last executing test programs: 10m37.99529363s ago: executing program 3 (id=6054): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141042, 0x0) sendfile(r0, r0, 0x0, 0x9c44) fallocate(r0, 0x11, 0xffc, 0x6d8) 10m35.893711634s ago: executing program 3 (id=6061): socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6(0xa, 0x5, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6(0xa, 0x5, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0xfff2}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 10m35.676280538s ago: executing program 3 (id=6064): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) r4 = socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) 10m34.228739751s ago: executing program 3 (id=6068): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000002010102000000000000000002000000240002800c000280040001003a00000014000180080001007f000001080002"], 0x44}}, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) socket$tipc(0x1e, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) connect$tipc(r2, 0x0, 0x0) getsockopt$SO_J1939_PROMISC(r3, 0x6b, 0x2, 0x0, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000040)={0x2000003c, &(0x7f0000000280)}) bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r6, &(0x7f0000000040)=ANY=[], 0x6) 10m31.393586437s ago: executing program 3 (id=6073): syz_emit_ethernet(0x8a, &(0x7f0000000380)=ANY=[@ANYBLOB="0180c2000002bbbbbbbbbbbb8100010088fb4c240078006400000e1190787f0000"], 0x0) 10m30.544717911s ago: executing program 3 (id=6074): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) readv(r1, &(0x7f0000000140), 0x0) recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) 10m15.126465871s ago: executing program 32 (id=6074): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) readv(r1, &(0x7f0000000140), 0x0) recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) 8m54.291445305s ago: executing program 0 (id=6292): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = socket(0xa, 0x801, 0x0) getsockopt(r3, 0x0, 0x40, &(0x7f0000b3ffac)=""/84, &(0x7f00000000c0)=0x54) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYRES8=0x0], 0x1, 0x5514, &(0x7f000000b2c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ") 8m50.799692052s ago: executing program 0 (id=6295): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, 0x0, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x24008844, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r6}, 0x10) r7 = getpgid(0x0) r8 = syz_pidfd_open(r7, 0x0) r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) r10 = pidfd_getfd(r8, r9, 0x0) readlinkat(r10, &(0x7f0000000100)='\x00', &(0x7f0000000140)=""/189, 0xbd) 8m47.21593863s ago: executing program 0 (id=6300): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x2000018) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x14000, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="02000000040000"], 0x48) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x29, 0x0, 0x6f, 0x8, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, @local, 0x1, 0x40, 0x1000, 0x9}}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_open_dev$tty1(0xc, 0x4, 0x1) 8m45.640746336s ago: executing program 0 (id=6305): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, &(0x7f0000002cc0)=""/4104, 0x0, 0x1008, 0x1}, 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400"], 0x50) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x1fd, 0x0, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8m43.088828577s ago: executing program 0 (id=6312): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x14, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 8m40.773823524s ago: executing program 0 (id=6316): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd23}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x22) lgetxattr(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1e, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x5, 0xba, &(0x7f0000000300)=""/186, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000180), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000340)={[{@nodioread_nolock}, {@min_batch_time}, {@barrier_val={'barrier', 0x3d, 0x40}}, {@nodelalloc}]}, 0x5, 0x795, &(0x7f0000000cc0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTsmgRwY2g4kLQTdf+qDu3/tjqf+FCWqqmxYoLidyZO+20mUmTNjOj5vOBmznn3js553vP/XHunMtMAHvWRPonF3EoIt5NIsay+UlEDNVTgxEnGuvdXl8rplMSGxuv/pzU17m1vlaMlvekDmSZ/0fEN29FHM415g+3lFtdWZ0vlMulpSw/VVs4P1VdWT1ybqEwV5orLR6bnpk5evyZ48d2L9Zfv189eP29l578/MTvb/7v6jvfJnEiDmbLWuPYLRMxkW2ToXQT3uPF3S6sz5J+V4CHkh6aA42jPA7FWAzUUx2M9LJmAEC3bAAAe1CiDwAAe0zzc4Bb62vF5tTfTyR668YLEbG/EX9zfLOxZDAbs9tfHwcdvZXcMzKSRMT4LpQ/EREff/n6p+kUWTu0G0szvgbstkuXI+LM+MTm83+y6ZmFnXpqq4UbjadBJu6bvdeuP9BPX6X9n2fb9f9yd/o/0ab/M9zm2H0YDz7+c9d2oZiO0v7f8y3Ptt1uiT8zPpDl/lXv8w0lZ8+VS+m57d8RMRlDw2l+ur5q+17a5M0/bnYqv7X/98v7b3ySlp++3l0jd21w+N73zA7XCo8ad9ONyxGPDbaLP7nT/kmH/u+pbZbx8nNvf9RpWRp/Gm9z2hx/d21ciXiibfvfbctky+cTp+q7w1Rzp2jjix8+HO1Ufmv7p1NafvNeoBfS9h/dOv7xpPV5zerOy/juytjXnZY9OP42+3+hVtiXvFZP78vmXSzUakvTEfuSVzbPP3r3vc18c/00/snH2x//jWLb7//pPeGZbcY/eP2nzx4+/u5K45/dUfvvPHH19vxAp/K31/4z9dRkNidt/wfFtd0KPsq2AwAAAAAAAAAAAAAAAAAAAAAAAIDtykXEwUhy+TvpXC6fb/yG939jNFeuVGuHz1aWF2ej/lvZ4zGUa37V5VjL96FOZ9+H38wfvS//dET8JyI+GB6p5/PFSnm238EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOZAh9//T/043O/aAQBds7/fFQAAes71HwD2np1d/0e6Vg8AoHfc/wPA3rPt6/+Z7tYDAOgd9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02amTJ9Np47f1tWKan72wsjxfuXBktlSdzy8sF/PFytL5/FylMlcu5YuVhY7/6FLjpVypnJ+JxeWLU7VStTZVXVk9vVBZXqydPrdQmCudLg31LDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L7qyup8oVwuLUlsmRhJE4PZRvsL1KffiUEb4R+eaD1LjPTn5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwN/BnAAAA//+9uipa") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pselect6(0x40, &(0x7f0000000980)={0x7, 0xfa70, 0x4, 0x4, 0x0, 0x10000, 0x3, 0x5}, &(0x7f00000009c0)={0x8, 0x100000000, 0x0, 0x1, 0x3ff, 0x4, 0x4, 0x98}, &(0x7f0000000a00)={0xf, 0x0, 0x786, 0x7c1, 0xfffffffffffffff9, 0x9e3, 0x5}, &(0x7f0000000a40)={0x77359400}, &(0x7f0000000ac0)={&(0x7f0000000a80)={[0x10000]}, 0x8}) 8m25.355787376s ago: executing program 33 (id=6316): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd23}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x22) lgetxattr(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1e, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x5, 0xba, &(0x7f0000000300)=""/186, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000180), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000340)={[{@nodioread_nolock}, {@min_batch_time}, {@barrier_val={'barrier', 0x3d, 0x40}}, {@nodelalloc}]}, 0x5, 0x795, &(0x7f0000000cc0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTsmgRwY2g4kLQTdf+qDu3/tjqf+FCWqqmxYoLidyZO+20mUmTNjOj5vOBmznn3js553vP/XHunMtMAHvWRPonF3EoIt5NIsay+UlEDNVTgxEnGuvdXl8rplMSGxuv/pzU17m1vlaMlvekDmSZ/0fEN29FHM415g+3lFtdWZ0vlMulpSw/VVs4P1VdWT1ybqEwV5orLR6bnpk5evyZ48d2L9Zfv189eP29l578/MTvb/7v6jvfJnEiDmbLWuPYLRMxkW2ToXQT3uPF3S6sz5J+V4CHkh6aA42jPA7FWAzUUx2M9LJmAEC3bAAAe1CiDwAAe0zzc4Bb62vF5tTfTyR668YLEbG/EX9zfLOxZDAbs9tfHwcdvZXcMzKSRMT4LpQ/EREff/n6p+kUWTu0G0szvgbstkuXI+LM+MTm83+y6ZmFnXpqq4UbjadBJu6bvdeuP9BPX6X9n2fb9f9yd/o/0ab/M9zm2H0YDz7+c9d2oZiO0v7f8y3Ptt1uiT8zPpDl/lXv8w0lZ8+VS+m57d8RMRlDw2l+ur5q+17a5M0/bnYqv7X/98v7b3ySlp++3l0jd21w+N73zA7XCo8ad9ONyxGPDbaLP7nT/kmH/u+pbZbx8nNvf9RpWRp/Gm9z2hx/d21ciXiibfvfbctky+cTp+q7w1Rzp2jjix8+HO1Ufmv7p1NafvNeoBfS9h/dOv7xpPV5zerOy/juytjXnZY9OP42+3+hVtiXvFZP78vmXSzUakvTEfuSVzbPP3r3vc18c/00/snH2x//jWLb7//pPeGZbcY/eP2nzx4+/u5K45/dUfvvPHH19vxAp/K31/4z9dRkNidt/wfFtd0KPsq2AwAAAAAAAAAAAAAAAAAAAAAAAIDtykXEwUhy+TvpXC6fb/yG939jNFeuVGuHz1aWF2ej/lvZ4zGUa37V5VjL96FOZ9+H38wfvS//dET8JyI+GB6p5/PFSnm238EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOZAh9//T/043O/aAQBds7/fFQAAes71HwD2np1d/0e6Vg8AoHfc/wPA3rPt6/+Z7tYDAOgd9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02amTJ9Np47f1tWKan72wsjxfuXBktlSdzy8sF/PFytL5/FylMlcu5YuVhY7/6FLjpVypnJ+JxeWLU7VStTZVXVk9vVBZXqydPrdQmCudLg31LDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L7qyup8oVwuLUlsmRhJE4PZRvsL1KffiUEb4R+eaD1LjPTn5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwN/BnAAAA//+9uipa") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pselect6(0x40, &(0x7f0000000980)={0x7, 