce55bf378ee8c0d0f", 0x9d, 0x5, 0xff}, {&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4ba1683339879a11b854a7478f898805f327af12eaab8ac918c201b7f932e124796f1aba03e031312bd7e67403651abac282b310f420dbcdea31d52854783d6952a2a7b10f3e45715203107f8ce516d99c8c7db918e0989ef123cc5", 0xbf, 0x5, 0xffffffff}, {0x0, 0x0, 0x5, 0x4}, {0x0, 0x0, 0x7, 0x2}], 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000340)={{r4}, {@val, @max}}) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 913.350762ms ago: executing program 1 (id=1850): r0 = socket$inet(0x2, 0x3, 0xa) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000400002000000400004802800018011000100666c6f775f6f66666c6f616400000000100002800900010073797a3000000000140001800d00010073796e70726f"], 0xc8}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000000000000000000007000000860a00000003"], 0x20}}], 0x1, 0x24000004) socket(0x10, 0x3, 0x0) socket(0x1, 0x4, 0x9) unshare(0x24020400) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0x0, 0x3}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffffb}, 0x2}}]}, {0x3, 0x6, "e53d2d79723e2e614a791ba8e24e1e340dfa35b12c52ed4e1d3a7be902511feb177b3d2b4b5fd2d7f807eee09e02b0720f9c5c2a4eb765c4ec38ea9353f8ef37cf1fda11b5e36f1348c053b5d7f8879bcd302757e2740e74b724a53c87a743960f0d0f503ca445247d318285b25e3088b7321f3f850a6d203eeb0602a8f7083ca95ddea898aa09e692a56366e476fd3fd2a10a87b2f1dd16cc58d8d202b80d3ee800253b801d40dec7b04ac3e71489f9"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x19, 0x4, 0x4, 0x5}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r6, r4}, 0x14) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x8001, 0x0, 0x1, 0x7, '\x00', r4, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x50) writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000340)="8a226ff432407a7f5fd09590d734f795e12e57ce9fed3f0300eb6368ed559a85603b0080", 0x24}], 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b36, &(0x7f0000000000)={'wlan0\x00'}) r7 = socket(0x28, 0x801, 0x0) connect$vsock_stream(r7, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10) connect$nfc_llcp(r7, 0x0, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) r9 = socket(0x40000000015, 0x5, 0x0) bind$inet(r9, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r9, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r9, &(0x7f00000005c0)="48fcc048c8", 0x5, 0x0, &(0x7f00000000c0)={0x2, 0x4e24, @private=0xa010102}, 0x10) setsockopt$packet_fanout_data(r8, 0x107, 0x16, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x9000}, 0x8) 912.904882ms ago: executing program 3 (id=1851): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000040)=[{0x28, 0x5, 0x0, 0x101}, {0x50, 0x0, 0x5, 0xfffffffd}, {0x6, 0x40, 0x2, 0xffffffff}]}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="016f080001002700000027"], 0xfd6c) 728.037528ms ago: executing program 6 (id=1852): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, 0x0, 0x0) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, 0x0, 0x4854) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r2, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 676.807929ms ago: executing program 2 (id=1853): socket$netlink(0x10, 0x3, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f00000000c0)=0x33, 0x8) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) sendto(r2, &(0x7f0000000000), 0xfeb5, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f00000001c0)=""/62, 0xfeb5, 0x10120, 0x0, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) 360.999229ms ago: executing program 2 (id=1854): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_create1(0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000240)=0x2) ioctl$PPPIOCBRIDGECHAN(r4, 0x40047435, &(0x7f0000000200)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 304.189861ms ago: executing program 1 (id=1855): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x20, 0x1405, 0x1, 0x0, 0x25dfdbfe, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0) 231.793243ms ago: executing program 0 (id=1856): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xd, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r5) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) r6 = socket$kcm(0x11, 0x3, 0x0) socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$kcm(r6, &(0x7f0000002900)={&(0x7f0000000500)=@xdp={0x2c, 0x8, r4, 0x10c}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000380)="da", 0x14}], 0x1}, 0x4000880) 226.192783ms ago: executing program 1 (id=1857): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x7, &(0x7f0000000100)=0x6, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f00000004c0)={&(0x7f0000000140)={0x1d, r1}, 0x10, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x84844}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_emit_ethernet(0x92, &(0x7f0000000240)=ANY=[@ANYBLOB="0180c2000003ffffffffffff86dd685156ea005c2f01fc010000000000000000000000000000ff0200000000000000000000000000010c2086dd001800016d4b2d9ac00837d300ad51000000000000008a7e2300000000000800080086dd080088be00000000150e0cc00100000000000003080022eb000000012f0157400200000204"], 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x12002, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) listen(r5, 0x5) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ad0050000090a01040000000000000000010000040900010073797a31000000000800054000000002a0051280100001800c0001006e6f747261636b00300001800e000100636f6e6e6c696d69740000001c000280080002400000000008000140000000000800024000000000e004018008000100636d7000d4040280e80003805800028008000180fffffffb08000340000000040900020073797a310000000008000180241a45ae08000180fffffffc0900020073797a300000000008000180000000000900020073797a31000000000800034000000003680002800900020073797a31000000000900020073797a300000000008000340000000010900020073797a32000000000900020073797a300000000008000340000000020900020073797a320000000008000180fffffffb080003400000000208000340000000032400028008000180fffffffb0800034000000002080003400000000108000180fffffffe80030380440002800900020073797a300000000008000180fffffffc0800034000000001080003400000000408000180fffffffe0900020073797a300000000008000340000000045000028008000340000000040900020073797a310000000008000180fffffffe08000180ffffffff0900020073797a300000000008000180fffffffb0900020073797a31000000000800034000000002ef0001000138d77b2d4f2f5085e9968623db1f7d47884f32d6b07f28450ed81179562d72c9ae3338a6a1566b87f1e516b455f2fc42cd47504f6cba1084fbc25288537135d5d2a79e1951ecb5ea77027ef766b2834635a5d02cf7f69e78690afe8b71190cac5c3348c906816a6e31425d31e1bd5ab45e9853b7f112c2e5a16d85e72f6abfddff3ac0316e3905821eff3977ea0a441993eaa2c7a32dcc9ec205c966a3037b76c36a8019ea490c5696b0863ffd013d80a19820aa3829bc8ab6e7e06530eca6a25c15fa2b7890678d091b5ea82347119ed03b60a078fc73aabf162f5b79e606b4e26e79e288067fa8325500bf000100da98e5ebd337b68efff788a292d96a6c5dd7ae496e4daf3a1c715d7873b5978eaf1063ae8c77e51023da252e04b7304830958286e17a3906fd895f1680fb8600b9a989734a3d5d0e54012cc9e24c0dd7b6447e358bf48862cc666b4fb92e1386538d83e9d6c1f6910e0c7f766abe340ba742100375e3d1da2729ade2420af534f0981e508317dce1915d5875483e8c4741d3051050c202e4d680f87ed029d9f887364ac578ed8b454f8f11029308dbc764bd6d427ba5fdf4d7926a00240002800900020073797a30000000000900020073797a31000000000800034000000004040002801a000100689fc67022e83421fda8531ae473457393f231b44ed800000c000280080001800000000028000280080003400000000108000180fffffffc0900020073797a312000000008000180fffffffbbf000100a20c2b9ec6c77c8db0e4673ff96467d9bb1c2bcb4b414ca8902b1646df249c0efb95fddd763713a1e05ffed340378656d880f76912216bef33df5cc17d474bfd3869bb4dc23412c7303652dc61fa3bbca42569134f23ff97b68e4ef29c89fd04fdf3d0f370f4fa741c369e0dc6ae6653c313631178c279038c5239230e275da9bfe50fc743f136ea22f6527e375e4809f44690abb860e77019c82cf582a3f8201a214e0a2743366172e5554c501a89141740070e44391201d8bb880008000140000000010800014000000017580003805400010065586d960654d4a43a3673022724f7c838a79e64860c99aeb558a42f4c5ecfbad3182746e02794305b96e706bd5ada18c1829d28dfb339a30410b5d4a468283ec0a6ef9ecec7a712ae6745805a8e9123440001800b0001006578746864720000340002800500020089000000080001400000000908000440000000990800054000000001050002009400000008000440000000b51c000180090001006c617374000000000c000280080001400000052c1c0001800900010068617368000000000c0002800800044000000ea408000a40fffffffc440000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a3100000000180003801400008008000340000000020500064006000000140000001100010000000000000000000100000a"], 0x63c}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = socket$inet_tcp(0x2, 0x1, 0x0) shutdown(r7, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x3c, r12, 0x701, 0x0, 0x0, {0x2e}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc008}, 0x4008010) sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800e23f000000147c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000500003804c000080040001800c0005"], 0xe8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) splice(r4, 0x0, r6, 0x0, 0x6, 0xb) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) sendto(r9, &(0x7f0000000180)="fe7272e49315dfbb628e5d2709ef06c8d1c9454cde58339d61b9b349bc30d20bf36ab64db077976ef3883fdae6e5fe5bc3dafffd78b30ba061a9c9784bdb636ef4e241e76e6b26c2b18653ea6828642284017456ea7699e2c5bb0c809b23290bd4369640b737bae05fff7c2cc9c23c27e846b434fc9ae582d01b5d8c05b899ec4c25e46cc1", 0x85, 0x4, &(0x7f0000000380)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e20, @rand_addr=0x64010101}, 0x2, 0x3, 0x0, 0x2}}, 0x80) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42072, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_IOC_READY(r8, 0x9360, 0x4) 198.608264ms ago: executing program 2 (id=1858): syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) mkdir(0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f0000000180)={{}, "afe1658d587e93ab4b5fca380cdddd71e95c81000bac90d9689507b96ace5d2f9f55fddb8b36c7cac9209681a5fa01cd3874b06f2fcadd0d6c3b2543560ad96ffb3b3bb528250d54c3849e85a72f9805820433eaf86b855cc6bb316351ebf38753b22f619e6525c21a5050c57297595293366a0ed2ad9b308f845f1d9af97cf6384f5ec26ca2afea4eb950f209116b1d8b58fe396fcfb8ae0b8898f212b216cbb7d1bbd57a726d194a29a4e15e035b8162b139c67404e6a503db799c06078f56258de59c08f1812611aff6d4485a01f3413b9b4a11412629c2a4810db413d940af170b313dcf9a1e08e0156a7784c413ffa69bfb6b135b6093ad19c7f8bc70e5f9a0bcf07eb164c44642489845d93c25064c768ff253b3faf52378653b61ed2f3460a2221e6d9b2c04e99cd9fe74c005a330a08f558771a77771a1d1eb8b110912dbc327e07869f73b857cb841b5a47296a81d956c030dee87fda743cf9e56d08856a82ee26a390ac2569a31ca9beccda0251f28b124ee1e8ea6babc1b1e2d81fc795de9620301d65ded5865c5a9f6ce7422536d40694c2aa987542364f7f0bb75bdb0182d10b18a64045c7dadc0c82a47eab7e735fe240f27bb5da305cd08c86314a4a5fef8487c96bc1ea97409d73e1cc6ceba35f74eea39f2bf881833298b1e1a201eb9ea9c0754d41ef9a91b4deefcaeff08ee35a1f31b2d780b3934d5913626ef4a0f31c8e057e43ff14fc6fbf5e4a86b906b1ba320f3c52b629974a1324d97067935df1e4340b071130ee953bababf9dc0229e4a2f29cf1ae2713ffe85a5a9bd374c928ed416e1bd2516657bd4d3a9ac114ed279fcd89645245df7c55454fc367513ffae594d5236b320ad103f2d0956b3da7344a29fc910040027ca8b239d00ab5e79eeb83e25275fb61ceb65f6ace88cb43f106e128330ae709e19f209afd87b934dbd0faf470dfb52fdfd73bfa9a7a983b36d78469568ae69a0481cdc764c554d5ac03e607781cf3a5e209bffce2276529929d800f6d9b8a2f100108d7b883b5ce5e19da38ae5c99a8351b4e41c538fee7299a890edc630abbfe604c0b8847a7b5b4eec1dc00ed60e95b5374270ec634ff6d6ccbcd08145f9df1c2082c9447482ed42b4d0ea9a73bc9a68e36ee9e118bb5c08e1e7c2bd2627e82902d2c6f0da90bdbc52103f3992663653fd2b41a4294aa8f222812fa8b5e1864b75748f992bc2b396c03e202e8bfe9a1ccca1cb8b28c9c6faa47cc6b871140ddc45a0d02c752175a0498c3ba30e79c12d6ebbc32d5533d0216529e0f713eac725fe41bad4c9051d364bf38e3b72641510b09b2645447ea13b440d568adc9aa9ce85c967d78a14bdbd2fcfe0c7324a556ee841fc9ffd7a3c784fe41a349ced68e01c145db8847a547086c5595b9f6299bf7432e0e9c9a4a9108a24f7ad49c18a3ec771953480a0a0fdfeaded6b74f174ea2def77a0b9799f6b75a77a6314a4165e194be616eb5c98726d88da79f54fd01d39e751837a6bd0d77ca79073b3a7e62686fd8e089b0258645db505bb674174d626b1d1cfdf0f32b0d880884b73c63bc78a231a8cb45a12884907c021f87cdd7b2f1de020044666d38a866983c8ffa0cc6963a745c108e80a3b54eedac65b68c897043d914f146ba4ca18a61e144e7746d31879fa7ae7c2a43747e6060d79669bf9a8edcc229b7f1a0fe239b398692a6a65acd19c58442dfa8997430aab89aae8fb8f201bb1fd58605cf9dfe5c85a15e0928542a8fd7768f4b7750c7aeab8d9ced7c9fdea6cc38bc38209f608cc3d7c8bc9240b5b7d1661b8bfd231f30047befefd70183fb8330d184394159cd4153990c6a43ccded133adecced28499e73c4b25ee86e5d68848670736362931be74fe0aab5708ce05f4d6d7a068c590d36f99a0ba3501df60d9c01f54a7c366727287996de354c4a3a5e1ece988e5f59087c730afa107edbab31de441a88061ad799fefef86254a2f2891aa47420dd3f6267833a5345bf001d10c9f1fd121401ae846a9a5df517210cd0beb50a5139854aa1747115bca24522dae42667ef9ce893c4db108941198ed5323f582f11c4b13385f60b3038fa661f3ed276504fb51fb966ef88cbbb953c269ea2ed989ced5e8988839c55b398dbce98ce1e976c2065b2ded80f929dc6ef8afad6b61145686ce14e2d26f0694fda1e52a6c5155c0d8ea91544c76548a25376f13de7245b48e7298421d2c2433a472a8c89c3e621c5370654e1c7bba0f3d8bdf40c36cdbf02f6b5a7c4138b9e3931896fd89272b4d61a9875c00ba0d8d1bd960b9aaee3b6f127db1155680d7eefc5eaa6d4c648fca303706796bef110fbdb731d9e671f937e55ebf5d2e64f7cdcc073c905c134e8d3852689ed81c95be0c259816e7ff7b979557684aa1b6c2dd42754bda93e3e55c5ffc1122c988ca171fd57ab24ebe789e819c60ff3f9f1a9465ff4a9bdc5c2b2d9c351ffef5ab375f9024e297a26642b15108781fdf3c55d0aa9a8cb68ba93b7b13cd6d05b9b16502d7f9d72d015059e7999cc4ed880fd5ebf626ea409b9f0c4ded2974bb3daf88cc1930818dc3e09200897389211d3e780faa0acd64e37c60924a3fd0a16a7146a41b1b01e43fecf610c7d11d42baac5a60db7638077162cd58b3f734070e81ee71c5092422eaac366b41dd996723124df9005cbae4e2ec47f8a06616bd7faa5da6c0200c872c2ef929a16c823c57f2d4f798061e49102cab3af65a5cc9f8856dc5d3c0de1440c4d8df50a7ec09491d2e651ee5f5a76b8fc2d20a07def1a8951b9770f85728b42cd9dafce7c341c26a90b7d1c2e36f03f74eda3bfb2c40eec5c454c38e90f4d31e6a0f23b2ad53a429f73761713181b7839792cc494f21c5be9dd7f167a6681720ccd3cfcdd4b427058b995505a82993805a1860d5ea75e61c216ec9594adfd39cab47511578d57e312f2f3e0d2da8f2d8dbe3fc1fd281bdd8e7dbd203e4ec3e7d3b468ad2b81a76c5bac460f497e3cdb6bf0c6be5ceae4bd488b9597b13a37885b95426d8ea06760516ec13aa339084407d1f45e331e5dd77ac73306f70996728a0d67b48a833e9a3ddf22968e898b59e4b4c9a16aa9ea8120202737746e1a5ec2cca9640d69df2b27900de7abe573b7c023a88d7f3fcc3469a3a4e7f9f9095a6fed55fbb1d3582807407e62b55a38d33e70a0203513f30d37a4e6f03acd9d0fd2f3438eb485aa5e693806c002efd0811ab92518c41856039d7f36cf9981981231b3cea3493f0e8988bd05d3d424a5bfc8d1cdfd0e09e3ce12cab6edfb7f6d80c1edbb4d1d51a1500b0876e13e5173bfeba378c71046e70b590cf542094d01f458a3cec642fb1ce13a992765eca608579e85f03e7d871dbdbd882ce4821a944179e48a920d346ae21b08ee043cbbf3284c3a67d9b9417a5fed1202ca537f7711650f692df044f145587467dfdd45405d7caeb064bfa12b52057e90d2b5d2885bbaf032db769654af272dd78bb8ec8446344d0c1ca57d51fe1243e0a02ada90371e75418223f171f014f9a970964828cdd9faf3b66789cefd0374437f2a271c2765d9876943fb93205cb12448d4cccf68c28259e85a540e013ac77414a147fb1e0f0fc4a4d859a928eaef6e952a103a944052534c9264c85f4200cc8b465f66725c779f49312a308dda8fe7e423ebbee16e64ad6e112b3efd95584160f08c83595fdddfa39c4b89867fcf23085a24c53a6d846863b95f5605beb9b0a1cc6d191524da81ce89c0f7767652d887661b5299e300f2e83a6c962cf9089d82b139f4bedcc14bbf6611258d52e1f3d5a5e3ac05cfa4d066550b2180c31695a52da12c1412e55cdbe6660d86fe4c8eda51f2adf34b81af8ec55b549c3bbcc588c5f074e0dc76bb9bbd0cdea26dd47d84d9321f970912d374a081c9ebb74700a0792dbbb2da41ae7e3aa5230bdd260bd208b68100dc2f7bf2132d7cb34084e999b6ee2b91356ce766523a80359147af20fa15febc42b89d43e4a48d13cb8ed6678f346aa981954e0520ea8cd0a0c16281e57f33a5e3fd97d55d24386832c17f22b1c1fb91d5b1f362f3bc8aa8369c18444fc10e9d1285f6a3bcf24e2606b69fbd89f337f7ee3c27b1a2c7e8dec2c38c84c6712de1e7f1d790d86d8e0a402c40d406d39c13879f4d103adcbca13570eadcd424f8e06155885b054e1d7f994723fd22a6d704a89e6b126271ec5c19ea7b814c36f9ca9a0223da630324ca0f2a3010f4e53426d8d514bcc3303e6fa429c00244b918c01a444f74dd376bccb5709ed103514484a67240c4b992c722601e27dee6ba8b37608ba66e2065f8298a6df8c0a491113bf10e0bf18867dda3e1170fa1853b355fdf41898de4a339927872e8d9fb8a4d1c31833ac1355695a20c75ff6dafb70244a3754cb58feee89045e3408da902a7987e6a66dad0f044951a560954ee812abe142e9a4db701bdc46fabb0b98b4be01dadd629cffc661a3816744bcacdc38777494289ba156b272ade8f4ed3e32ce48958863b09bb09fb6999281164c0c5b50a77350d5f3c78d951fa76d1db68587e58bd40f824a68fd59c4ebd4f7e22e8e1458911012472b876ab15ca8c48ef664b1da41bd1ad9a5b799a1de8b2962c477f1726cbbe4f285a5c387842ac723b3877f5826503b68602c4bdaea94544b4b056142876d995d0db128a38f5c4547f12cf9d1cbc678cd42eebf67519484ab251855dbda09dd04ddc031860a69fd592fa1c12d59adc4699c246a666f6f6c20c1a21562f05f8db43ff424cea0d16789a6a69dc8552f4865bb3fac5b650b549432a0383c8f95c79084ca4841903f0c04319135f2bfc94ec8837374f0c1eccaacf8a0722d54b1a0e748a79e6c7ecdcdbfe376d080d9747a9a5a13cc7eb4111345216d1c787f05c992df3712d2a194ac325bb568abc6a97011bc62110ee12ba209d76f690ddb4e4b417f5b5db52ee7ad97159dfcf82b1c2a4eb5a97396fa24e52ba1c47330f7caca91b2965bac75dbcb86ac85a07b774dbf82be5fc92a8621e80973418d94a0bc10905a3815e04d1a668ea8cb5ffb293893b06bd372c75b477118b78dd69a04097ca8ff8f8fb21a5293d2fe6785e33d15d61008c4ca84121a8e48fabba3656250fba7e058ffc1705c7fa13509fc7c96fc9b16d0b21a26b11ebfc3325a2ca682bc014ec54dc8433af105ada5566f491d3ebe5e1e5f0859b28a576fb7978f2a1b4897890c1c9b0c1f4f8c7351ca738a6100c4f64092d865bc65a8b92007b117e5a4dd7988d3281aa2ccebb36f9af5032eeca2c8a72888c84346d3945507a6bb956b84f03d88a90bb9ecc466c7d94a3670783e11b312ecb4f9eb8489df8d129110b6bd710138476c8be75327e9ea6a0b94b8567b31692fee2d9c17d7e20d3d23cc4d317710537f608793e87d9158cd61a43306898da40d01b544fc951ccd13f11b4b8fbf47d694df601fd6677d796818571ee3125089316e3d33c5684affe9f29f12186bb5dc4c5eaee94e41d07a03c9c59db95bc42c23da55c497caa6a64c73ea3059a8c80955a9730666a0e02c3bf87cfb79542d84a529d7bf9c3ac60b323952fa439c2e5fd512c3bfe3770178b4e8d7efa223bd76830a6b8b604e15773d63d9fec504ea6561793723ff4f6fbdd016372e1a98a9252e8d1607512e5397c78498f68d3792ef7a28f74f4b15358afa5674d4340863a2897af87499bd073a06aef8215f76c9418f5b82b79b77f0a01dfc059b510794cda70b7daf2c74950652e"}) r0 = socket$kcm(0xa, 0x3, 0x3a) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x28503) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)='\x00\x00', 0x2}], 0x1, 0x0, 0x0, 0x900}, 0x60) mkdir(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x0) socket$packet(0x11, 0x2, 0x300) 47.920008ms ago: executing program 3 (id=1859): syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x2000000000000013, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xb8, &(0x7f0000000140)=""/184, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x0, 0x4e}, 0x28) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed50004"], 0x11) request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) socket$nl_route(0x10, 0x3, 0x0) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) 23.278979ms ago: executing program 2 (id=1860): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001000)={0x1f, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0x75}, @printk={@lx}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 0s ago: executing program 6 (id=1861): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100002500000000000000000000007600010025000000950000000000000018400000020000000000000000000000950000000000000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x807}, 0x94) kernel console output (not intermixed with test programs): been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 160.423568][ T5053] loop0: detected capacity change from 0 to 1156 [ 160.425917][ T4230] usb 3-1: USB disconnect, device number 2 [ 160.726315][ T5065] loop0: detected capacity change from 0 to 16 [ 160.738320][ T5065] erofs: (device loop0): mounted with root inode @ nid 36. [ 160.780070][ T4515] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 160.876016][ T4355] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 160.948407][ T5071] loop2: detected capacity change from 0 to 4096 [ 161.041392][ T4515] usb 5-1: Using ep0 maxpacket: 16 [ 161.205570][ T4515] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 161.239974][ T4515] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 161.240162][ T4355] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.265220][ T4515] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00 [ 161.284927][ T4515] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.310898][ T5077] loop2: detected capacity change from 0 to 4096 [ 161.315222][ T4355] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.328716][ T4515] usb 5-1: config 0 descriptor?? [ 161.358049][ T4355] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 161.398487][ T4355] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 161.434761][ T4355] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.459910][ T5077] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 161.470891][ T4355] usb 4-1: config 0 descriptor?? [ 161.494061][ T5077] UDF-fs: Scanning with blocksize 512 failed [ 161.532264][ T5077] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.758262][ T5081] loop1: detected capacity change from 0 to 256 [ 161.821500][ T5051] fuse: Bad value for 'fd' [ 161.840956][ T5081] FAT-fs (loop1): Directory bread(block 64) failed [ 161.869482][ T5081] FAT-fs (loop1): Directory bread(block 65) failed [ 161.886867][ T5081] FAT-fs (loop1): Directory bread(block 66) failed [ 161.900022][ T5081] FAT-fs (loop1): Directory bread(block 67) failed [ 161.923978][ T5081] FAT-fs (loop1): Directory bread(block 68) failed [ 161.930904][ T4515] usbhid 5-1:0.0: can't add hid device: -71 [ 161.936961][ T4515] usbhid: probe of 5-1:0.0 failed with error -71 [ 161.947111][ T5081] FAT-fs (loop1): Directory bread(block 69) failed [ 161.956286][ T4515] usb 5-1: USB disconnect, device number 5 [ 161.962527][ T5081] FAT-fs (loop1): Directory bread(block 70) failed [ 161.979144][ T5081] FAT-fs (loop1): Directory bread(block 71) failed [ 161.988416][ T5081] FAT-fs (loop1): Directory bread(block 72) failed [ 162.002020][ T5081] FAT-fs (loop1): Directory bread(block 73) failed [ 162.035870][ T5085] loop2: detected capacity change from 0 to 2048 [ 162.216200][ T5085] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,noinit_itable,i_version,init_itable,,errors=continue. Quota mode: none. [ 162.231598][ T4355] usbhid 4-1:0.0: can't add hid device: -71 [ 162.237652][ T4355] usbhid: probe of 4-1:0.0 failed with error -71 [ 162.259442][ T5085] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 162.276563][ T4355] usb 4-1: USB disconnect, device number 7 [ 162.435798][ T4268] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 162.593516][ T5109] loop2: detected capacity change from 0 to 2048 [ 162.653788][ T4974] loop2: p1 < > p3 p4 < > [ 162.658685][ T4974] loop2: partition table partially beyond EOD, truncated [ 162.674464][ T4974] loop2: p1 start 262144 is beyond EOD, truncated [ 162.684848][ T4974] loop2: p3 start 33554432 is beyond EOD, truncated [ 162.724862][ T5109] loop2: p1 < > p3 p4 < > [ 162.729452][ T5109] loop2: partition table partially beyond EOD, truncated [ 162.737708][ T5109] loop2: p1 start 262144 is beyond EOD, truncated [ 162.744918][ T5109] loop2: p3 start 33554432 is beyond EOD, truncated [ 162.830053][ T4268] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 162.861169][ T4268] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 162.892955][ T5105] loop4: detected capacity change from 0 to 32768 [ 162.945637][ T4974] udevd[4974]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 163.014778][ T5105] XFS (loop4): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 163.040076][ T4268] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 163.049593][ T4268] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.098899][ T4268] usb 1-1: Product: syz [ 163.119199][ T4268] usb 1-1: Manufacturer: syz [ 163.128867][ T4974] udevd[4974]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 163.150660][ T4268] usb 1-1: SerialNumber: syz [ 163.157206][ T4268] usb 1-1: config 0 descriptor?? [ 163.164214][ T5127] device syzkaller0 entered promiscuous mode [ 163.202660][ T4268] usb 1-1: 0:0 : invalid sync pipe. bmAttributes 00, bLength 9, bSynchAddress 00 [ 163.255830][ T4974] udevd[4974]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 163.404614][ T4195] XFS (loop4): Unmounting Filesystem [ 163.417930][ T5088] rdma_op ffff8880731579f0 conn xmit_rdma 0000000000000000 [ 163.542821][ T26] audit: type=1326 audit(1780953579.671:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5136 comm="syz.1.231" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff7f514ee59 code=0x0 [ 163.674002][ T4350] usb 1-1: USB disconnect, device number 3 [ 163.749810][ T4515] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 163.804725][ T5119] loop2: detected capacity change from 0 to 32768 [ 163.937651][ T5119] XFS (loop2): Mounting V5 Filesystem [ 164.041598][ T5119] XFS (loop2): Ending clean mount [ 164.078205][ T5119] XFS (loop2): User initiated shutdown received. [ 164.098921][ T5119] XFS (loop2): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:495). Shutting down filesystem. [ 164.126265][ T5119] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 164.169432][ T4191] XFS (loop2): Unmounting Filesystem [ 164.188267][ T4515] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 164.208154][ T4515] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 164.218644][ T4515] usb 4-1: config 1 interface 0 has no altsetting 0 [ 164.294402][ T5144] loop4: detected capacity change from 0 to 32768 [ 164.435540][ T5144] ERROR: (device loop4): diNewExt: no free extents [ 164.435540][ T5144] [ 164.632530][ T5144] ERROR: (device loop4): remounting filesystem as read-only [ 164.754143][ T5144] ialloc: diAlloc returned -5! [ 165.162402][ T4515] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 165.171803][ T4515] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.179883][ T4515] usb 4-1: Product: syz [ 165.184107][ T4515] usb 4-1: Manufacturer: syz [ 165.188746][ T4515] usb 4-1: SerialNumber: syz [ 165.260086][ T5135] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 165.276320][ T5135] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 165.509835][ T4350] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 165.783620][ T5159] 0x000000003c39-0x000000020000 : "" [ 165.889384][ T5159] ftl_cs: FTL header corrupt! [ 166.530044][ T4350] usb 1-1: unable to get BOS descriptor or descriptor too short [ 166.650711][ T4350] usb 1-1: not running at top speed; connect to a high speed hub [ 166.790364][ T4350] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 166.884497][ T4350] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 167.212180][ T4515] (unnamed net_device) (uninitialized): Assigned a random MAC address: da:c3:43:e8:aa:d7 [ 167.266408][ T5172] xt_TCPMSS: Only works on TCP SYN packets [ 167.284077][ T4515] rtl8150 4-1:1.0: eth1: rtl8150 is detected [ 167.294347][ T4350] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 167.320014][ T4515] usb 4-1: USB disconnect, device number 8 [ 167.343775][ T4350] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 167.364083][ T4350] usb 1-1: SerialNumber: syz [ 167.419153][ T5179] device syzkaller0 entered promiscuous mode [ 167.428611][ T5170] loop2: detected capacity change from 0 to 4096 [ 167.447365][ T4350] usb 1-1: bad CDC descriptors [ 167.517392][ T5184] netlink: 72 bytes leftover after parsing attributes in process `syz.1.242'. [ 167.893114][ T4350] usb 1-1: USB disconnect, device number 4 [ 168.357763][ T5170] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 46) do not match. Run ntfsfix or chkdsk. [ 168.375867][ T5170] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 168.537151][ T5187] loop4: detected capacity change from 0 to 4096 [ 168.543848][ T5170] ntfs: volume version 3.1. [ 168.655030][ T5195] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 169.054555][ T5197] loop0: detected capacity change from 0 to 40427 [ 169.061403][ T4268] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 169.068964][ T4350] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 169.150297][ T5197] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 169.158467][ T5197] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 169.171503][ T5197] F2FS-fs (loop0): invalid crc value [ 169.260102][ T5197] F2FS-fs (loop0): Found nat_bits in checkpoint [ 169.340555][ T5197] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 169.347932][ T5197] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 170.969897][ T4350] usb 3-1: device descriptor read/all, error -71 [ 170.990684][ T4268] usb 2-1: unable to get BOS descriptor or descriptor too short [ 171.977565][ T4268] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1088, setting to 1024 [ 172.042822][ T4268] usb 2-1: string descriptor 0 read error: -71 [ 172.049172][ T4268] usb 2-1: New USB device found, idVendor=194f, idProduct=010c, bcdDevice= 0.40 [ 172.061582][ T4268] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.091247][ T5228] loop2: detected capacity change from 0 to 132 [ 172.109995][ T4268] usb 2-1: can't set config #1, error -71 [ 172.121215][ T4268] usb 2-1: USB disconnect, device number 5 [ 174.452009][ T5252] loop1: detected capacity change from 0 to 32768 [ 174.542323][ T5226] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.587479][ T5252] JBD2: Ignoring recovery information on journal [ 174.607223][ T5226] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.699302][ T5252] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 174.840828][ T5252] kvm [5251]: vcpu0, guest rIP: 0xfff0 unimplemented HWCR wrmsr: 0x1 [ 174.998841][ T4192] ocfs2: Unmounting device (7,1) on (node local) [ 175.337198][ T5226] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.348493][ T5226] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.357599][ T5226] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.367465][ T5226] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.719943][ T5272] device hsr0 entered promiscuous mode [ 175.743421][ T5272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'. [ 175.765224][ T5272] device hsr_slave_0 left promiscuous mode [ 175.808796][ T5272] device hsr_slave_1 left promiscuous mode [ 175.818700][ T5264] loop4: detected capacity change from 0 to 4096 [ 175.875941][ T5264] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 175.890464][ T5272] device hsr0 left promiscuous mode [ 175.923485][ T5264] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 176.006351][ T5264] ntfs: volume version 3.1. [ 176.229052][ T5292] netlink: 12 bytes leftover after parsing attributes in process `syz.0.268'. [ 176.293608][ T5292] netlink: 12 bytes leftover after parsing attributes in process `syz.0.268'. [ 176.364383][ T5298] capability: warning: `syz.0.268' uses 32-bit capabilities (legacy support in use) [ 177.597013][ T5315] loop4: detected capacity change from 0 to 4096 [ 177.799247][ T5322] loop1: detected capacity change from 0 to 256 [ 177.825315][ T5324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.279'. [ 177.875394][ T5315] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 177.906235][ T5322] FAT-fs (loop1): Directory bread(block 64) failed [ 177.923901][ T5322] FAT-fs (loop1): Directory bread(block 65) failed [ 177.946591][ T5322] FAT-fs (loop1): Directory bread(block 66) failed [ 177.974652][ T5322] FAT-fs (loop1): Directory bread(block 67) failed [ 177.998286][ T5322] FAT-fs (loop1): Directory bread(block 68) failed [ 178.159787][ T5322] FAT-fs (loop1): Directory bread(block 69) failed [ 178.191384][ T5315] netlink: 'syz.4.275': attribute type 1 has an invalid length. [ 178.194050][ T5322] FAT-fs (loop1): Directory bread(block 70) failed [ 178.248263][ T5322] FAT-fs (loop1): Directory bread(block 71) failed [ 178.335420][ T5322] FAT-fs (loop1): Directory bread(block 72) failed [ 178.376414][ T5322] FAT-fs (loop1): Directory bread(block 73) failed [ 178.704942][ T4195] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 178.727532][ T5312] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.735064][ T5312] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.750295][ T5312] tipc: Resetting bearer [ 179.071791][ T5312] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.096528][ T5312] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.199457][ T5312] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.214482][ T5312] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.224128][ T5312] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.239135][ T5312] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.321458][ T5331] IPVS: Error connecting to the multicast addr [ 179.611364][ T5343] netlink: 344 bytes leftover after parsing attributes in process `syz.1.287'. [ 180.220695][ T5369] loop2: detected capacity change from 0 to 132 [ 180.275360][ T5371] loop4: detected capacity change from 0 to 132 [ 180.443437][ T5374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.296'. [ 180.733858][ T5375] delete_channel: no stack [ 180.799823][ T5387] netlink: 24 bytes leftover after parsing attributes in process `syz.1.302'. [ 180.828000][ T5385] device syzkaller0 entered promiscuous mode [ 180.872115][ T5387] netlink: 24 bytes leftover after parsing attributes in process `syz.1.302'. [ 180.940399][ T5388] netlink: 24 bytes leftover after parsing attributes in process `syz.1.302'. [ 181.045831][ T5390] netlink: 'syz.3.303': attribute type 1 has an invalid length. [ 181.095915][ T5396] loop1: detected capacity change from 0 to 256 [ 181.156993][ T5396] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 