0xfa70, 0x4, 0x4, 0x0, 0x10000, 0x3, 0x5}, &(0x7f00000009c0)={0x8, 0x100000000, 0x0, 0x1, 0x3ff, 0x4, 0x4, 0x98}, &(0x7f0000000a00)={0xf, 0x0, 0x786, 0x7c1, 0xfffffffffffffff9, 0x9e3, 0x5}, &(0x7f0000000a40)={0x77359400}, &(0x7f0000000ac0)={&(0x7f0000000a80)={[0x10000]}, 0x8}) 14.491585115s ago: executing program 2 (id=7276): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0xf50f, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) r7 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108) r8 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 12.447714588s ago: executing program 2 (id=7279): socket$packet(0x11, 0x3, 0x300) r0 = socket(0x10, 0x3, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) finit_module(0xffffffffffffffff, 0x0, 0x2) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={'bond0\x00', {0x2, 0x4e22, @multicast1}}) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400", @ANYRES16=r5, @ANYBLOB], 0x14}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2040d0, &(0x7f0000000640), 0xfb, 0x4dd, &(0x7f0000001e80)="$eJzs3U9sFNUfAPDvbLst/360P378VJBIFY3EPwUKCgcT/yQmXjQmesCDh1oKQRZqaE2ENFINwYuJkng3Gj2YePHiwZMno55MvHjQuyESw0X0tGZmZ7fLdne7lG23pZ9PMuybmTf73ndmHjPz3u42gHVrJP0nidgSEb9GxFBEFBozjFRerl+bnfj72uxEEuXyS38m6Wbx17XZiWrWJH/dXJnpT18KF5N4qkm50+fOnxovlSbP5vP7Zk6/sW/63PlHT54ePzF5YvLM2JEjhw4eOPz42GNdifO/aV13vj21a8dzr1x+fuLo5dd++DKpq/R8HIWulBdRjLm6fdLogS6Vslr8py6d9LfN2q0dTBcMRmQNtZi1/6Hou7i1tm4onn235Yblcrm8QnUElkfajMdar54rA7exJHpdA6A3qhf69Pl3KGYn6p/n14OrT1cegNK4r+dT5aGnv/agWmx4vu2m2Yg4OvfPx+kUDf0pAADL4dv0/ueRyn1HdaqsKcQddfm2Zv3BGyqdxRGxLSL+l0Rsj4j/R2R574yIu26y/JGG+YX3P4UrNx9V59L7vyfysa3qlJdbzTLcl8+l94DDUUyOnyxN7s/3yd4oDqbzB5q+exLZIFD8/EGr8kfq7v/SKS2/ei+YGcynOsfGZ8ZvPfKKq+9E7OxvFn9SPdTZGNaOiNi5xDJOPvTFrsj6GqtL+mrrFo0/NdfijduPM3Wk/EnEg5XjPxcN8Vcl9eOTu+PG8ck/0lhKk/v3Vc+KhX786dKLrcrvKP5llB7/TU3P/1r8w0n9eO30grcoLlbGpd/ea/lMMxLxZLSNv3Clv8n5P5C8nKUH8mVvjc/MnD0wPz+/vH/mbF0Hd5ZvbD5/Gv/ePc3b/7aY3xN315V/T0Tszo/dvRFxX0TsaRP/98/c/3qb+Jdy/Dcssr5jX33e92o2Ft3J8a8eh8qJUDsj8kS6y081W9V36rtvWpW/ePzp8T+UpfbmSzr5/69ZBZsllrjbAAAAYE0pRMSWSAqjtXShMDpa+Qz/9thUKE1Nzzx8fOrNM8cq3xEYjmKh2tM1lM9H3v85XJnPnr7H8m6hC1EciIjJg/ln8D/q25j1n45OTJWO9Tp4WOc2t2j/qd/7el07YNl1YRwNWKPatf9PD69gRYAV19H1f3DJWwKr2IJWfOOvVvjBBriNuYrD+tWs/V/oQT2Aldf6+j/p1gBuc7VG/mEHmQfmk41f3gTWHhd5WL8Wb/8vLNfvXwG909GX5FdVIkluWBKfRbTfKll6WRt6t3/e7/V+XiwRhVVRjSUnxm9t88HuV2xj3iZb5env+FctzpUvjJdKv3x9K/Vp88crAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1pB/AwAA//9oid3y") 10.604975828s ago: executing program 2 (id=7282): r0 = socket$packet(0x11, 0xa, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000894) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000180)=0xa, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88b81, 0x0) getpeername$packet(r0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000004080)=ANY=[@ANYBLOB="02000000040000000400000022bf000080040000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) mmap(&(0x7f0000f9f000/0x4000)=nil, 0x4000, 0x0, 0x13, r5, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) 9.21111507s ago: executing program 1 (id=7286): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0xf50f, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) r7 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108) r8 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 7.846526412s ago: executing program 1 (id=7288): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, 0x0, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x24008844, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r6}, 0x10) r7 = getpgid(0x0) r8 = syz_pidfd_open(r7, 0x0) r9 = pidfd_getfd(r8, 0xffffffffffffffff, 0x0) readlinkat(r9, &(0x7f0000000100)='\x00', &(0x7f0000000140)=""/189, 0xbd) 6.900632387s ago: executing program 2 (id=7290): prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000240)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000950000000000000057c9fbee"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x0, 0x0}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x190, 0x168, 0x10, 0x388, 0xb, 0x388, 0x250, 0x250, 0x388, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [0xff6a], [0xff], 'ip6gretap0\x00', 'veth1_to_hsr\x00', {}, {0xff}, 0x3a, 0xb6, 0x0, 0x20}, 0x6000000, 0x128, 0x190, 0x0, {0x0, 0x28e}, [@inet=@rpfilter={{0x28}, {0x1}}, @common=@inet=@hashlimit1={{0x58}, {'netdevsim0\x00', {0x0, 0x0, 0x3ff, 0x1, 0xfffffffc, 0x10000, 0x80000001}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x10000, '\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x1f8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:usb_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) timerfd_gettime(0xffffffffffffffff, 0x0) 6.543710684s ago: executing program 5 (id=7291): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x18) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20) 6.481224984s ago: executing program 4 (id=7292): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000400000006000000010000", @ANYRES32, @ANYBLOB="0002"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 6.451881045s ago: executing program 5 (id=7293): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, 0x0, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x24008844, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r6}, 0x10) r7 = getpgid(0x0) r8 = syz_pidfd_open(r7, 0x0) r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) r10 = pidfd_getfd(r8, r9, 0x0) readlinkat(r10, &(0x7f0000000100)='\x00', &(0x7f0000000140)=""/189, 0xbd) 6.431840935s ago: executing program 1 (id=7294): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000280)=@caif=@dgm={0x25, 0x9, 0x9}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000500)="62042700ffff00000000002f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186ce", 0x44}], 0x1}, 0x4008000) 5.223566375s ago: executing program 4 (id=7295): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = inotify_init() inotify_add_watch(r0, 0x0, 0x2000018) bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[], 0x48) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'syztnl1\x00', 0x0}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRES16, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.199532835s ago: executing program 1 (id=7296): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb0100180000000000000060000000600000000700000005000000030000130c00000008000000040000000900000008000000d0290000080000000d00000007000000080000000000000000000003000000000200000002000000030000000e0000000000000af8000000080000000000000a0100000000613e302e0000"], &(0x7f0000001200)=""/4096, 0x7f, 0x1000, 0x0, 0x4b, 0x10000}, 0x28) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x15, 