181.203625][ T5390] device bond1 entered promiscuous mode [ 181.209535][ T5390] 8021q: adding VLAN 0 to HW filter on device bond1 [ 181.241868][ T5396] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 181.300758][ T5396] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 181.336823][ T5396] UDF-fs: Scanning with blocksize 512 failed [ 181.355735][ T5396] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 181.424310][ T5396] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.745729][ T5404] loop1: detected capacity change from 0 to 1024 [ 181.822120][ T5404] EXT4-fs (loop1): Invalid want_extra_isize 127 [ 181.877791][ T5409] loop0: detected capacity change from 0 to 1156 [ 181.908428][ T5404] loop1: detected capacity change from 0 to 256 [ 181.946090][ T5404] FAT-fs (loop1): Unrecognized mount option "inode_readahead_blks=0x0000000001000000" or missing value [ 182.392226][ T5424] loop1: detected capacity change from 0 to 2048 [ 182.506282][ T5424] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.529478][ T5400] loop4: detected capacity change from 0 to 32768 [ 182.569992][ T5400] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.305 (5400) [ 182.647121][ T5400] BTRFS error (device loop4): unsupported checksum algorithm: 4 [ 182.676203][ T5427] device syzkaller0 entered promiscuous mode [ 182.704519][ T5400] BTRFS error (device loop4): open_ctree failed: -22 [ 182.782980][ T5400] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 182.793336][ T5054] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by udevd (5054) [ 183.081004][ T4263] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 183.279916][ T4263] usb 5-1: device descriptor read/64, error -71 [ 183.549897][ T4263] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 183.810117][ T4263] usb 5-1: device descriptor read/64, error -71 [ 183.960869][ T4263] usb usb5-port1: attempt power cycle [ 184.379952][ T4263] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 184.439760][ T4232] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 184.450152][ T4263] usb 5-1: device descriptor read/8, error -71 [ 184.709751][ T4232] usb 2-1: Using ep0 maxpacket: 16 [ 184.849987][ T4232] usb 2-1: config 1 has an invalid interface number: 105 but max is 0 [ 184.858368][ T4232] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.879922][ T4232] usb 2-1: config 1 has no interface number 0 [ 184.886128][ T4232] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 184.916764][ T4232] usb 2-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 184.944984][ T4232] usb 2-1: config 1 interface 105 has no altsetting 0 [ 185.139909][ T4232] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 185.163786][ T4232] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 185.195480][ T5449] loop2: detected capacity change from 0 to 32768 [ 185.202171][ T4232] usb 2-1: Product: syz [ 185.212521][ T5461] device syzkaller0 entered promiscuous mode [ 185.227006][ T4232] usb 2-1: Manufacturer: syz [ 185.232436][ T4232] usb 2-1: SerialNumber: syz [ 185.265593][ T5444] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 185.386885][ T5451] netlink: 8 bytes leftover after parsing attributes in process `syz.3.322'. [ 185.425746][ T5449] XFS (loop2): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 185.512063][ T4232] aqc111: probe of 2-1:1.105 failed with error -22 [ 185.746958][ T5463] loop4: detected capacity change from 0 to 40427 [ 185.766707][ T5463] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 185.796399][ T5463] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 185.826034][ T5463] F2FS-fs (loop4): build fault injection attr: rate: 17008, type: 0x1ffff [ 185.857165][ T5463] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x1f8 [ 185.860084][ T4232] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 185.893965][ T4515] usb 2-1: USB disconnect, device number 6 [ 185.907337][ T5463] F2FS-fs (loop4): invalid crc value [ 185.956488][ T5463] F2FS-fs (loop4): Found nat_bits in checkpoint [ 186.088659][ T5484] binder: BC_ATTEMPT_ACQUIRE not supported [ 186.095952][ T5484] binder: 5482:5484 ioctl c0306201 2000000003c0 returned -22 [ 186.107199][ T5463] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 186.118140][ T5463] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 186.323850][ T4232] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 186.347663][ T4232] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 186.368875][ T4232] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 149, changing to 7 [ 187.305330][ T4191] XFS (loop2): Unmounting Filesystem [ 187.369894][ T4515] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 187.400072][ T4232] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.2c [ 187.410389][ T4232] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.418501][ T4232] usb 3-1: Product: syz [ 187.464610][ T4232] usb 3-1: can't set config #1, error -71 [ 187.486823][ T4232] usb 3-1: USB disconnect, device number 5 [ 187.542097][ T5506] loop1: detected capacity change from 0 to 8 [ 187.560843][ T5506] squashfs: Unknown parameter 'úøÔG”ñÁ°6JÔס‚á`©¤cøëí©jž|ÂXj˜ß¯5â;t°” j…A‹' [ 187.575934][ T5504] loop0: detected capacity change from 0 to 4096 [ 187.606440][ T5504] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 187.677661][ T5504] ntfs3: loop0: Failed to load $Extend. [ 187.795751][ T4515] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 187.814074][ T4515] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 187.819504][ T5509] loop1: detected capacity change from 0 to 1 [ 187.837323][ T4515] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 187.879860][ T4515] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 187.904593][ T4515] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.997014][ T4515] usb 5-1: invalid MIDI out EP 0 [ 188.053403][ T5513] loop1: detected capacity change from 0 to 132 [ 188.090051][ T4272] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 188.114259][ T4515] snd-usb-audio: probe of 5-1:27.0 failed with error -22 [ 188.204675][ T4353] usb 5-1: USB disconnect, device number 10 [ 188.224040][ T4981] udevd[4981]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 188.300108][ T4195] attempt to access beyond end of device [ 188.300108][ T4195] loop4: rw=524288, want=45072, limit=40427 [ 188.331200][ T4195] attempt to access beyond end of device [ 188.331200][ T4195] loop4: rw=0, want=45072, limit=40427 [ 188.349830][ T4272] usb 1-1: Using ep0 maxpacket: 16 [ 188.500101][ T4272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.525322][ T4272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.576073][ T4272] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 188.615544][ T4272] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 188.627112][ T9] attempt to access beyond end of device [ 188.627112][ T9] loop4: rw=2049, want=41088, limit=40427 [ 188.645392][ T4272] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.668387][ T4272] usb 1-1: config 0 descriptor?? [ 189.119112][ T5526] device syzkaller0 entered promiscuous mode [ 189.247170][ T4272] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0002/input/input5 [ 189.308028][ T4272] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 189.554907][ T4272] usb 1-1: USB disconnect, device number 5 [ 189.581073][ T5511] loop2: detected capacity change from 0 to 32768 [ 189.761602][ T5511] gfs2: fsid=syz:syz: Trying to join cluster "lock_dlm", "syz:syz" [ 189.785115][ T5511] dlm: no local IP address has been set [ 189.825261][ T5511] dlm: cannot start dlm midcomms -107 [ 189.832075][ T5511] gfs2: fsid=syz:syz: dlm_new_lockspace error -107 [ 190.456909][ T5558] FAULT_INJECTION: forcing a failure. [ 190.456909][ T5558] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 190.512909][ T5558] CPU: 1 PID: 5558 Comm: syz.3.356 Not tainted syzkaller #0 [ 190.520274][ T5558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 190.530376][ T5558] Call Trace: [ 190.533680][ T5558] [ 190.536638][ T5558] dump_stack_lvl+0x188/0x250 [ 190.541372][ T5558] ? show_regs_print_info+0x20/0x20 [ 190.546605][ T5558] ? load_image+0x400/0x400 [ 190.551149][ T5558] ? __lock_acquire+0x7d10/0x7d10 [ 190.556220][ T5558] should_fail+0x38c/0x4c0 [ 190.560678][ T5558] prepare_alloc_pages+0x1e4/0x5f0 [ 190.565853][ T5558] __alloc_pages+0x11b/0x480 [ 190.570483][ T5558] ? zone_statistics+0x170/0x170 [ 190.575453][ T5558] ? count_memcg_event_mm+0x324/0x370 [ 190.580860][ T5558] get_zeroed_page+0x13/0x30 [ 190.585483][ T5558] __pud_alloc+0x31/0x140 [ 190.589837][ T5558] ? handle_mm_fault+0x4c0/0x4410 [ 190.594892][ T5558] handle_mm_fault+0x2c0f/0x4410 [ 190.599882][ T5558] ? get_page+0xe0/0xe0 [ 190.604091][ T5558] ? vmacache_find+0x4e3/0x590 [ 190.608886][ T5558] ? vmacache_update+0xa0/0x100 [ 190.613799][ T5558] ? find_vma+0x1df/0x230 [ 190.618165][ T5558] do_user_addr_fault+0x489/0xc80 [ 190.623244][ T5558] exc_page_fault+0x60/0x100 [ 190.627880][ T5558] asm_exc_page_fault+0x22/0x30 [ 190.632781][ T5558] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 190.638558][ T5558] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 90 90 90 90 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca c3 90 90 90 90 90 90 48 bb f9 ef ff ff ff 7f [ 190.658248][ T5558] RSP: 0018:ffffc900048e7e80 EFLAGS: 00050297 [ 190.664365][ T5558] RAX: 0000000000000006 RBX: 00007fffffffeffd RCX: 0000200000002ec0 [ 190.672401][ T5558] RDX: 0000000000000000 RSI: ffffffff8a2b4420 RDI: ffffffff8a7a09c0 [ 190.680411][ T5558] RBP: 0000000000000006 R08: ffffffff8d8a06ef R09: 1ffffffff1b140dd [ 190.688416][ T5558] R10: dffffc0000000000 R11: fffffbfff1b140de R12: 0000000000000000 [ 190.696428][ T5558] R13: 0000200000002ec0 R14: 0000000000000015 R15: 0000000000000001 [ 190.704450][ T5558] __sys_socketpair+0xb4/0x540 [ 190.709270][ T5558] __x64_sys_socketpair+0x97/0xb0 [ 190.714328][ T5558] do_syscall_64+0x4c/0xa0 [ 190.718782][ T5558] ? clear_bhb_loop+0x30/0x80 [ 190.723522][ T5558] ? clear_bhb_loop+0x30/0x80 [ 190.728241][ T5558] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 190.734164][ T5558] RIP: 0033:0x7f0005424e59 [ 190.738609][ T5558] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 190.758331][ T5558] RSP: 002b:00007f000367e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 190.766785][ T5558] RAX: ffffffffffffffda RBX: 00007f000569dfa0 RCX: 00007f0005424e59 [ 190.774798][ T5558] RDX: 0000000000000008 RSI: 0000000000000001 RDI: 0000000000000015 [ 190.782804][ T5558] RBP: 00007f000367e090 R08: 0000000000000000 R09: 0000000000000000 [ 190.790809][ T5558] R10: 0000200000002ec0 R11: 0000000000000246 R12: 0000000000000001 [ 190.798813][ T5558] R13: 00007f000569e038 R14: 00007f000569dfa0 R15: 00007ffe2abc0478 [ 190.806841][ T5558] [ 190.809991][ C1] vkms_vblank_simulate: vblank timer overrun [ 191.107136][ T5535] chnl_net:caif_netlink_parms(): no params data found [ 191.179863][ T4272] Bluetooth: hci0: command 0x0406 tx timeout [ 191.193724][ T4272] Bluetooth: hci3: command 0x0406 tx timeout [ 191.232550][ T4272] Bluetooth: hci2: command 0x0406 tx timeout [ 191.254747][ T4272] Bluetooth: hci1: command 0x0406 tx timeout [ 191.338745][ T5535] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.378794][ T5535] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.407673][ T5535] device bridge_slave_0 entered promiscuous mode [ 191.589954][ T4272] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 191.798707][ T5535] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.816296][ T5535] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.844903][ T5535] device bridge_slave_1 entered promiscuous mode [ 191.884042][ T5588] loop2: detected capacity change from 0 to 132 [ 191.890398][ T4272] usb 1-1: Using ep0 maxpacket: 32 [ 191.934115][ T5535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.966076][ T5535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.975555][ T4515] Bluetooth: hci4: command 0x0409 tx timeout [ 192.034810][ T4272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 219, changing to 11 [ 192.066758][ T4272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 50507, setting to 1024 [ 192.173604][ T5595] loop2: detected capacity change from 0 to 1024 [ 192.230251][ T4272] usb 1-1: New USB device found, idVendor=25dd, idProduct=f3d2, bcdDevice=d2.37 [ 192.251153][ T4272] usb 1-1: New USB device strings: Mfr=84, Product=45, SerialNumber=0 [ 192.265439][ T4272] usb 1-1: Product: syz [ 192.277032][ T4272] usb 1-1: Manufacturer: syz [ 192.292366][ T4272] usb 1-1: config 0 descriptor?? [ 192.321215][ T5569] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 192.422655][ T5535] team0: Port device team_slave_0 added [ 192.430890][ T5535] team0: Port device team_slave_1 added [ 192.640806][ T5535] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.677587][ T5535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.771146][ T5535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.809944][ T4353] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 192.837934][ T5535] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.855991][ T4430] hfsplus: bad catalog file entry [ 192.889253][ T5535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.907144][ T4430] hfsplus: b-tree write err: -5, ino 3 [ 192.915239][ C1] vkms_vblank_simulate: vblank timer overrun [ 192.943827][ T4272] hid-generic 0003:25DD:F3D2.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz syz] on usb-dummy_hcd.0-1/input0 [ 192.979997][ T5535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.010063][ T4353] usb 4-1: device descriptor read/64, error -71 [ 193.087234][ T144] device veth5 left promiscuous mode [ 193.101753][ T144] bridge1: port 2(veth5) entered disabled state [ 193.147689][ T144] device veth3 left promiscuous mode [ 193.165276][ T144] bridge1: port 1(veth3) entered disabled state [ 193.197773][ T4232] usb 1-1: USB disconnect, device number 6 [ 193.278772][ T144] device hsr_slave_0 left promiscuous mode [ 193.290023][ T4353] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 193.300870][ T144] device hsr_slave_1 left promiscuous mode [ 193.308062][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 193.324946][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 193.333248][ T144] device bridge_slave_1 left promiscuous mode [ 193.339566][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.349070][ T144] device bridge_slave_0 left promiscuous mode [ 193.355681][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.489929][ T4353] usb 4-1: device descriptor read/64, error -71 [ 193.612188][ T4353] usb usb4-port1: attempt power cycle [ 193.619511][ T144] team0 (unregistering): Port device team_slave_1 removed [ 193.636498][ T144] team0 (unregistering): Port device team_slave_0 removed [ 193.658014][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.676017][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 193.959403][ T144] bond0 (unregistering): Released all slaves [ 194.019831][ T4353] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 194.059911][ T4232] Bluetooth: hci4: command 0x041b tx timeout [ 194.088662][ T5631] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 194.130029][ T4353] usb 4-1: device descriptor read/8, error -71 [ 194.139640][ T5632] kvm: pic: level sensitive irq not supported [ 194.155227][ T5632] kvm: pic: level sensitive irq not supported [ 194.197369][ T5535] device hsr_slave_0 entered promiscuous mode [ 194.212212][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.218555][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.267159][ T5535] device hsr_slave_1 entered promiscuous mode [ 194.287815][ T5535] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.320001][ T5535] Cannot create hsr debugfs directory [ 194.409947][ T4353] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 194.500162][ T4353] usb 4-1: device descriptor read/8, error -71 [ 194.559166][ T5647] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 194.630160][ T4353] usb usb4-port1: unable to enumerate USB device [ 194.891673][ T5535] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 194.927761][ T5535] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 194.973168][ T5535] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 195.023934][ T5535] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 195.379156][ T5535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.429021][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.448205][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.466819][ T5535] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.525454][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.542944][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.597427][ T4243] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.604807][ T4243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.686933][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.715797][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.769580][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.810281][ T4243] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.817401][ T4243] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.897561][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.918556][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.963117][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.989377][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.018652][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.053859][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.089067][ T5691] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 196.105114][ T5691] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 196.135305][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.150643][ T4272] Bluetooth: hci4: command 0x040f tx timeout [ 196.181405][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.222352][ T5698] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 196.236433][ T5535] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.274582][ T5535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.319955][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.330956][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.390327][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.756803][ T5725] tipc: Started in network mode [ 196.780268][ T5725] tipc: Node identity 0646708dcb11, cluster identity 4711 [ 196.787711][ T5725] tipc: Enabled bearer , priority 0 [ 197.080780][ T5724] tipc: Resetting bearer [ 197.201841][ T5736] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 197.237699][ T5724] tipc: Disabling bearer [ 197.240063][ T5736] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 197.337798][ T4378] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 197.355708][ T4378] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 197.405651][ T5535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.703022][ T5765] ªªªªªª: renamed from vlan0 [ 197.832028][ T5764] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 198.219768][ T4272] Bluetooth: hci4: command 0x0419 tx timeout [ 198.499157][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 198.509135][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 198.551373][ T5535] device veth0_vlan entered promiscuous mode [ 198.619928][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 198.649088][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 198.709957][ T5535] device veth1_vlan entered promiscuous mode [ 198.748697][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 198.771795][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 198.812121][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 198.931789][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 198.951827][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 198.985626][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 199.064462][ T5535] device veth0_macvtap entered promiscuous mode [ 199.131206][ T5535] device veth1_macvtap entered promiscuous mode [ 199.207400][ T5535] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 199.244425][ T5535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 199.260565][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 199.290705][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 199.319522][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 199.350592][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 199.378552][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 199.426900][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 199.464119][ T5535] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.491947][ T5535] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.570166][ T5535] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.580459][ T5535] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.639999][ T4263] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 199.665253][ T5835] device syzkaller0 entered promiscuous mode [ 199.765201][ T5835] tipc: Started in network mode [ 199.792604][ T5835] tipc: Node identity 9668bf6cee14, cluster identity 4711 [ 199.824499][ T5835] tipc: Enabled bearer , priority 0 [ 199.879774][ T4263] usb 1-1: Using ep0 maxpacket: 8 [ 199.930534][ T4430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.938547][ T4430] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.970224][ T5834] tipc: Resetting bearer [ 199.999850][ T4263] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 200.018388][ T4263] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 200.048707][ T4263] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 200.069468][ T4263] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 200.092226][ T4263] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 200.112220][ T4263] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 200.125035][ T4263] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.161304][ T5834] tipc: Disabling bearer [ 200.197083][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 200.219618][ T4431] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.251629][ T4431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.272146][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 200.349763][ T4515] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 200.419881][ T4263] usb 1-1: usb_control_msg returned -32 [ 200.425548][ T4263] usbtmc 1-1:16.0: can't read capabilities [ 200.730087][ T4515] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.749243][ T4515] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.777105][ T4515] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 200.800953][ T4515] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.836184][ T4515] usb 3-1: config 0 descriptor?? [ 200.841487][ T4233] usb 6-1: new low-speed USB device number 2 using dummy_hcd [ 201.269945][ T4233] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 201.289806][ T4233] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 201.304093][ T4233] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 201.316337][ T4233] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 201.341722][ T4515] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 201.353761][ T4233] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.375484][ T4515] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 201.418966][ T4515] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0004/input/input6 [ 201.431678][ T5860] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 201.454938][ T4515] cm6533_jd 0003:0D8C:0022.0004: input,hiddev1,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 201.469601][ T4233] hub 6-1:1.0: bad descriptor, ignoring hub [ 201.479932][ T4233] hub: probe of 6-1:1.0 failed with error -5 [ 201.493534][ T4233] cdc_wdm 6-1:1.0: skipping garbage [ 201.499367][ T4233] cdc_wdm 6-1:1.0: skipping garbage [ 201.519198][ T4233] cdc_wdm 6-1:1.0: cdc-wdm2: USB WDM device [ 201.532347][ T4233] cdc_wdm 6-1:1.0: Unknown control protocol [ 201.567359][ T7] usb 3-1: USB disconnect, device number 6 [ 201.711920][ T5899] lo speed is unknown, defaulting to 1000 [ 201.731211][ T5899] lo speed is unknown, defaulting to 1000 [ 201.746287][ T5860] udc-core: couldn't find an available UDC or it's busy [ 201.757589][ T5860] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 201.791901][ T5897] fido_id[5897]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 201.830422][ T5899] lo speed is unknown, defaulting to 1000 [ 201.891936][ T5899] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 201.925726][ T4232] usb 6-1: USB disconnect, device number 2 [ 201.928079][ T5899] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 202.045176][ T5899] lo speed is unknown, defaulting to 1000 [ 202.065323][ T5899] lo speed is unknown, defaulting to 1000 [ 202.109119][ T5899] lo speed is unknown, defaulting to 1000 [ 202.139248][ T5899] lo speed is unknown, defaulting to 1000 [ 202.167486][ T5899] lo speed is unknown, defaulting to 1000 [ 202.372473][ T4232] usb 1-1: USB disconnect, device number 7 [ 202.649888][ T5923] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 202.657859][ T5923] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 203.137844][ T5939] netlink: 8 bytes leftover after parsing attributes in process `syz.5.440'. [ 203.209973][ T5939] device syzkaller0 entered promiscuous mode [ 203.548700][ T5955] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 203.575669][ T5955] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 203.690577][ T5968] 9pnet_virtio: no channels available for device syz [ 203.831423][ T5972] Bluetooth: hci0: service_discovery: too big uuid_count value 9005 [ 203.989997][ T4232] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 204.269854][ T4232] usb 1-1: Using ep0 maxpacket: 8 [ 204.290181][ T5982] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 204.314516][ T5982] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 204.400005][ T4353] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 204.440007][ T4232] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 204.455901][ T4232] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 204.485762][ T4232] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.559749][ T4232] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.580426][ T4232] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.619740][ T4232] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 204.648722][ T4232] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.659834][ T4353] usb 4-1: Using ep0 maxpacket: 8 [ 204.780205][ T4353] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 204.809280][ T4353] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 204.851313][ T4353] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.888835][ T4353] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.917240][ T4353] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.945366][ T4232] usb 1-1: usb_control_msg returned -32 [ 204.952553][ T4232] usbtmc 1-1:16.0: can't read capabilities [ 204.977560][ T4353] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 205.005870][ T4353] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.299879][ T4353] usb 4-1: usb_control_msg returned -32 [ 205.305709][ T4353] usbtmc 4-1:16.0: can't read capabilities [ 205.392382][ T6023] device syzkaller0 entered promiscuous mode [ 205.730050][ T6032] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 205.904531][ T4234] usb 1-1: USB disconnect, device number 8 [ 206.543442][ T6074] rdma_rxe: rxe_register_device failed with error -23 [ 206.567589][ T6074] rdma_rxe: failed to add veth1_to_hsr [ 206.682184][ T6083] 9pnet_virtio: no channels available for device syz [ 206.989486][ T6080] kvm [6078]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0 [ 206.996723][ T6080] kvm [6078]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0 [ 206.998458][ T6080] kvm [6078]: vcpu0, guest rIP: 0x1b8 ignored wrmsr: 0x11e data 0xbe702111 [ 207.145238][ T6099] netlink: 8 bytes leftover after parsing attributes in process `syz.2.491'. [ 207.164524][ T4234] usb 4-1: USB disconnect, device number 13 [ 207.164603][ T6099] device syzkaller0 entered promiscuous mode [ 207.249944][ T4233] Bluetooth: hci3: command 0x2016 tx timeout [ 207.629954][ T4234] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 207.871388][ T6124] input: syz1 as /devices/virtual/input/input7 [ 207.916980][ T6116] kvm: pic: single mode not supported [ 207.918201][ T6116] kvm: pic: level sensitive irq not supported [ 207.969527][ T26] audit: type=1326 audit(1780953624.091:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz.1.500" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff7f514ee59 code=0x0 [ 208.010136][ T4234] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 208.039363][ T4234] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 208.058425][ T4234] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 208.239970][ T4234] usb 4-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 208.258948][ T6133] sctp: [Deprecated]: syz.5.503 (pid 6133) Use of struct sctp_assoc_value in delayed_ack socket option. [ 208.258948][ T6133] Use struct sctp_sack_info instead [ 208.279568][ T4234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.300977][ T4234] usb 4-1: Product: syz [ 208.308367][ T4234] usb 4-1: Manufacturer: syz [ 208.323543][ T4234] usb 4-1: SerialNumber: syz [ 208.344178][ T6133] Bluetooth: hci0: invalid len left 7, exp >= 195 [ 208.363134][ T6136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.504'. [ 208.380704][ T4234] usb 4-1: config 0 descriptor?? [ 208.389502][ T6136] device syzkaller0 entered promiscuous mode [ 208.641275][ T4234] adutux 4-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 209.233602][ T6166] kvm: pic: single mode not supported [ 209.233910][ T6166] kvm: pic: non byte write [ 209.390393][ T6175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.517'. [ 209.412351][ T6175] device syzkaller0 entered promiscuous mode [ 209.721303][ T6183] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 209.744861][ T6183] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 210.008743][ T6203] device syzkaller0 entered promiscuous mode [ 210.265762][ T4263] usb 4-1: USB disconnect, device number 14 [ 210.490029][ T6213] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 210.491224][ T6213] @0Ù: renamed from bond_slave_1 [ 210.728851][ T4202] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 210.739248][ T4202] CPU: 0 PID: 4202 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 210.747798][ T4202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 210.757908][ T4202] Workqueue: hci1 hci_rx_work [ 210.762636][ T4202] Call Trace: [ 210.765940][ T4202] [ 210.768899][ T4202] dump_stack_lvl+0x188/0x250 [ 210.773796][ T4202] ? show_regs_print_info+0x20/0x20 [ 210.779051][ T4202] ? load_image+0x400/0x400 [ 210.783613][ T4202] sysfs_create_dir_ns+0x26a/0x290 [ 210.788773][ T4202] ? sysfs_warn_dup+0xa0/0xa0 [ 210.793494][ T4202] ? process_one_work+0x85f/0x1010 [ 210.798644][ T4202] ? do_raw_spin_unlock+0x11d/0x230 [ 210.803889][ T4202] kobject_add_internal+0x6e0/0xd90 [ 210.809129][ T4202] kobject_add+0x160/0x230 [ 210.813585][ T4202] ? kobject_init+0x1d0/0x1d0 [ 210.818305][ T4202] ? klist_children_get+0x50/0x50 [ 210.823362][ T4202] ? get_device_parent+0x121/0x3f0 [ 210.828509][ T4202] device_add+0x48c/0x1000 [ 210.832972][ T4202] hci_conn_add_sysfs+0xd1/0x1e0 [ 210.837964][ T4202] le_conn_complete_evt+0xc4b/0x15c0 [ 210.843307][ T4202] ? cs_le_create_conn+0x5e0/0x5e0 [ 210.848472][ T4202] ? __mutex_trylock_common+0x155/0x260 [ 210.854109][ T4202] hci_le_meta_evt+0x285/0x3cb0 [ 210.859269][ T4202] ? hci_event_packet+0x37e/0x1370 [ 210.864423][ T4202] ? __lock_acquire+0x7d10/0x7d10 [ 210.869507][ T4202] ? hci_remote_host_features_evt+0x290/0x290 [ 210.875613][ T4202] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 210.881283][ T4202] ? mark_lock+0x94/0x320 [ 210.885651][ T4202] ? mutex_unlock+0x10/0x10 [ 210.890202][ T4202] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 210.896233][ T4202] ? lock_chain_count+0x20/0x20 [ 210.901133][ T4202] ? __rwlock_init+0x140/0x140 [ 210.906050][ T4202] hci_event_packet+0xe4b/0x1370 [ 210.911032][ T4202] ? lockdep_hardirqs_on+0x94/0x140 [ 210.916280][ T4202] ? rcu_lock_release+0x20/0x20 [ 210.921179][ T4202] ? hci_send_to_monitor+0x9c/0x4a0 [ 210.926414][ T4202] hci_rx_work+0x255/0xa10 [ 210.930891][ T4202] process_one_work+0x85f/0x1010 [ 210.935897][ T4202] ? worker_detach_from_pool+0x240/0x240 [ 210.941576][ T4202] ? lockdep_hardirqs_off+0x70/0x100 [ 210.946904][ T4202] ? _raw_spin_lock_irq+0xb7/0xf0 [ 210.951936][ T4202] ? _raw_spin_lock_irqsave+0x100/0x100 [ 210.957493][ T4202] ? wq_worker_running+0x97/0x170 [ 210.962526][ T4202] worker_thread+0xaa6/0x1290 [ 210.967233][ T4202] ? lockdep_hardirqs_on+0x94/0x140 [ 210.972560][ T4202] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 210.978537][ T4202] kthread+0x436/0x520 [ 210.982632][ T4202] ? rcu_lock_release+0x20/0x20 [ 210.987493][ T4202] ? kthread_blkcg+0xd0/0xd0 [ 210.992104][ T4202] ret_from_fork+0x1f/0x30 [ 210.996538][ T4202] [ 210.999612][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.007818][ T4202] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 211.021169][ T4202] Bluetooth: hci1: failed to register connection device [ 211.299960][ T6228] netlink: 8 bytes leftover after parsing