0x1d, &(0x7f0000000580)=ANY=[@ANYBLOB="1000000000000000000000000101000026110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000b90900000000000055090100000008009500000000000000183700000400000000000000000400000000000000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000008510000004000000185400000a000000000000000000000085200000010000000869040003000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x2b, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095", @ANYBLOB="3b2b36a210a7827610208c8c3095fe61197afc664245d24d127a62c0cac9034fd5d6ee73ff2b3853a3bf0b65ec3f9eae259b4fb17e5e47e6e0089fc9c468d087eca8a9bb1feefed702ec9694d53eef8dddc06e41df"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_THREAD_EXIT(r6, 0x40046208, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) r8 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmsg(r8, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010300000000030000f11c000000180001801400020076657468305f766c616e"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) 3.995251115s ago: executing program 2 (id=7297): syz_usb_connect(0x0, 0x24, 0x0, 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) r6 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108) r7 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 3.317387126s ago: executing program 4 (id=7298): sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0xffffffffffffffbc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) close(0xffffffffffffffff) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r3 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x0) sendmmsg$unix(r3, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24) 1.704113352s ago: executing program 5 (id=7299): socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0xf6f, 0x0, 0x0, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) inotify_init() syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$video4linux(&(0x7f0000000000), 0x7, 0x2000) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) 1.613880854s ago: executing program 4 (id=7300): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r0, 0x29, 0x4d, 0x0, 0x8) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmsg(r0, 0x0, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001500)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$P9_RGETLOCK(r2, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/user\x00') tee(r1, r4, 0xfffffffffffffc01, 0x0) tee(r1, r4, 0x60000000000, 0x0) 1.515643385s ago: executing program 5 (id=7301): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x18) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)=ANY=[], 0x20) 1.485378336s ago: executing program 5 (id=7302): gettid() r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) unlink(&(0x7f0000002ac0)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xcaa41000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x98}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r6 = dup(r5) open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) write$FUSE_BMAP(r6, 0x0, 0x0) write$FUSE_DIRENTPLUS(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0) read$FUSE(r7, &(0x7f0000001340)={0x2020}, 0x2020) write$FUSE_DIRENTPLUS(r7, &(0x7f0000003740)=ANY=[], 0xb8) socket$kcm(0x11, 0xa, 0x300) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688634c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_exit\x00', r0}, 0x18) 1.466306216s ago: executing program 1 (id=7303): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d500987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f353b68090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) 624.02337ms ago: executing program 4 (id=7304): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) sendmsg$kcm(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000022c0)="cbffd2b73e3e", 0x6}], 0x1}, 0x44) sendmsg$sock(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001040)="2eec", 0x2}], 0x1}, 0x8000) 362.050134ms ago: executing program 1 (id=7305): syz_usb_connect(0x0, 0x24, 0x0, 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x4c}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108) r6 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 340.149314ms ago: executing program 5 (id=7306): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000025c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xff7fffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000018c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f00000000c0)='./file0\x00', 0x1000000, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c756e695f786c6174653d312c636865636b3d7374726963742c646f733178666c6f7070792c757466383d312c757466383d312c757466383d302c696f636861727365743d6370313235de26302c696f636861727365743d69736f383835392d342c696f636861727365743d64656661756c742c73686f72746e616d653d6d69786564", @ANYRES8=0x0], 0xfe, 0x19c, &(0x7f0000000200)="$eJzs281qE1EYBuA3tdW2LtKFK3Ex4MZVaHsFFqkgBgSlCwVBsQ1IRwIWArqw2bnwJrwct3olLrsQRppp7Q+piNoMJM+zyQfnvMl3DiSZMzAvbr3Z3e7v9Z73vmSx1crc3arKQSsrmcuxYQCAaXJQVfleVVV1bZilz6mqqumOAIDL5v8fAGbPk6fPHm50u5uPi2IxKT8OtgZb9Ws9vtHL65TZyWra+ZHDC4QjdX3/QXdztRhZyady/yi/P9i6cja/lnZWxufX6nxxNr+Q5dP59bRzY3x+fWz+au7cPpXvpJ1vr9JPme0cZk/yH9aK4t6j7rn89dE8AAAAmAad4pex5/dO56LxOr/R+uP7A+fO1/O5Od/s2gFgVu29e7/7six33jZWJBn+Zs7X5brRyTVW/GX8eEub3Mx/K5by/995Ic2va3qK/txlf8RiklHR4I8SMBEn3/6mOwEAAAAAAAAAAAAAAC4yiUeXml4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALPnZwAAAP//RL2Oaw==") r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 154.400997ms ago: executing program 4 (id=7307): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f0000000900)={[{@nls={'nls', 0x3d, 'macinuit'}}, {@gid}, {@umask={'umask', 0x3d, 0x1000}}, {@uid}, {@type={'type', 0x3d, "8cc687ef"}}, {@force}, {@nodecompose}, {@type={'type', 0x3d, "664b981f"}}]}, 0x3, 0x6b9, &(0x7f0000000240)="$eJzs3U1sHGcZB/D/bJx1Nkip26ZtQEi1GqmCRiR2ViVBQmpACOUQoQguvVqJ01jZpJXtorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHh5BuHSNw45AAYzezsem1vHDuOvab9/aTJvLPv1zOP52N37GgDfGpdfD2Huyly8dSl2+X2yr12Z+Ve+2a/nGQySSOZ6K1StJLi4+RCeks+W75YD1c8bJ5X739UTLz/Ybu3NVEvVfvGVv02GdmymxwZbBxKMt0r/nvbw24ar1qqca6sjfeYikHcZcJO9hMH47a6SXetsvHI7ts/b4ED607vvrnJVHI0vbtr+T4g9dXh0VeG8dvy2tTdvzgAAABgr4z8LD/sqQd5kNs5tj/hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCdD0fvOwKJeGv3ydIr+9/83h75TvznmcHfpvWvV6ttPjTsQAAAAAAAAANiVFx/kQW7nWH97tah+5/9StXG8+vczeTtLmc9iTud25rKc5SxmNsnU0EDN23PLy4uzwz2rPxJY+nnKnqurq3fqnmdH9jy7Pq7uxkBH/aXBpkYAAAAAAAAA8Kn1g1xc+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEVyqLeqluP98lQaE0mOJGkW04PmzbEG+wT8cdwBAAAAwN5r1etjxX97hdWi+sz/fPW5/0jezq0sZyHL6WQ+V6tnAb1P/Y2/dtudlXvtm+WyeeCv/XNHcVQjpvfsYfTMM1WL5wY9Luab+U5OZTqXs5iFfDdzWc58pvONqjSXIlP104uplXut9GPdHO+FdVuXN8b24lC5jO9EFUkr17JQxXY6V5r90Bt1uxNDs/2+mWyY8W6ZneK12jZzdLVel3v0s3p9MExVe354kJGZOvdlNp4ezvvm3O/wONk402wag2dQx9dmKTc3zvRYOT9ar8tc/3hvc77DR2nrM9H9abnVP/qe3zrnyRf/9qfL1xu3bly/tnTq4BxGj2njMdEeysQL28pEp8xEdxeZOLKb+J+cZp2N3lV0Z1fLl6q+x7KQb+XNXM18zmUmszmfmXwlZ9PO2aG8Prd1XqtzrbGzc+3kF+pCeU/6ydC9ad9MPqyizOvTQ3kdvtJNVXXDr6xl6ZltZKloZnSW/j4ylInP1YVyjh8O3XHGb5CJxtq1uR/ds1tn4pf/WU2y1Ll1Y/H63FvbnO/lel2etu+tvzb/6ons0M7Vu1seL8+UP6z0bhvDR0dZ92y/bt2RM1vVHR/Urb/PNZupzude3aPO1HKk5++OGqlX98LIWdpV3YmhunXvcvJmOoN3IQAcYEdfOdps3W/9pfVB60et661LR74+eX7y880c/vPEHw79pvHrxleLV/JBvp9j444UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CZbeeffGXKczv3gAC2k84QHvjqzqp6L3SvNg7PtWhcP7O+mhnTSe3OqI+m2SLbo3x5HMVpID8DOd62RiH+aazIiqS4NXWkljEE+SGwfkC+6AvXBm+eZbZ5beefdLCzfn3ph/Y/7W2fPnXjvX/vLsnTPXFjrzM71/xx0lsBfW3gaMOxIAAAAAAAAAAABgu3bz3wn+cWl7jUdMW3THsK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/6eLr+dwN0VmZ07PlNsr99qdcumX11pOJGkkKb6XFB8nF9JbMjU0XPGweV69/9EvXn7/w/baWBP99o0N/X73r9XVHe5Ft14yneRQvX60yW2Nd2VovO4OA+spBntYJuxkP3Ewbv8LAAD///zfBvQ=") openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x1fe) llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) 