attributes in process `syz.2.531'. [ 211.340921][ T6228] device syzkaller0 entered promiscuous mode [ 211.411922][ T4263] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 211.679861][ T4263] usb 4-1: Using ep0 maxpacket: 32 [ 211.795194][ T6251] vcan0: tx drop: invalid sa for name 0xffffffffffffffff [ 211.803514][ T4263] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 211.819574][ T4263] usb 4-1: config 0 has no interfaces? [ 211.921199][ T6253] netlink: 28 bytes leftover after parsing attributes in process `syz.5.539'. [ 211.990155][ T4263] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 212.004958][ T4263] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.024833][ T4263] usb 4-1: Product: syz [ 212.034177][ T4263] usb 4-1: Manufacturer: syz [ 212.045693][ T4263] usb 4-1: SerialNumber: syz [ 212.074549][ T4263] usb 4-1: config 0 descriptor?? [ 212.653685][ T4234] usb 4-1: USB disconnect, device number 15 [ 212.742091][ T6271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.546'. [ 212.771125][ T6271] device syzkaller0 entered promiscuous mode [ 212.968554][ T6281] Cannot find add_set index 0 as target [ 213.170840][ T6288] netlink: 'syz.2.552': attribute type 5 has an invalid length. [ 213.214403][ T6288] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.223995][ T6288] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.232808][ T6288] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.241682][ T6288] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 213.345437][ T6288] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.354660][ T6288] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.363655][ T6288] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 213.372657][ T6288] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 214.424698][ T6307] binder_alloc: 6306: binder_alloc_buf size 16384 failed, no address space [ 214.500248][ T6307] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 214.874408][ T6317] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 214.993323][ T6317] kvm: pic: non byte read [ 215.021248][ T6317] kvm: pic: single mode not supported [ 215.023808][ T6317] kvm: pic: non byte read [ 215.072653][ T6317] kvm: pic: non byte read [ 215.524366][ T6341] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 215.575055][ T6341] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 216.216437][ T6369] 9pnet_virtio: no channels available for device syz [ 216.769485][ T4202] Bluetooth: Wrong link type (-22) [ 217.161566][ T6413] netlink: 8 bytes leftover after parsing attributes in process `syz.3.584'. [ 217.172714][ T7] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 217.186039][ T7] Bluetooth: hci2: Injecting HCI hardware error event [ 217.206888][ T4202] Bluetooth: hci2: hardware error 0x00 [ 217.870741][ T6430] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 217.880205][ T6439] 9pnet_virtio: no channels available for device syz [ 217.921319][ T6430] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 218.074491][ T6448] 9pnet_virtio: no channels available for device syz [ 218.314339][ T6457] netlink: 8 bytes leftover after parsing attributes in process `syz.2.596'. [ 218.457656][ T6461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 218.583896][ T6464] device syzkaller0 entered promiscuous mode [ 219.319499][ T6495] xt_hashlimit: size too large, truncated to 1048576 [ 219.624811][ T6497] netlink: 8 bytes leftover after parsing attributes in process `syz.2.609'. [ 219.901137][ T6525] device syzkaller0 entered promiscuous mode [ 220.835587][ T6552] user requested TSC rate below hardware speed [ 220.903931][ T6560] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1958477870 (3916955740 ns) > initial count (2199611658 ns). Using initial count to start timer. [ 221.024992][ T6552] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 221.067833][ T6552] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 221.407222][ T6579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.625'. [ 221.567390][ T6589] device syzkaller0 entered promiscuous mode [ 222.129904][ T4233] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 222.305746][ T6608] kvm [6605]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x7008 [ 222.305835][ T6608] kvm [6605]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0 [ 222.339504][ T6608] kvm [6605]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x7108 [ 222.370526][ T6608] kvm [6605]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0 [ 222.530311][ T4233] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 66, using maximum allowed: 30 [ 222.560359][ T4233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10 [ 222.599817][ T4233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 222.616834][ T4233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 222.653575][ T4233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 222.674166][ T4233] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 66 [ 222.750795][ T6622] kvm: emulating exchange as write [ 222.879770][ T4232] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 222.915844][ T4233] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 222.935325][ T4233] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.962907][ T4233] usb 6-1: Product: syz [ 222.968191][ T4233] usb 6-1: Manufacturer: syz [ 222.977483][ T4233] usb 6-1: SerialNumber: syz [ 223.003666][ T4233] usb 6-1: config 0 descriptor?? [ 223.040129][ T6601] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 223.271903][ T4233] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 223.320003][ T4232] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 223.341362][ T4232] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 223.380460][ T4232] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 223.390700][ T4232] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.440498][ T6619] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 223.704426][ T4353] usb 4-1: USB disconnect, device number 16 [ 224.469788][ T4232] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 224.870082][ T4232] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.891456][ T4232] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 224.929136][ T6691] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 224.942747][ T6691] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 225.100104][ T4232] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 225.127780][ T4232] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.146603][ T4232] usb 1-1: Product: syz [ 225.160843][ T4232] usb 1-1: Manufacturer: syz [ 225.165602][ T4232] usb 1-1: SerialNumber: syz [ 225.251117][ T4232] cdc_mbim 1-1:1.0: skipping garbage [ 225.452573][ T6670] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 225.511880][ T4233] usb 6-1: USB disconnect, device number 3 [ 225.631586][ T7] usb 3-1: new low-speed USB device number 7 using dummy_hcd [ 226.052710][ T7] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 226.061181][ T7] usb 3-1: config 0 has no interface number 0 [ 226.067477][ T7] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 226.079224][ T7] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 226.090624][ T7] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 226.100723][ T6670] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 226.107982][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.125364][ T7] usb 3-1: config 0 descriptor?? [ 226.139132][ T4232] cdc_mbim 1-1:1.0: setting tx_max = 16384 [ 226.149356][ T4232] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 226.170069][ T6709] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 226.192989][ T7] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 226.279640][ T4232] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 36:10:bc:e1:07:cc [ 226.391537][ T4353] usb 1-1: USB disconnect, device number 9 [ 226.398138][ T4353] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 226.425373][ T6709] cdc_mbim 1-1:1.0: Error submitting int urb - -19 [ 226.466755][ T4232] usb 3-1: USB disconnect, device number 7 [ 227.122482][ T6768] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 227.707902][ T6790] device syzkaller0 entered promiscuous mode [ 227.760442][ T6790] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 65487 [ 228.715314][ T6812] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.722771][ T6812] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.253988][ T6812] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.308133][ T6812] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.783910][ T6812] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.792966][ T6812] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.802709][ T6812] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.811754][ T6812] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.198849][ T6858] device veth0 entered promiscuous mode [ 230.217171][ T6858] device macvtap1 entered promiscuous mode [ 230.252258][ T6858] device macvtap2 entered promiscuous mode [ 230.332235][ T6857] device veth0 left promiscuous mode [ 231.524231][ T6838] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 231.681169][ T6881] netlink: 'syz.0.704': attribute type 1 has an invalid length. [ 231.854436][ T6881] 8021q: adding VLAN 0 to HW filter on device bond1 [ 231.882530][ T6893] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.914291][ T6893] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.923286][ T6893] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.932379][ T6893] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.953238][ T6893] bond1: (slave geneve2): making interface the new active one [ 231.964323][ T6893] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 231.974569][ T6899] IPVS: Unknown mcast interface: ry.events [ 231.996950][ T4378] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 232.753412][ T6939] device bond2 entered promiscuous mode [ 232.797091][ T6939] 8021q: adding VLAN 0 to HW filter on device bond2 [ 232.841883][ T6952] netlink: 24 bytes leftover after parsing attributes in process `syz.3.722'. [ 233.223848][ T6967] netlink: 8 bytes leftover after parsing attributes in process `syz.0.728'. [ 234.905934][ T7034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.742'. [ 235.569370][ T7051] : renamed from gretap0 [ 235.709839][ T7057] netlink: 'syz.3.748': attribute type 1 has an invalid length. [ 237.614645][ T7019] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 237.767511][ T7093] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 237.948729][ T7106] netlink: 20 bytes leftover after parsing attributes in process `syz.0.764'. [ 237.972775][ T7106] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 237.981676][ T7106] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 237.990498][ T7106] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 237.999259][ T7106] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 238.114521][ T7106] netlink: 20 bytes leftover after parsing attributes in process `syz.0.764'. [ 239.118717][ T7146] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 239.250060][ T7149] device syzkaller0 entered promiscuous mode [ 239.552100][ T7164] device syzkaller0 entered promiscuous mode [ 240.071050][ T7187] netlink: 8 bytes leftover after parsing attributes in process `syz.2.792'. [ 240.572269][ T7196] device syzkaller0 entered promiscuous mode [ 240.695384][ T7204] device syzkaller0 entered promiscuous mode [ 241.228797][ T7242] device syzkaller0 entered promiscuous mode [ 241.584679][ T7257] device syzkaller0 entered promiscuous mode [ 242.514335][ T7305] device syzkaller0 entered promiscuous mode [ 242.774459][ T7317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.834'. [ 242.806506][ T7317] netlink: 4 bytes leftover after parsing attributes in process `syz.2.834'. [ 242.861167][ T7317] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 242.870112][ T7317] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 242.879113][ T7317] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 242.888105][ T7317] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 242.893375][ T7324] tipc: Can't bind to reserved service type 0 [ 243.030410][ T7317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.834'. [ 243.070883][ T7317] netlink: 4 bytes leftover after parsing attributes in process `syz.2.834'. [ 243.816129][ T7354] device syzkaller0 entered promiscuous mode [ 244.192076][ T7374] device syzkaller0 entered promiscuous mode [ 244.577481][ T7392] device bridge_slave_1 left promiscuous mode [ 244.619139][ T7392] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.829326][ T7392] device bridge_slave_0 left promiscuous mode [ 244.916744][ T7392] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.994473][ T7384] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 245.537320][ T7434] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 245.691215][ T7439] team0: Device xfrm0 is of different type [ 246.205058][ T7468] device syzkaller1 entered promiscuous mode [ 246.328736][ T7469] device syzkaller0 entered promiscuous mode [ 247.077866][ T7511] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.126845][ T7511] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.550662][ T7529] device syzkaller0 entered promiscuous mode [ 248.080666][ T7565] netlink: 28 bytes leftover after parsing attributes in process `syz.3.902'. [ 248.147617][ T7569] netlink: 'syz.5.905': attribute type 2 has an invalid length. [ 248.165229][ T7569] netlink: 'syz.5.905': attribute type 1 has an invalid length. [ 248.227181][ T7575] device syzkaller0 entered promiscuous mode [ 248.797366][ T7594] device syzkaller0 entered promiscuous mode [ 250.927256][ T7559] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 251.449552][ T7625] device syzkaller0 entered promiscuous mode [ 251.589550][ T7630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.924'. [ 251.759249][ T7635] device syzkaller0 entered promiscuous mode [ 251.858448][ T7641] netlink: 'syz.0.928': attribute type 1 has an invalid length. [ 252.002122][ T7649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.930'. [ 252.052178][ T7649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.930'. [ 252.068810][ T7652] netlink: 48 bytes leftover after parsing attributes in process `syz.0.931'. [ 252.089112][ T7652] unsupported nla_type 7424 [ 252.102803][ T7649] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 252.111746][ T7649] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 252.120524][ T7649] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 252.129240][ T7649] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 252.214412][ T7649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.930'. [ 252.287731][ T7649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.930'. [ 253.001355][ T7681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.939'. [ 253.118658][ T7683] device syzkaller0 entered promiscuous mode [ 253.295641][ T7693] netlink: 'syz.5.945': attribute type 1 has an invalid length. [ 253.379769][ T7693] 8021q: adding VLAN 0 to HW filter on device bond1 [ 253.460997][ T7698] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.481066][ T7698] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.495232][ T7698] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.511671][ T7698] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.524282][ T7698] bond1: (slave geneve2): making interface the new active one [ 253.534264][ T7698] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 253.547788][ T7698] syz.5.945 (7698) used greatest stack depth: 19544 bytes left [ 253.553129][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 254.095709][ T7720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.953'. [ 254.160495][ T7609] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 254.609623][ T7732] device syzkaller0 entered promiscuous mode [ 254.822231][ T7739] netlink: 20 bytes leftover after parsing attributes in process `syz.1.961'. [ 254.884601][ T7739] device veth3 entered promiscuous mode [ 254.917661][ T7739] team0: Port device veth3 added [ 255.517860][ T7763] device syzkaller0 entered promiscuous mode [ 255.531220][ T7763] 0: reclassify loop, rule prio 0, protocol 800 [ 255.653383][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.659845][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.879376][ T7773] netlink: 24 bytes leftover after parsing attributes in process `syz.0.971'. [ 255.907765][ T7742] netlink: 'syz.5.962': attribute type 13 has an invalid length. [ 256.014791][ T7768] C: renamed from lo [ 256.026481][ T7768] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 