0s ago: executing program 2 (id=7308): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, 0x0, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x24008844, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r6}, 0x10) r7 = getpgid(0x0) r8 = syz_pidfd_open(r7, 0x0) r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) r10 = pidfd_getfd(r8, r9, 0x0) readlinkat(r10, &(0x7f0000000100)='\x00', &(0x7f0000000140)=""/189, 0xbd) kernel console output (not intermixed with test programs): ][T23265] F2FS-fs (loop1): Start checkpoint disabled! [ 894.910295][T23265] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 894.948136][T23265] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 895.028208][T23293] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 895.041707][T23293] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 895.051092][T23293] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 895.067187][T23293] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 895.097358][T23293] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 895.112068][T23293] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 895.767790][T23297] tipc: Enabled bearer , priority 0 [ 895.795262][T23297] syzkaller0: entered promiscuous mode [ 895.800805][T23297] syzkaller0: entered allmulticast mode [ 895.873230][T23297] tipc: Resetting bearer [ 895.904225][T23296] tipc: Resetting bearer [ 896.173343][T23296] tipc: Disabling bearer [ 896.212809][T23291] chnl_net:caif_netlink_parms(): no params data found [ 896.394057][T23306] overlayfs: overlapping lowerdir path [ 897.204645][ T5794] Bluetooth: hci4: command tx timeout [ 897.549782][T23291] bridge0: port 1(bridge_slave_0) entered blocking state [ 897.578995][T23291] bridge0: port 1(bridge_slave_0) entered disabled state [ 897.604773][T23291] bridge_slave_0: entered allmulticast mode [ 897.622780][T23291] bridge_slave_0: entered promiscuous mode [ 897.657707][T23291] bridge0: port 2(bridge_slave_1) entered blocking state [ 897.680462][T23291] bridge0: port 2(bridge_slave_1) entered disabled state [ 897.714736][T23291] bridge_slave_1: entered allmulticast mode [ 897.722814][T23291] bridge_slave_1: entered promiscuous mode [ 897.882977][T23291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 898.048188][T23324] loop2: detected capacity change from 0 to 16 [ 898.165706][T23324] erofs: (device loop2): mounted with root inode @ nid 36. [ 898.214356][T23324] syz.2.6122: attempt to access beyond end of device [ 898.214356][T23324] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16 [ 898.884578][T23150] syz_tun (unregistering): left promiscuous mode [ 899.068250][T23291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 899.169053][T23327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6124'. [ 899.197305][T23328] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6124'. [ 899.325992][ T5794] Bluetooth: hci4: command tx timeout [ 899.432166][T23330] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6125'. [ 899.447819][ T34] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.469480][T23330] netlink: 'syz.0.6125': attribute type 1 has an invalid length. [ 899.534012][T23291] team0: Port device team_slave_0 added [ 899.597019][T23291] team0: Port device team_slave_1 added [ 899.797043][ T34] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.913801][T23333] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6126'. [ 899.941725][T23333] team_slave_0: entered promiscuous mode [ 899.947539][T23333] team_slave_1: entered promiscuous mode [ 899.953479][T23333] macvtap0: entered promiscuous mode [ 899.959163][T23333] team0: entered promiscuous mode [ 899.964825][T23333] macvtap0: entered allmulticast mode [ 900.014612][T23333] team0: entered allmulticast mode [ 900.021109][T23333] team_slave_0: entered allmulticast mode [ 900.037725][T23333] team_slave_1: entered allmulticast mode [ 900.061061][T23333] 8021q: adding VLAN 0 to HW filter on device macvtap0 [ 900.143800][ T34] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.239942][T23291] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 900.251600][T23291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 900.316732][T23291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 900.376782][ T34] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.402900][T23291] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 900.411471][T23291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 900.450060][T23291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 900.462061][T23336] tipc: Enabled bearer , priority 0 [ 900.476000][T23336] syzkaller0: entered promiscuous mode [ 900.481530][T23336] syzkaller0: entered allmulticast mode [ 900.550240][T23336] tipc: Resetting bearer [ 900.642910][T23291] hsr_slave_0: entered promiscuous mode [ 900.664770][T23291] hsr_slave_1: entered promiscuous mode [ 900.694120][T23335] tipc: Resetting bearer [ 900.724809][T23335] tipc: Disabling bearer [ 900.850550][T23343] loop1: detected capacity change from 0 to 16 [ 900.890526][T23343] erofs: (device loop1): mounted with root inode @ nid 36. [ 900.938255][T23343] syz.1.6128: attempt to access beyond end of device [ 900.938255][T23343] loop1: rw=0, sector=34359739344, nr_sectors = 8 limit=16 [ 901.522579][ T5794] Bluetooth: hci4: command tx timeout [ 902.575901][ T34] tipc: Left network mode [ 903.606861][ T5794] Bluetooth: hci4: command tx timeout [ 903.818715][T23359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6133'. [ 903.833616][T23360] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6133'. [ 904.996917][T23373] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6135'. [ 905.021573][T23373] team_slave_0: entered promiscuous mode [ 905.024255][T23377] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6136'. [ 905.027339][T23373] team_slave_1: entered promiscuous mode [ 905.028084][T23373] macvtap5: entered promiscuous mode [ 905.049523][T23373] team0: entered promiscuous mode [ 905.055259][T23373] macvtap5: entered allmulticast mode [ 905.060518][T23377] netlink: 'syz.1.6136': attribute type 1 has an invalid length. [ 905.064763][T23373] team0: entered allmulticast mode [ 905.074395][T23373] team_slave_0: entered allmulticast mode [ 905.084433][T23373] team_slave_1: entered allmulticast mode [ 905.092700][T23373] 8021q: adding VLAN 0 to HW filter on device macvtap5 [ 905.210749][T23291] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 905.289535][T23291] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 905.304599][T23382] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6137'. [ 905.315155][T23291] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 905.338950][T23382] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6137'. [ 905.405089][T23291] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 906.173091][ T23] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 906.221559][T23291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 907.301604][T23291] 8021q: adding VLAN 0 to HW filter on device team0 [ 907.346807][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state [ 907.354030][ T5927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 907.427337][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state [ 907.434631][ T5927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 907.538026][ T34] batadv_slave_0: left promiscuous mode [ 907.677631][T23422] loop2: detected capacity change from 0 to 16 [ 907.877130][T23422] erofs: (device loop2): mounted with root inode @ nid 36. [ 907.926545][T23422] syz.2.6141: attempt to access beyond end of device [ 907.926545][T23422] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16 [ 908.498467][ T34] hsr_slave_0: left promiscuous mode [ 908.523723][ T34] hsr_slave_1: left promiscuous mode [ 908.560121][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 908.588936][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 908.612599][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 908.637202][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 908.664134][ T34] bridge_slave_1: left allmulticast mode [ 908.685047][ T34] bridge_slave_1: left promiscuous mode [ 908.702599][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 908.733462][ T34] bridge_slave_0: left allmulticast mode [ 908.755283][ T34] bridge_slave_0: left promiscuous mode [ 908.768022][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 908.877717][ T34] batadv0: left promiscuous mode [ 908.894321][ T34] veth1_macvtap: left promiscuous mode [ 908.915331][ T34] veth0_macvtap: left promiscuous mode [ 908.934186][ T34] veth1_vlan: left promiscuous mode [ 908.944950][ T34] veth0_vlan: left promiscuous mode [ 910.873504][ T34] team0 (unregistering): Port device team_slave_1 removed [ 910.931036][ T34] team0 (unregistering): Port device team_slave_0 removed [ 910.985439][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 911.039788][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 911.604692][ T34] bond0 (unregistering): Released all slaves [ 911.681111][T23416] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6142'. [ 911.691554][T23418] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6142'. [ 911.942996][T23440] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6146'. [ 911.960496][T23440] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6146'. [ 912.503610][T23291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 913.072431][T23468] loop0: detected capacity change from 0 to 2048 [ 913.095412][T23472] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6153'. [ 913.147351][T23468] EXT4-fs (loop0): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 913.156998][T23472] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6153'. [ 914.166145][T23291] veth0_vlan: entered promiscuous mode [ 914.206699][T23452] loop1: detected capacity change from 0 to 40427 [ 914.250739][T23291] veth1_vlan: entered promiscuous mode [ 914.269872][T19146] EXT4-fs (loop0): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 914.349751][T23452] F2FS-fs (loop1): Found nat_bits in checkpoint [ 914.428060][T23291] veth0_macvtap: entered promiscuous mode [ 914.499659][T23291] veth1_macvtap: entered promiscuous mode [ 914.644068][T23452] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 914.730174][T23291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 914.804831][T23291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.834541][T23291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 914.897547][T23291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.058506][T23291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 915.219791][T23291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.464792][T23291] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 915.587114][T23291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 915.597652][T23291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.607612][T23291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 915.618199][T23291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.628244][T23291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 915.638756][T23291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.670517][T23291] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 915.713333][T23291] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.744441][T23291] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.772243][T23291] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.795624][T23291] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 916.087688][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 916.403615][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 916.860205][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 916.873428][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 917.416779][T23526] loop4: detected capacity change from 0 to 512 [ 917.459054][T23526] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 917.515197][T23526] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 917.647171][T23526] EXT4-fs (loop4): 1 truncate cleaned up [ 917.676369][T23526] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 917.789383][T23532] loop1: detected capacity change from 0 to 2048 [ 917.914581][T23532] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 919.505027][T23534] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 919.640633][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 920.522408][T23551] loop4: detected capacity change from 0 to 8192 [ 920.617864][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 920.830163][T23558] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6171'. [ 920.904757][T23558] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6171'. [ 921.741541][T23579] loop0: detected capacity change from 0 to 4096 [ 921.764952][T23579] EXT4-fs: Conflicting test_dummy_encryption options [ 922.296963][T23597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6182'. [ 922.322653][T23597] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6182'. [ 922.373879][T23594] loop0: detected capacity change from 0 to 2048 [ 922.449252][T23573] loop2: detected capacity change from 0 to 40427 [ 922.471931][T23594] EXT4-fs (loop0): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 922.497177][T23573] F2FS-fs (loop2): Found nat_bits in checkpoint [ 923.455387][T23573] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 923.494086][T19146] EXT4-fs (loop0): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 923.802882][T23614] loop4: detected capacity change from 0 to 2048 [ 924.058323][T23614] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 926.617991][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 928.669841][T23657] loop1: detected capacity change from 0 to 2048 [ 928.795065][T23657] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 929.929232][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 930.200082][T23680] overlayfs: overlapping lowerdir path [ 932.168766][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.175247][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.538469][T23705] loop2: detected capacity change from 0 to 2048 [ 932.642130][T23705] EXT4-fs (loop2): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 932.838079][T23711] overlayfs: failed to resolve './file1': -2 [ 933.951967][T23723] loop1: detected capacity change from 0 to 40427 [ 934.162039][T23723] F2FS-fs (loop1): Found nat_bits in checkpoint [ 934.356383][T23723] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 935.564594][T23664] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 937.236727][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 938.491249][T23755] loop2: detected capacity change from 0 to 1024 [ 938.546810][T23755] EXT4-fs: Ignoring removed orlov option [ 938.552538][T23755] EXT4-fs: Ignoring removed nomblk_io_submit option [ 938.923375][T23755] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 