256.345869][ T7783] device syzkaller0 entered promiscuous mode [ 257.538668][ T7831] netlink: 8 bytes leftover after parsing attributes in process `syz.5.989'. [ 257.560769][ T7831] netlink: 4 bytes leftover after parsing attributes in process `syz.5.989'. [ 257.576629][ T7831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.586658][ T7831] bond2: (slave bond0): making interface the new active one [ 257.595372][ T7831] bond2: (slave bond0): Enslaving as an active interface with an up link [ 257.604256][ T7837] netlink: 'syz.5.989': attribute type 4 has an invalid length. [ 257.612380][ T7837] netlink: 152 bytes leftover after parsing attributes in process `syz.5.989'. [ 257.626717][ T7837] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 258.205175][ T7849] device syzkaller0 entered promiscuous mode [ 258.895703][ T7857] device syzkaller0 entered promiscuous mode [ 260.022117][ T7812] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 260.233078][ T7869] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 260.338071][ T7869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.361225][ T7869] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.416414][ T7869] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 260.440738][ T7888] binder: 7887:7888 ioctl c0306201 0 returned -14 [ 261.009889][ T4356] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 261.128558][ T7911] device syzkaller0 entered promiscuous mode [ 261.269738][ T4356] usb 4-1: Using ep0 maxpacket: 16 [ 261.428123][ T7919] lo speed is unknown, defaulting to 1000 [ 261.440024][ T4356] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 261.479715][ T4356] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 261.720018][ T4356] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 261.739019][ T4356] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.761177][ T4356] usb 4-1: Product: syz [ 261.765434][ T4356] usb 4-1: Manufacturer: syz [ 261.792982][ T4356] usb 4-1: SerialNumber: syz [ 262.180113][ T4356] usb 4-1: 0:2 : does not exist [ 262.199617][ T4356] usb 4-1: USB disconnect, device number 17 [ 262.501721][ T4974] udevd[4974]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 262.541770][ T7946] device syzkaller0 entered promiscuous mode [ 262.862169][ T7956] lo speed is unknown, defaulting to 1000 [ 262.979728][ T4268] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 263.229985][ T4268] usb 6-1: Using ep0 maxpacket: 16 [ 263.371399][ T4268] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 263.406709][ T4268] usb 6-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 263.438426][ T4268] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.477696][ T4268] usb 6-1: config 0 descriptor?? [ 263.983689][ T4268] hid-led 0003:0FC5:B080.0005: unknown main item tag 0xd [ 264.004934][ T4268] hid-led 0003:0FC5:B080.0005: unknown main item tag 0x0 [ 264.026073][ T4268] hid-led 0003:0FC5:B080.0005: unknown main item tag 0x0 [ 264.043849][ T4268] hid-led 0003:0FC5:B080.0005: unknown main item tag 0x0 [ 264.067531][ T4268] hid-led 0003:0FC5:B080.0005: unknown main item tag 0x0 [ 264.109024][ T4268] hid-led 0003:0FC5:B080.0005: unknown main item tag 0x0 [ 264.137056][ T4268] hid-led 0003:0FC5:B080.0005: unknown main item tag 0x0 [ 264.449987][ T4268] hid-led: probe of 0003:0FC5:B080.0005 failed with error -71 [ 264.468875][ T7984] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 264.495240][ T4268] usb 6-1: USB disconnect, device number 4 [ 264.500270][ T7984] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 264.561624][ T7991] device syzkaller0 entered promiscuous mode [ 265.545723][ T8018] KVM: debugfs: duplicate directory 8018-4 [ 265.817938][ T8029] binder_alloc: 8028: binder_alloc_buf, no vma [ 265.938562][ T8032] device syzkaller0 entered promiscuous mode [ 265.979917][ T7] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 266.219910][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 266.339904][ T7] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 266.365934][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.405897][ T7] usb 1-1: config 0 descriptor?? [ 266.452792][ T8042] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 266.466556][ T7] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 266.475691][ T8042] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 266.679967][ T7] usb 1-1: Detected FT8U232AM [ 266.688746][ T7] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 266.809946][ T4232] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 266.883493][ T7] usb 1-1: USB disconnect, device number 10 [ 266.906574][ T7] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 266.920342][ T7] ftdi_sio 1-1:0.0: device disconnected [ 267.058062][ T4232] usb 6-1: Using ep0 maxpacket: 32 [ 267.179944][ T4232] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 267.192077][ T4232] usb 6-1: config 0 has no interface number 0 [ 267.364588][ T4232] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 267.378421][ T4232] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.406444][ T4232] usb 6-1: Product: syz [ 267.419497][ T4232] usb 6-1: Manufacturer: syz [ 267.435454][ T4232] usb 6-1: SerialNumber: syz [ 267.484411][ T4232] usb 6-1: config 0 descriptor?? [ 267.542866][ T4232] smsc95xx v2.0.0 [ 267.560710][ T8064] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 267.579766][ T8064] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 267.644786][ T8068] device syzkaller0 entered promiscuous mode [ 267.979938][ T4232] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 268.012599][ T4232] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 268.255374][ T8095] device syzkaller1 entered promiscuous mode [ 268.325850][ T8093] lo speed is unknown, defaulting to 1000 [ 268.459832][ T8098] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 268.503810][ T8098] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 268.729995][ T4232] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -32 [ 268.745543][ T4232] smsc95xx: probe of 6-1:0.67 failed with error -32 [ 268.955226][ T8110] device syzkaller0 entered promiscuous mode [ 269.569731][ T4232] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 269.779351][ T4268] usb 6-1: USB disconnect, device number 5 [ 269.939908][ T4232] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.970911][ T4232] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.999824][ T4232] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 270.029425][ T4232] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.071010][ T4232] usb 3-1: config 0 descriptor?? [ 270.170419][ T8146] device syzkaller0 entered promiscuous mode [ 270.209902][ T7] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 270.552000][ T4232] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 270.579345][ T4232] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 270.587835][ T7] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 270.598398][ T4233] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 270.606136][ T4232] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 270.616241][ T7] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 270.629964][ T4232] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 270.647323][ T7] usb 2-1: config 1 has no interface number 0 [ 270.654213][ T4232] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 270.661495][ T7] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 270.679739][ T4232] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 270.686859][ T4232] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 270.696986][ T7] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 270.720026][ T7] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 270.729564][ T4232] pyra 0003:1E7D:2CF6.0006: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 270.749885][ T7] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 270.793148][ T4232] pyra 0003:1E7D:2CF6.0006: couldn't init struct pyra_device [ 270.805594][ T4232] pyra 0003:1E7D:2CF6.0006: couldn't install mouse [ 270.828230][ T4232] pyra: probe of 0003:1E7D:2CF6.0006 failed with error -32 [ 270.859723][ T4233] usb 1-1: Using ep0 maxpacket: 16 [ 270.930224][ T7] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=10.40 [ 270.960278][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.968337][ T7] usb 2-1: Product: syz [ 270.979908][ T4233] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 271.010422][ T4233] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 271.030207][ T7] usb 2-1: Manufacturer: syz [ 271.045094][ T7] usb 2-1: SerialNumber: syz [ 271.090060][ T8140] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 271.169986][ T4233] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 271.179109][ T4233] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.227990][ T4233] usb 1-1: Product: syz [ 271.238143][ T4233] usb 1-1: Manufacturer: syz [ 271.252668][ T4233] usb 1-1: SerialNumber: syz [ 271.539970][ T8140] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 271.610000][ T4233] usb 1-1: 0:2 : does not exist [ 271.635191][ T4233] usb 1-1: USB disconnect, device number 11 [ 271.791160][ T7] cdc_ncm 2-1:1.1: failed GET_NTB_PARAMETERS [ 271.797606][ T7] cdc_ncm 2-1:1.1: bind() failure [ 271.850844][ T7] usb 2-1: USB disconnect, device number 7 [ 271.894569][ T4974] udevd[4974]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 272.403448][ T8189] binder: BINDER_SET_CONTEXT_MGR already set [ 272.470232][ T8189] binder: 8187:8189 ioctl 4018620d 2000000002c0 returned -16 [ 272.562845][ T21] usb 3-1: USB disconnect, device number 8 [ 272.860822][ T8199] device syzkaller0 entered promiscuous mode [ 273.603293][ T26] audit: type=1326 audit(2000000011.210:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8219 comm="syz.1.1110" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff7f514ee59 code=0x0 [ 274.012567][ T8238] XFS (loop3): Unmounting Filesystem [ 274.079723][ T21] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 274.331115][ T21] usb 1-1: Using ep0 maxpacket: 32 [ 274.510115][ T21] usb 1-1: unable to get BOS descriptor or descriptor too short [ 274.594812][ T8246] device syzkaller0 entered promiscuous mode [ 274.610594][ T21] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 274.646146][ T21] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 274.879939][ T21] usb 1-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40 [ 274.889197][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.949907][ T21] usb 1-1: Product: syz [ 274.954129][ T21] usb 1-1: Manufacturer: syz [ 274.958745][ T21] usb 1-1: SerialNumber: syz [ 275.429953][ T21] usb 1-1: MIDIStreaming interface descriptor not found [ 275.491131][ T21] usb 1-1: USB disconnect, device number 12 [ 275.642325][ T8287] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1133'. [ 275.677433][ T26] audit: type=1804 audit(2000000013.280:9): pid=8285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1132" name="bus" dev="ramfs" ino=63286 res=1 errno=0 [ 275.709701][ T26] audit: type=1804 audit(2000000013.300:10): pid=8285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1132" name="bus" dev="ramfs" ino=63286 res=1 errno=0 [ 275.796466][ T5056] udevd[5056]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 277.136269][ T8339] device syzkaller0 entered promiscuous mode [ 277.249907][ T4228] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 277.659964][ T4228] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 277.678703][ T4228] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 277.698723][ T4228] usb 2-1: config 220 has no interface number 2 [ 277.705781][ T4228] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 277.720912][ T4228] usb 2-1: config 220 interface 0 has no altsetting 0 [ 277.727817][ T4228] usb 2-1: config 220 interface 76 has no altsetting 0 [ 277.735449][ T4228] usb 2-1: config 220 interface 1 has no altsetting 0 [ 277.920011][ T4228] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 277.937603][ T4228] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.956164][ T4228] usb 2-1: Product: syz [ 277.966311][ T4228] usb 2-1: Manufacturer: syz [ 277.976444][ T4228] usb 2-1: SerialNumber: syz [ 278.404328][ T4228] usb 2-1: selecting invalid altsetting 0 [ 278.414783][ T4228] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 278.442102][ T4228] usb 2-1: No valid video chain found. [ 278.526691][ T4228] usb 2-1: selecting invalid altsetting 0 [ 278.535449][ T4228] usbtest: probe of 2-1:220.1 failed with error -22 [ 278.564824][ T4228] usb 2-1: USB disconnect, device number 8 [ 278.594472][ T8387] device syzkaller0 entered promiscuous mode [ 279.319864][ T4228] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 279.599737][ T4228] usb 6-1: Using ep0 maxpacket: 16 [ 279.677674][ T8432] 9p: Unknown Cache mode = [ 279.749959][ T4228] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 279.767380][ T4228] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 279.970163][ T4228] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 279.999746][ T4228] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.030308][ T4228] usb 6-1: Product: syz [ 280.034543][ T4228] usb 6-1: Manufacturer: syz [ 280.063665][ T4228] usb 6-1: SerialNumber: syz [ 280.422820][ T4228] usb 6-1: 0:2 : does not exist [ 280.447783][ T4228] usb 6-1: USB disconnect, device number 6 [ 280.691457][ T4974] udevd[4974]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 281.459708][ T4515] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 281.829979][ T4515] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 281.850893][ T4515] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 281.869304][ T8513] tipc: Enabling of bearer rejected, failed to enable media [ 282.019973][ T4515] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.40 [ 282.033796][ T4515] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.054980][ T4515] usb 1-1: Product: syz [ 282.069978][ T4515] usb 1-1: Manufacturer: syz [ 282.087202][ T4515] usb 1-1: SerialNumber: syz [ 282.430255][ T9] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.546572][ T9] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.625400][ T4515] usb 1-1: cannot find UAC_HEADER [ 282.679461][ T9] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.683594][ T4515] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 282.758035][ T4515] usb 1-1: USB disconnect, device number 13 [ 282.812047][ T9] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.002171][ T4974] udevd[4974]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 283.158218][ T8548] lo speed is unknown, defaulting to 1000 [ 283.699739][ T7] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 283.784358][ T8548] chnl_net:caif_netlink_parms(): no params data found [ 284.069968][ T7] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 284.169275][ T8548] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.209939][ T7] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 284.215809][ T8548] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.221842][ T7] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 284.235977][ T7] usb 2-1: Product: syz [ 284.240767][ T7] usb 2-1: Manufacturer: syz [ 284.279470][ T8548] device bridge_slave_0 entered promiscuous mode [ 284.301102][ T7] hub 2-1:4.0: bad descriptor, ignoring hub [ 284.322505][ T7] hub: probe of 2-1:4.0 failed with error -5 [ 284.328677][ T8548] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.361755][ T8548] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.394279][ T8548] device bridge_slave_1 entered promiscuous mode [ 284.524897][ T8548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.711253][ T9] device hsr_slave_0 left promiscuous mode [ 284.721881][ T9] device hsr_slave_1 left promiscuous mode [ 284.741954][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.760411][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.778909][ T9] device bridge_slave_1 left promiscuous mode [ 284.795649][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.808594][ T9] device bridge_slave_0 left promiscuous mode [ 284.816087][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.849985][ T7] usb 2-1: USB disconnect, device number 9 [ 284.911933][ T9] bond2 (unregistering): (slave bond0): Releasing backup interface [ 284.948851][ T9] bond2 (unregistering): Released all slaves [ 284.989227][ T9] bond1 (unregistering): (slave geneve2): Releasing active interface [ 285.009843][ T4515] Bluetooth: hci4: command 0x0409 tx timeout [ 285.028131][ T9] bond1 (unregistering): Released all slaves [ 285.225643][ T7] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 285.226957][ T8623] overlayfs: failed