939.172426][T23764] loop1: detected capacity change from 0 to 2048 [ 939.325524][T23764] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 944.051998][T23761] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 944.084158][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 944.109992][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 944.599889][T23794] overlayfs: failed to resolve './file1': -2 [ 945.484582][T23791] loop4: detected capacity change from 0 to 2048 [ 945.628252][T23791] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 946.855854][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 948.245518][T23824] loop0: detected capacity change from 0 to 256 [ 948.570995][T23824] FAT-fs (loop0): Directory bread(block 64) failed [ 948.578773][T23824] FAT-fs (loop0): Directory bread(block 65) failed [ 948.586261][T23824] FAT-fs (loop0): Directory bread(block 66) failed [ 948.592988][T23824] FAT-fs (loop0): Directory bread(block 67) failed [ 948.600249][T23824] FAT-fs (loop0): Directory bread(block 68) failed [ 948.607068][T23824] FAT-fs (loop0): Directory bread(block 69) failed [ 948.614482][T23824] FAT-fs (loop0): Directory bread(block 70) failed [ 948.621179][T23824] FAT-fs (loop0): Directory bread(block 71) failed [ 948.628443][T23824] FAT-fs (loop0): Directory bread(block 72) failed [ 948.635548][T23824] FAT-fs (loop0): Directory bread(block 73) failed [ 948.926972][T23824] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6225'. [ 950.066926][T23836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6230'. [ 950.156600][T23832] loop4: detected capacity change from 0 to 2048 [ 950.423185][T23832] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 950.447501][T23839] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6231'. [ 950.574688][T23842] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 951.537187][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 951.721683][T23858] overlayfs: overlapping lowerdir path [ 952.742735][T23866] loop4: detected capacity change from 0 to 2048 [ 952.997413][T23866] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 954.854703][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 955.899879][T23905] overlayfs: failed to resolve './file1': -2 [ 956.718945][T23900] loop1: detected capacity change from 0 to 2048 [ 956.863286][T23900] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 957.205834][T16197] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 957.572217][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 957.624690][T16197] usb 5-1: Using ep0 maxpacket: 32 [ 957.681113][T16197] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 957.736720][T16197] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 957.824755][T16197] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 957.864374][T16197] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 957.906521][T16197] usb 5-1: config 0 descriptor?? [ 957.936723][T16197] hub 5-1:0.0: bad descriptor, ignoring hub [ 957.967108][T16197] hub: probe of 5-1:0.0 failed with error -5 [ 957.990734][T16197] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 960.305656][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 960.510548][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 960.724822][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 960.754655][T16194] usb 5-1: USB disconnect, device number 2 [ 960.787132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 960.869473][T23963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6258'. [ 960.905977][T23963] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6258'. [ 961.251893][T23970] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 962.306790][T23984] loop0: detected capacity change from 0 to 256 [ 962.327508][T23984] exfat: Deprecated parameter 'namecase' [ 962.333339][T23984] exfat: Deprecated parameter 'utf8' [ 962.391755][T23984] exfat: Unknown parameter 'rootcontext' [ 962.729814][T23990] overlayfs: overlapping lowerdir path [ 964.019832][T24003] overlayfs: failed to resolve './file0': -2 [ 964.584202][T24005] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6257'. [ 965.042276][T24016] loop2: detected capacity change from 0 to 1024 [ 965.056180][T24016] EXT4-fs: Ignoring removed i_version option [ 965.097799][T24016] EXT4-fs: Ignoring removed bh option [ 965.140884][T24016] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 965.151718][T24016] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 965.167845][T24016] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 965.178768][T24016] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 965.214554][T24016] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 965.226221][T24016] EXT4-fs (loop2): filesystem has both journal inode and journal device! [ 966.177348][T24016] loop2: detected capacity change from 0 to 1024 [ 966.218576][T24016] EXT4-fs: Ignoring removed orlov option [ 966.258023][T24016] EXT4-fs: Ignoring removed nomblk_io_submit option [ 966.354248][T24016] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 967.833356][T24044] loop4: detected capacity change from 0 to 512 [ 967.965515][T24047] loop0: detected capacity change from 0 to 256 [ 968.024221][T24047] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 968.035322][T24047] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 968.081455][T24047] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 968.266775][T24049] input: syz1 as /devices/virtual/input/input8 [ 968.944889][T24044] EXT4-fs (loop4): 1 truncate cleaned up [ 968.952007][T24044] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 970.056396][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 970.503487][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 970.958945][T24084] xt_hashlimit: max too large, truncated to 1048576 [ 970.969535][T24084] No such timeout policy "syz1" [ 971.871354][T24086] loop2: detected capacity change from 0 to 512 [ 971.931212][T24086] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 972.052329][T24086] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.6282: invalid indirect mapped block 4294967295 (level 1) [ 972.399552][T24086] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.6282: invalid indirect mapped block 4294967295 (level 1) [ 973.225679][T24086] EXT4-fs (loop2): 2 truncates cleaned up [ 973.253419][T24086] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 973.557825][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 973.691377][T24101] loop0: detected capacity change from 0 to 512 [ 973.729717][T24101] EXT4-fs: Ignoring removed mblk_io_submit option [ 973.761635][T24101] EXT4-fs: Ignoring removed bh option [ 973.816104][T24101] EXT4-fs (loop0): Test dummy encryption mode enabled [ 973.944450][T24101] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 974.328663][T24101] EXT4-fs (loop0): 1 truncate cleaned up [ 974.370833][T24101] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 974.495065][T24107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6288'. [ 974.794835][T24101] fscrypt (loop0): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 974.970831][T19146] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 977.161649][T24138] loop0: detected capacity change from 0 to 40427 [ 977.263247][T24138] F2FS-fs (loop0): Found nat_bits in checkpoint [ 977.411553][T24138] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 978.617293][T24151] loop1: detected capacity change from 0 to 512 [ 978.761996][T24151] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 978.775516][T24151] ext4 filesystem being mounted at /385/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 979.438350][T24154] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 328: padding at end of block bitmap is not set [ 980.282528][T24159] loop2: detected capacity change from 0 to 512 [ 980.383275][T24159] EXT4-fs warning (device loop2): read_mmp_block:115: Error -117 while reading MMP block 24 [ 980.762172][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 981.961435][T24174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6298'. [ 982.616333][T24189] overlayfs: overlapping lowerdir path [ 985.999351][T24223] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6310'. [ 988.001792][T24236] loop2: detected capacity change from 0 to 256 [ 989.173239][T24245] overlayfs: overlapping lowerdir path [ 990.561851][T24260] loop0: detected capacity change from 0 to 2048 [ 990.658762][T24260] EXT4-fs (loop0): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 991.088232][T24262] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6319'. [ 991.626152][T24282] loop4: detected capacity change from 0 to 128 [ 1003.186894][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1003.193245][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1003.214483][T24266] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 1004.084090][T24291] loop1: detected capacity change from 0 to 512 [ 1004.200729][T24291] EXT4-fs (loop1): 1 truncate cleaned up [ 1004.214819][T24291] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1004.985816][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1005.201173][T24302] sch_fq: defrate 0 ignored. [ 1005.359058][T24303] loop4: detected capacity change from 0 to 1024 [ 1005.372126][T24303] EXT4-fs: Ignoring removed orlov option [ 1005.378076][T24303] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1005.548006][T24303] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1005.948394][T24308] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6327'. [ 1006.026102][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1007.236022][T16196] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 1007.297983][T24250] EXT4-fs (loop0): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 1007.317014][T23293] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1007.332625][T23293] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1007.340905][T23293] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1007.395664][T23293] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1007.411656][T23293] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1007.423511][T23293] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1007.438095][T16196] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1007.498023][T16196] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 1007.551959][T24331] loop4: detected capacity change from 0 to 512 [ 1007.574537][T16196] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1007.660521][T24331] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1007.695879][T16196] usb 3-1: config 0 descriptor?? [ 1007.956213][T24331] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1008.140456][T24331] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1009.197246][ T27] audit: type=1326 audit(1753180316.504:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24327 comm="syz.4.6331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613738e9a9 code=0x7ffc0000 [ 1009.712592][ T5794] Bluetooth: hci1: command tx timeout [ 1009.882396][ T27] audit: type=1326 audit(1753180316.504:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24327 comm="syz.4.6331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613738e9a9 code=0x7ffc0000 [ 1009.914783][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1010.500980][T24325] chnl_net:caif_netlink_parms(): no params data found [ 1010.541064][T16196] usbhid 3-1:0.0: can't add hid device: -71 [ 1010.575009][T16196] usbhid: probe of 3-1:0.0 failed with error -71 [ 1010.631494][T16196] usb 3-1: USB disconnect, device number 2 [ 1011.781899][ T5794] Bluetooth: hci1: command tx timeout [ 1011.843016][T24358] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6336'. [ 1011.889223][T24366] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 1011.899054][T24366] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 1011.908819][T24366] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1011.948357][T24368] tipc: Started in network mode [ 1011.953309][T24368] tipc: Node identity 36a94bd90afe, cluster identity 4711 [ 1012.033474][T24368] tipc: Enabled bearer , priority 0 [ 1012.242813][T24378] loop2: detected capacity change from 0 to 128 [ 1012.506758][T24384] syz.2.6338: attempt to access beyond end of device [ 1012.506758][T24384] loop2: rw=2049, sector=145, nr_sectors = 320 limit=128 [ 1012.541178][T24362] tipc: Disabling bearer [ 1012.655684][ T34] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1012.717057][T24378] syz.2.6338: attempt to access beyond end of device [ 1012.717057][T24378] loop2: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 1012.750615][T24378] syz.2.6338: attempt to access beyond end of device [ 1012.750615][T24378] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 1013.120794][ T34] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.174659][T24325] bridge0: port 1(bridge_slave_0) entered blocking state [ 1013.325313][T24325] bridge0: port 1(bridge_slave_0) entered disabled state [ 1013.408336][T24325] bridge_slave_0: entered allmulticast mode [ 1013.607574][T24325] bridge_slave_0: entered promiscuous mode [ 1013.845910][ T5794] Bluetooth: hci1: command tx timeout [ 1013.864531][T24325] bridge0: port 2(bridge_slave_1) entered blocking state [ 1013.906238][T24325] bridge0: port 2(bridge_slave_1) entered disabled state [ 1013.913573][T24325] bridge_slave_1: entered allmulticast mode [ 1013.955382][T24325] bridge_slave_1: entered promiscuous mode [ 1014.317872][ T34] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1014.341123][T24325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1014.357284][T24412] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6346'. [ 1014.370025][T24325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1014.514664][ T34] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1014.550002][T24325] team0: Port device team_slave_0 added [ 1014.559315][T24325] team0: Port device team_slave_1 added [ 1014.570562][T24420] loop4: detected capacity change from 0 to 2048 [ 1014.643864][T24420] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1014.661226][T24418] syzkaller0: entered promiscuous mode [ 1014.667489][T24418] syzkaller0: entered allmulticast mode [ 1014.720864][T24325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1014.744043][T24325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1014.784096][T24325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1014.805670][T24325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1014.812929][T24325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1014.849476][T24325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1014.939030][T24325] hsr_slave_0: entered promiscuous mode [ 1014.947512][T24325] hsr_slave_1: entered promiscuous mode [ 1014.953729][T24325] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1014.962229][T24325] Cannot create hsr debugfs directory [ 1015.726320][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 1016.014963][ T5794] Bluetooth: hci1: command