to clone upperpath [ 285.264620][ T8623] overlayfs: failed to clone upperpath [ 285.301342][ T9] team0 (unregistering): Port device team_slave_1 removed [ 285.336242][ T9] team0 (unregistering): Port device team_slave_0 removed [ 285.368388][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 285.410459][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 285.485104][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 285.510539][ T8629] KVM: debugfs: duplicate directory 8629-4 [ 285.589042][ T9] bond0 (unregistering): Released all slaves [ 285.610097][ T7] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 285.658388][ T8548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.751034][ T7] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 285.766903][ T7] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 285.776901][ T8548] team0: Port device team_slave_0 added [ 285.786101][ T7] usb 2-1: Product: syz [ 285.794649][ T7] usb 2-1: Manufacturer: syz [ 285.798629][ T8548] team0: Port device team_slave_1 added [ 285.850962][ T7] hub 2-1:4.0: bad descriptor, ignoring hub [ 285.872044][ T7] hub: probe of 2-1:4.0 failed with error -5 [ 285.917863][ T8548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.962805][ T8548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.016804][ T8639] kvm: pic: non byte read [ 286.040671][ T8548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 286.085567][ T8548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 286.123428][ T8548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.175863][ T8548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 286.203726][ T4233] usb 2-1: USB disconnect, device number 10 [ 286.308542][ T8548] device hsr_slave_0 entered promiscuous mode [ 286.323390][ T8548] device hsr_slave_1 entered promiscuous mode [ 286.338983][ T8548] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 286.378315][ T8548] Cannot create hsr debugfs directory [ 286.741453][ T8668] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 286.905433][ T8548] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 286.939836][ T4233] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 286.966105][ T8548] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 287.001430][ T8548] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 287.046263][ T8548] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 287.089886][ T4515] Bluetooth: hci4: command 0x041b tx timeout [ 287.320101][ T4233] usb 1-1: too many endpoints for config 0 interface 0 altsetting 254: 223, using maximum allowed: 30 [ 287.369783][ T4233] usb 1-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 223 [ 287.389330][ T8548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.414040][ T4233] usb 1-1: config 0 interface 0 has no altsetting 0 [ 287.436324][ T4233] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 287.466630][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 287.484068][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 287.493243][ T4233] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.526796][ T8548] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.537859][ T4233] usb 1-1: config 0 descriptor?? [ 287.561936][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 287.581080][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 287.613434][ T4431] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.620608][ T4431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.648985][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 287.724338][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 287.737048][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 287.772708][ T4430] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.779968][ T4430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.821032][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 287.856874][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 287.926878][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 287.952839][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 287.988679][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 288.037532][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 288.052186][ T4233] savu 0003:1E7D:2D5A.0007: unknown main item tag 0x2 [ 288.059124][ T4233] savu 0003:1E7D:2D5A.0007: unknown main item tag 0x0 [ 288.067311][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 288.076818][ T4233] savu 0003:1E7D:2D5A.0007: unknown main item tag 0x0 [ 288.097119][ T4233] savu 0003:1E7D:2D5A.0007: unknown global tag 0xd [ 288.123289][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 288.130229][ T4233] savu 0003:1E7D:2D5A.0007: item 0 0 1 13 parsing failed [ 288.138653][ T4233] savu 0003:1E7D:2D5A.0007: parse failed [ 288.158067][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 288.172881][ T4233] savu: probe of 0003:1E7D:2D5A.0007 failed with error -22 [ 288.200661][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 288.251438][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 288.282003][ T7] usb 1-1: USB disconnect, device number 14 [ 288.322001][ T8548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 288.573759][ T8741] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1267'. [ 288.808379][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 288.819935][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 288.886597][ T8548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.994199][ T8761] lo speed is unknown, defaulting to 1000 [ 289.169764][ T7] Bluetooth: hci4: command 0x040f tx timeout [ 289.704778][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 289.727263][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 289.815623][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 289.869575][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 289.893187][ T4228] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 289.925687][ T8548] device veth0_vlan entered promiscuous mode [ 289.936023][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 289.970410][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 290.015388][ T8548] device veth1_vlan entered promiscuous mode [ 290.123634][ T4378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 290.167229][ T4378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 290.208472][ T8548] device veth0_macvtap entered promiscuous mode [ 290.232245][ T8548] device veth1_macvtap entered promiscuous mode [ 290.315123][ T8548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 290.323520][ T4228] usb 2-1: config 0 has an invalid interface number: 199 but max is 1 [ 290.349705][ T4228] usb 2-1: config 0 has no interface number 1 [ 290.355959][ T4228] usb 2-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 290.379212][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 290.401316][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 290.409920][ T4228] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 290.444614][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 290.503114][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 290.520014][ T4228] usb 2-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 290.539440][ T4228] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 290.552861][ T8548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 290.573731][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 290.592851][ T4228] usb 2-1: SerialNumber: syz [ 290.608690][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 290.627785][ T4228] usb 2-1: config 0 descriptor?? [ 290.661134][ T8548] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.694385][ T8548] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.726246][ T8548] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.767272][ T8548] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.930756][ T4228] usb 2-1: Found UVC 0.00 device (0002:0000) [ 290.937710][ T4228] usb 2-1: No valid video chain found. [ 291.006917][ T4228] usb 2-1: USB disconnect, device number 11 [ 291.110788][ T4431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.118695][ T4431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.163646][ T4430] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 291.187830][ T4431] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.234185][ T4431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.250639][ T7] Bluetooth: hci4: command 0x0419 tx timeout [ 291.263166][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 292.116883][ T8901] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 292.147521][ T8901] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 292.168231][ T8889] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 292.188521][ T8889] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 292.290039][ T21] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 292.690107][ T21] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 292.710902][ T21] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 292.759745][ T21] usb 1-1: config 1 has no interface number 0 [ 292.780706][ T21] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 292.841992][ T21] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 292.894705][ T21] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 292.936492][ T21] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 293.159986][ T21] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=10.40 [ 293.189502][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.219994][ T21] usb 1-1: Product: syz [ 293.224290][ T21] usb 1-1: Manufacturer: syz [ 293.250895][ T21] usb 1-1: SerialNumber: syz [ 293.290058][ T8894] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 293.503364][ T8968] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 293.546363][ T4430] Bluetooth: hci5: Frame reassembly failed (-84) [ 293.736615][ T8894] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 294.434519][ T21] cdc_ncm 1-1:1.1: bind() failure [ 294.457750][ T21] usb 1-1: USB disconnect, device number 15 [ 295.580309][ T21] Bluetooth: hci5: command 0x1003 tx timeout [ 295.597044][ T4189] Bluetooth: hci5: sending frame failed (-49) [ 296.639710][ T4263] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 297.024450][ T4263] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.044253][ T4263] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.069741][ T4263] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 297.104671][ T4263] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 297.125071][ T4263] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.153176][ T4263] usb 7-1: config 0 descriptor?? [ 297.262163][ T9100] 1C@]: renamed from lo [ 297.662717][ T4263] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 297.681482][ T4263] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 297.717139][ T4263] Bluetooth: hci5: command 0x1001 tx timeout [ 297.727635][ T4189] Bluetooth: hci5: sending frame failed (-49) [ 298.981344][ C0] plantronics 0003:047F:FFFF.0008: usb_submit_urb(ctrl) failed: -1 [ 299.810992][ T4263] Bluetooth: hci5: command 0x1009 tx timeout [ 300.118219][ T4350] usb 7-1: USB disconnect, device number 2 [ 300.319801][ T4350] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 300.626704][ T9188] sctp: [Deprecated]: syz.0.1378 (pid 9188) Use of struct sctp_assoc_value in delayed_ack socket option. [ 300.626704][ T9188] Use struct sctp_sack_info instead [ 300.655817][ T9188] Bluetooth: hci0: invalid len left 7, exp >= 195 [ 300.730027][ T4350] usb 7-1: config 0 has an invalid interface number: 41 but max is 0 [ 300.741797][ T4350] usb 7-1: config 0 has no interface number 0 [ 300.756073][ T4350] usb 7-1: config 0 interface 41 has no altsetting 0 [ 300.959960][ T4350] usb 7-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 300.980122][ T4350] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.006600][ T4350] usb 7-1: Product: syz [ 301.011786][ T4350] usb 7-1: Manufacturer: syz [ 301.016508][ T4350] usb 7-1: SerialNumber: syz [ 301.037654][ T4350] usb 7-1: config 0 descriptor?? [ 301.969936][ T4350] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 302.227161][ T9229] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 302.235555][ T9229] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 302.469898][ T4350] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 302.485007][ T4350] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 302.503607][ T4350] CoreChips: probe of 7-1:0.41 failed with error -71 [ 302.556763][ T4350] usb 7-1: USB disconnect, device number 3 [ 303.328476][ T9277] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 303.338058][ T9277] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 304.299740][ T4232] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 304.423049][ T9326] kvm [9325]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0 [ 304.486131][ T9326] kvm [9325]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0 [ 304.531680][ T9326] kvm [9325]: vcpu0, guest rIP: 0x1b8 ignored wrmsr: 0x11e data 0xbe702111 [ 304.539826][ T4232] usb 3-1: Using ep0 maxpacket: 8 [ 304.661121][ T4232] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 304.681158][ T4232] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 304.707359][ T4232] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 304.735847][ T4232] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 304.773704][ T4232] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 304.806590][ T4232] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 304.833391][ T4232] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.124947][ T4232] usb 3-1: usb_control_msg returned -32 [ 305.131002][ T4232] usbtmc 3-1:16.0: can't read capabilities [ 305.520119][ T9365] kvm: pic: single mode not supported [ 305.520211][ T9365] kvm: pic: non byte write [ 305.890053][ T9390] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1432'. [ 305.901426][ T9387] vcan0: tx drop: invalid sa for name 0xffffffffffffffff [ 306.669728][ T4232] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 306.919704][ T4232] usb 2-1: Using ep0 maxpacket: 8 [ 307.039979][ T4232] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 307.074634][ T4232] usb 2-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 307.104055][ T4232] usb 2-1: config 0 interface 0 has no altsetting 0 [ 307.128281][ T4232] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 307.166487][ T4232] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.198288][ T7] usb 3-1: USB disconnect, device number 9 [ 307.211603][ T9454] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 307.213680][ T9454] @0Y: renamed from bond_slave_1 [ 307.258180][ T4232] usb 2-1: config 0 descriptor?? [ 307.816519][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 307.825087][ T9482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1449'. [ 307.828638][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 307.865751][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 307.887606][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 307.908815][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 307.928860][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 307.948685][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 307.990378][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 307.997556][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 308.055825][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 308.088570][ T4232] samsung 0003:0419:0600.0009: unknown main item tag 0x0 [ 308.109344][ T4232] samsung 0003:0419:0600.0009: item fetching failed at offset 24/40 [ 308.129172][ T4232] samsung 0003:0419:0600.0009: parse failed [ 308.136633][ T4232] samsung: probe of 0003:0419:0600.0009 failed with error -22 [ 308.162203][ T4202] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 308.172479][ T4202] CPU: 0 PID: 4202 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 308.180068][ T4202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 308.190197][ T4202] Workqueue: hci4 hci_rx_work [ 308.194934][ T4202] Call Trace: [ 308.198366][ T4202] [ 308.201330][ T4202] dump_stack_lvl+0x188/0x250 [ 308.206046][ T4202] ? show_regs_print_info+0x20/0x20 [ 308.211281][ T4202] ? load_image+0x400/0x400 [ 308.215833][ T4202] sysfs_create_dir_ns+0x26a/0x290 [ 308.220986][ T4202] ? sysfs_warn_dup+0xa0/0xa0 [ 308.225692][ T4202] ? process_one_work+0x85f/0x1010 [ 308.230875][ T4202] ? do_raw_spin_unlock+0x11d/0x230 [ 308.236115][ T4202] kobject_add_internal+0x6e0/0xd90 [ 308.241379][ T4202] kobject_add+0x160/0x230 [ 308.245842][ T4202] ? kobject_init+0x1d0/0x1d0 [ 308.250558][ T4202] ? klist_children_get+0x50/0x50 [ 308.255619][ T4202] ? get_device_parent+0x121/0x3f0 [ 308.260776][ T4202] device_add+0x48c/0x1000 [ 308.265241][ T4202] hci_conn_add_sysfs+0xd1/0x1e0 [ 308.270219][ T4202] le_conn_complete_evt+0xc4b/0x15c0 [ 308.275555][ T4202] ? cs_le_create_conn+0x5e0/0x5e0 [ 308.280709][ T4202] ? __mutex_trylock_common+0x155/0x260 [ 308.286306][ T4202] hci_le_meta_evt+0x285/0x3cb0 [ 308.291198][ T4202] ? hci_event_packet+0x37e/0x1370 [ 308.296343][ T4202] ? __lock_acquire+0x7d10/0x7d10 [ 308.301433][ T4202] ? hci_remote_host_features_evt+0x290/0x290 [ 308.307574][ T4202] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 308.313245][ T4202] ? mark_lock+0x94/0x320 [ 308.317617][ T4202] ? mutex_unlock+0x10/0x10 [ 308.322158][ T4202] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 308.328223][ T4202] ? lock_chain_count+0x20/0x20 [ 308.333111][ T4202] ? __rwlock_init+0x140/0x140 [ 308.337916][ T4202] hci_event_packet+0xe4b/0x1370 [ 308.342894][ T4202] ? lockdep_hardirqs_on+0x94/0x140 [ 308.348186][ T4202] ? rcu_lock_release+0x20/0x20 [ 308.353082][ T4202] ? hci_send_to_monitor+0x9c/0x4a0 [ 308.358322][ T4202] hci_rx_work+0x255/0xa10 [ 308.362791][ T4202] process_one_work+0x85f/0x1010 [ 308.367786][ T4202] ? worker_detach_from_pool+0x240/0x240 [ 308.373452][ T4202] ? lockdep_hardirqs_off+0x70/0x100 [ 308.378780][ T4202] ? _raw_spin_lock_irq+0xb7/0xf0 [ 308.383967][ T4202] ? _raw_spin_lock_irqsave+0x100/0x100 [ 308.389554][ T4202] ? wq_worker_running+0x97/0x170 [ 308.394635][ T4202] worker_thread+0xaa6/0x1290 [ 308.399366][ T4202] ? lockdep_hardirqs_on+0x94/0x140 [ 308.404610][ T4202] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 308.410556][ T4202] kthread+0x436/0x520 [ 308.414659][ T4202] ? rcu_lock_release+0x20/0x20 [ 308.419593][ T4202] ? kthread_blkcg+0xd0/0xd0 [ 308.424224][ T4202] ret_from_fork+0x1f/0x30 [ 308.428696][ T4202] [ 308.440077][ T4202] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 308.453666][ T4202] Bluetooth: hci4: failed to register connection device [ 308.912873][ T4232] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 309.159766][ T4232] usb 7-1: Using ep0 maxpacket: 8 [ 309.282548][ T4232] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 309.291074][ T4232] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 309.320405][ T4232] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 309.341916][ T4232] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 309.365542][ T4232] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 309.382864][ T9532] tipc: Cannot configure node identity twice [ 309.429520][ T4232] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 309.465233][ T4232] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.760086][ T4232] usb 7-1: usb_control_msg returned -32 [ 309.769814][ T4232] usbtmc 7-1:16.0: can't read capabilities [ 310.781088][ T9600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1477'. [ 311.681887][ T4263] usb 7-1: USB disconnect, device number 4 [ 312.469151][ T9646] device syzkaller0 entered promiscuous mode [ 313.445190][ T9681] tipc: Cannot configure node identity twice [ 313.854768][ T9689] udc-core: couldn't find an available UDC or it's busy [ 313.923000][ T9689] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 314.009105][ T9689] udc-core: couldn't find an available UDC or it's busy [ 314.048263][ T9689] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 314.126952][ T9696] device syzkaller0 entered promiscuous mode [ 314.505858][ T9701] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 314.544645][ T9701] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 314.609771][ T4263] Bluetooth: hci4: command 0x0406 tx timeout [ 314.855905][ T9705] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 314.875976][ T9705] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 315.219335][ T9721] netlink: 'syz.1.1516': attribute type 5 has an invalid length. [ 315.276157][ T9721] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 315.285258][ T9721] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 315.294048][ T9721] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 315.380634][ T9721] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.389814][ T9721] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.398741][ T9721] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.820222][ T4350] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 315.828707][ T4350] Bluetooth: hci4: Injecting HCI hardware error event [ 315.837911][ T9737] device syzkaller0 entered promiscuous mode [ 315.860518][ T4202] Bluetooth: hci4: hardware error 0x00 [ 317.093746][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.100176][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.976288][ T4431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.995281][ T4431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.021539][ T9816] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 318.022710][ T9812] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 318.050646][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 318.159002][ T9821] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 318.168070][ T9821] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 318.177274][ T9821] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 318.186274][ T9821] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 319.509141][ T9865] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 319.551098][ T9865] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 319.791902][ T9885] overlayfs: failed to clone upperpath [ 320.083786][ T9891] device syzkaller0 entered promiscuous mode [ 321.275442][ T9952] device syzkaller0 entered promiscuous mode [ 322.401611][ T9973] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 323.803971][T10062] device syzkaller0 entered promiscuous mode [ 324.046878][T10079] device veth0 entered promiscuous mode [ 324.126402][T10082] device macvtap1 entered promiscuous mode [ 324.144468][T10080] user requested TSC rate below hardware speed [ 324.209126][T10080] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1958477870 (3916955740 ns) > initial count (2199611658 ns). Using initial count to start timer. [ 324.222564][T10079] device macvtap2 entered promiscuous mode [ 324.346180][T10077] device veth0 left promiscuous mode [ 325.719890][T10144] device veth0 entered promiscuous mode [ 325.754746][T10144] device macvtap1 entered promiscuous mode [ 325.805605][T10144] device macvtap2 entered promiscuous mode [ 325.898850][T10143] device veth0 left promiscuous mode [ 326.307579][T10167] device syzkaller0 entered promiscuous mode [ 327.502432][T10208] udc-core: couldn't find an available UDC or it's busy [ 327.510009][T10208] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 328.265505][T10217] device syzkaller0 entered promiscuous mode [ 329.604008][T10184] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 331.213026][T10261] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 331.247782][T10261] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 331.479241][T10273] tc action pedit 'at' offset 46 out of bounds [ 331.596698][T10279] kvm [10274]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x7 [ 331.677980][T10279] kvm [10274]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x7 [ 331.743410][T10279] kvm [10274]: vcpu2, guest rIP: 0x9114 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0x1, nop [ 331.801706][T10279] kvm [10274]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0x187 data 0x1 [ 331.831982][T10279] kvm [10274]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0x186 data 0x1 [ 332.181310][T10304] device syzkaller0 entered promiscuous mode [ 333.495275][T10351] device syzkaller0 entered promiscuous mode [ 333.863117][T10366] kvm [10359]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x7008 [ 333.875493][T10366] kvm [10359]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0 [ 333.897158][T10366] kvm [10359]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x7108 [ 333.906393][T10366] kvm [10359]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0 [ 333.924544][T10366] kvm [10359]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x7108 [ 333.939236][T10366] kvm [10359]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0 [ 333.948650][ T144] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 334.680181][T10391] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1727'. [ 334.689241][T10391] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1727'. [ 336.784565][T10370] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 336.857294][T10401] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1731'. [ 336.883637][T10401] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1731'. [ 337.033925][T10413] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1736'. [ 337.108991][T10415] netlink: 'syz.1.1737': attribute type 29 has an invalid length. [ 337.145657][T10415] netlink: 'syz.1.1737': attribute type 29 has an invalid length. [ 337.185494][T10415] netlink: 'syz.1.1737': attribute type 29 has an invalid length. [ 337.196306][T10419] device syzkaller0 entered promiscuous mode [ 337.762744][T10452] device syzkaller0 entered promiscuous mode [ 339.833031][ C0] hrtimer: interrupt took 485354 ns [ 340.475425][T10531] device syzkaller0 entered promiscuous mode [ 341.225331][T10556] device bridge_slave_1 left promiscuous mode [ 341.257674][T10556] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.373612][T10556] device bridge_slave_0 left promiscuous mode [ 341.438434][T10556] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.324672][T10593] device syzkaller0 entered promiscuous mode [ 342.567216][T10603] device syzkaller0 entered promiscuous mode [ 342.612914][T10603] tipc: Started in network mode [ 342.631004][T10603] tipc: Node identity 5a825af713d1, cluster identity 4711 [ 342.700742][T10603] tipc: Enabled bearer , priority 0 [ 342.783265][T10601] tipc: Resetting bearer [ 342.835668][T10601] tipc: Disabling bearer [ 342.926034][T10613] device syzkaller0 entered promiscuous mode [ 344.526409][T10652] device syzkaller0 entered promiscuous mode [ 345.797190][T10673] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1821'. [ 345.969573][T10675] device syzkaller1 entered promiscuous mode [ 346.656728][T10688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1827'. [ 350.014645][T10691] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 350.312286][T10767] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1850'. [ 350.385745][T10764] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1850'. [ 350.435575][T10764] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1850'. [ 350.974815][T10781] ------------[ cut here ]------------ [ 351.025560][T10781] WARNING: CPU: 0 PID: 10781 at include/linux/fs.h:532 hugetlb_split+0x237/0x2a0 [ 351.047381][T10781] Modules linked in: [ 351.057505][T10781] CPU: 0 PID: 10781 Comm: syz.1.1857 Not tainted syzkaller #0 [ 351.120029][T10781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 351.170263][T10781] RIP: 0010:hugetlb_split+0x237/0x2a0 [ 351.226012][T10781] Code: bf ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7a e8 65 ad bf ff 0f 0b e9 62 fe ff ff e8 59 ad bf ff <0f> 0b e9 2d ff ff ff 48 c7 c1 84 3a 8a 8d 80 e1 07 80 c1 03 38 c1 [ 351.248065][T10781] RSP: 0018:ffffc9000332f938 EFLAGS: 00010283 [ 351.280989][T10781] RAX: ffffffff81b99b97 RBX: 0000200000c00000 RCX: 0000000000080000 [ 351.298730][T10781] RDX: ffffc900059d1000 RSI: 00000000000001b4 RDI: 00000000000001b5 [ 351.434648][T10781] RBP: 0000000000000000 R08: ffff88807c8746bf R09: 1ffff1100f90e8d7 [ 351.574201][T10781] R10: dffffc0000000000 R11: ffffed100f90e8d8 R12: ffff88807dd053b8 [ 351.704884][T10781] R13: dffffc0000000000 R14: ffff88807dd05318 R15: ffff88807670fd40 [ 351.776138][T10781] FS: 00007ff7f33a86c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 351.899487][T10781] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 351.913604][T10781] CR2: 00007fc9be0eac38 CR3: 0000000077375000 CR4: 00000000003506e0 [ 351.922142][T10781] Call Trace: [ 351.925598][T10781] [ 351.928642][T10781] __vma_adjust+0x2b6/0x1c10 [ 351.938807][T10781] __split_vma+0x34b/0x410 [ 351.943656][T10781] __do_munmap+0x3fe/0xdf0 [ 351.948261][T10781] mmap_region+0x8b4/0x1650 [ 351.957972][T10781] ? bpf_lsm_mmap_addr+0x5/0x10 [ 351.963556][T10781] do_mmap+0x819/0xe90 [ 351.967765][T10781] vm_mmap_pgoff+0x1c1/0x2d0 [ 351.979526][T10781] ? account_locked_vm+0xe0/0xe0 [ 351.984932][T10781] ksys_mmap_pgoff+0x5c3/0x790 [ 351.994923][T10781] ? mmap_region+0x1650/0x1650 [ 352.001971][T10781] ? lockdep_hardirqs_on+0x94/0x140 [ 352.007461][T10781] do_syscall_64+0x4c/0xa0 [ 352.019170][T10781] ? clear_bhb_loop+0x30/0x80 [ 352.024462][T10781] ? clear_bhb_loop+0x30/0x80 [ 352.029308][T10781] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 352.040494][T10781] RIP: 0033:0x7ff7f514ee59 [ 352.045030][T10781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 352.070440][T10781] RSP: 002b:00007ff7f33a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 352.079098][T10781] RAX: ffffffffffffffda RBX: 00007ff7f53c7fa0 RCX: 00007ff7f514ee59 [ 352.092730][T10781] RDX: 0000000000000000 RSI: 0000000000c00000 RDI: 0000200000000000 [ 352.102515][T10781] RBP: 00007ff7f51e4d6f R08: ffffffffffffffff R09: 0000000000000000 [ 352.116144][T10781] R10: 0000000000042072 R11: 0000000000000246 R12: 0000000000000000 [ 352.126630][T10781] R13: 00007ff7f53c8038 R14: 00007ff7f53c7fa0 R15: 00007ffe82a85958 [ 352.138868][T10781] [ 352.143496][T10781] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 352.150803][T10781] CPU: 1 PID: 10781 Comm: syz.1.1857 Not tainted syzkaller #0 [ 352.158295][T10781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 352.168368][T10781] Call Trace: [ 352.171664][T10781] [ 352.174614][T10781] dump_stack_lvl+0x188/0x250 [ 352.179357][T10781] ? show_regs_print_info+0x20/0x20 [ 352.184577][T10781] ? load_image+0x400/0x400 [ 352.189139][T10781] panic+0x2e5/0x810 [ 352.193119][T10781] ? bpf_jit_dump+0xd0/0xd0 [ 352.197666][T10781] ? hugetlb_split+0x237/0x2a0 [ 352.202505][T10781] __warn+0x248/0x2b0 [ 352.206515][T10781] ? hugetlb_split+0x237/0x2a0 [ 352.211300][T10781] report_bug+0x1b7/0x2e0 [ 352.215719][T10781] handle_bug+0x3a/0x70 [ 352.219900][T10781] exc_invalid_op+0x16/0x40 [ 352.224519][T10781] asm_exc_invalid_op+0x16/0x20 [ 352.229402][T10781] RIP: 0010:hugetlb_split+0x237/0x2a0 [ 352.234804][T10781] Code: bf ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7a e8 65 ad bf ff 0f 0b e9 62 fe ff ff e8 59 ad bf ff <0f> 0b e9 2d ff ff ff 48 c7 c1 84 3a 8a 8d 80 e1 07 80 c1 03 38 c1 [ 352.254441][T10781] RSP: 0018:ffffc9000332f938 EFLAGS: 00010283 [ 352.260538][T10781] RAX: ffffffff81b99b97 RBX: 0000200000c00000 RCX: 0000000000080000 [ 352.268537][T10781] RDX: ffffc900059d1000 RSI: 00000000000001b4 RDI: 00000000000001b5 [ 352.276536][T10781] RBP: 0000000000000000 R08: ffff88807c8746bf R09: 1ffff1100f90e8d7 [ 352.284625][T10781] R10: dffffc0000000000 R11: ffffed100f90e8d8 R12: ffff88807dd053b8 [ 352.292624][T10781] R13: dffffc0000000000 R14: ffff88807dd05318 R15: ffff88807670fd40 [ 352.300716][T10781] ? hugetlb_split+0x237/0x2a0 [ 352.305523][T10781] ? hugetlb_split+0x237/0x2a0 [ 352.310311][T10781] __vma_adjust+0x2b6/0x1c10 [ 352.314959][T10781] __split_vma+0x34b/0x410 [ 352.319411][T10781] __do_munmap+0x3fe/0xdf0 [ 352.323872][T10781] mmap_region+0x8b4/0x1650 [ 352.328413][T10781] ? bpf_lsm_mmap_addr+0x5/0x10 [ 352.333300][T10781] do_mmap+0x819/0xe90 [ 352.337410][T10781] vm_mmap_pgoff+0x1c1/0x2d0 [ 352.342032][T10781] ? account_locked_vm+0xe0/0xe0 [ 352.347021][T10781] ksys_mmap_pgoff+0x5c3/0x790 [ 352.351829][T10781] ? mmap_region+0x1650/0x1650 [ 352.356631][T10781] ? lockdep_hardirqs_on+0x94/0x140 [ 352.361869][T10781] do_syscall_64+0x4c/0xa0 [ 352.366313][T10781] ? clear_bhb_loop+0x30/0x80 [ 352.371014][T10781] ? clear_bhb_loop+0x30/0x80 [ 352.375720][T10781] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 352.381645][T10781] RIP: 0033:0x7ff7f514ee59 [ 352.386086][T10781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 352.405723][T10781] RSP: 002b:00007ff7f33a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 352.414192][T10781] RAX: ffffffffffffffda RBX: 00007ff7f53c7fa0 RCX: 00007ff7f514ee59 [ 352.422202][T10781] RDX: 0000000000000000 RSI: 0000000000c00000 RDI: 0000200000000000 [ 352.430213][T10781] RBP: 00007ff7f51e4d6f R08: ffffffffffffffff R09: 0000000000000000 [ 352.438211][T10781] R10: 0000000000042072 R11: 0000000000000246 R12: 0000000000000000 [ 352.446201][T10781] R13: 00007ff7f53c8038 R14: 00007ff7f53c7fa0 R15: 00007ffe82a85958 [ 352.454308][T10781] [ 352.457613][T10781] Kernel Offset: disabled [ 352.462392][T10781] Rebooting in 86400 seconds..