tx timeout [ 1017.415421][T24440] xt_hashlimit: max too large, truncated to 1048576 [ 1017.422304][T24440] No such timeout policy "syz1" [ 1017.902579][ T34] tipc: Left network mode [ 1019.241890][T24457] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1020.053222][T24459] loop1: detected capacity change from 0 to 2048 [ 1020.159581][T24459] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1020.448227][T24325] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1021.540868][T24467] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 1021.562805][ T5794] Bluetooth: hci4: command 0x0406 tx timeout [ 1021.814196][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 1021.931936][T24325] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1022.063406][T24325] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1022.168391][T24325] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1025.279450][T24520] loop4: detected capacity change from 0 to 2048 [ 1025.388069][T24520] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1025.406371][ T34] hsr_slave_0: left promiscuous mode [ 1025.428747][ T34] hsr_slave_1: left promiscuous mode [ 1025.451319][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1025.481021][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1025.603093][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1025.664403][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1025.751543][ T34] bridge_slave_1: left allmulticast mode [ 1026.036053][ T34] bridge_slave_1: left promiscuous mode [ 1026.314909][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 1026.579845][ T34] bridge_slave_0: left allmulticast mode [ 1026.615467][ T34] bridge_slave_0: left promiscuous mode [ 1026.653460][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 1026.687301][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 1026.849751][ T34] team0: left allmulticast mode [ 1026.875530][ T34] team_slave_0: left allmulticast mode [ 1026.890142][ T34] team_slave_1: left allmulticast mode [ 1026.898345][ T34] team0: left promiscuous mode [ 1026.903712][ T34] team_slave_0: left promiscuous mode [ 1026.909275][ T34] team_slave_1: left promiscuous mode [ 1026.975416][ T34] batadv0: left promiscuous mode [ 1026.981358][ T34] veth1_macvtap: left promiscuous mode [ 1026.990944][ T34] veth0_macvtap: left promiscuous mode [ 1027.005729][ T34] veth1_vlan: left promiscuous mode [ 1027.033652][ T34] veth0_vlan: left promiscuous mode [ 1028.576383][T24567] loop2: detected capacity change from 0 to 256 [ 1028.623257][T24567] exfat: Unknown parameter 'iochar' [ 1031.437009][ T34] team0 (unregistering): Port device team_slave_1 removed [ 1031.550052][ T34] team0 (unregistering): Port device team_slave_0 removed [ 1031.649475][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1031.729832][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1032.519083][ T34] bond0 (unregistering): Released all slaves [ 1032.962655][T24325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1033.075212][T24325] 8021q: adding VLAN 0 to HW filter on device team0 [ 1033.171616][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 1033.178858][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1033.644127][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 1033.651399][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1034.372148][T24325] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1034.480179][T24325] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1034.552550][T24593] overlayfs: failed to resolve './file1': -2 [ 1036.241308][T24325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1037.323792][T24634] loop1: detected capacity change from 0 to 2048 [ 1037.496863][T24634] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1038.269029][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 1038.420394][T24325] veth0_vlan: entered promiscuous mode [ 1038.479354][T24325] veth1_vlan: entered promiscuous mode [ 1038.557537][T24325] veth0_macvtap: entered promiscuous mode [ 1038.583913][T24325] veth1_macvtap: entered promiscuous mode [ 1038.656870][T24325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.686877][T24325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.721139][T24325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.742012][T24325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.769345][T24325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.789638][T24325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.814194][T24325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1038.857125][T24325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.883671][T24325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.904292][T24325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.927579][T24325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.954003][T24325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.979937][T24325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1039.002063][T24325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1039.031299][T24325] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.050350][T24325] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.074598][T24325] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.089155][T24325] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.276852][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1039.330805][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1039.557949][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1039.633545][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1039.813561][T24671] loop4: detected capacity change from 0 to 512 [ 1039.971661][T24671] EXT4-fs (loop4): 1 truncate cleaned up [ 1039.985720][T24671] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1040.645894][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1041.824757][ T27] audit: type=1326 audit(1753180349.104:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24681 comm="syz.4.6390" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f613738e9a9 code=0x0 [ 1046.171616][T24732] loop4: detected capacity change from 0 to 512 [ 1046.417352][T24732] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1046.431170][T24732] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1047.697616][T24735] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 328: padding at end of block bitmap is not set [ 1048.634860][T24738] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6395'. [ 1048.938915][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1050.428933][T24770] syz.4.6403[24770] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1050.429089][T24770] syz.4.6403[24770] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1050.447795][T24770] loop4: detected capacity change from 0 to 256 [ 1050.467610][T24770] exfat: Deprecated parameter 'utf8' [ 1050.472994][T24770] exfat: Deprecated parameter 'utf8' [ 1050.541611][T24770] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 1052.043129][T24788] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1054.985819][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.992227][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1058.093215][T24852] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1059.270890][T24861] bridge0: entered allmulticast mode [ 1059.297903][T24861] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6426'. [ 1059.317628][T24861] bridge_slave_1: left allmulticast mode [ 1059.333539][T24861] bridge_slave_1: left promiscuous mode [ 1059.343639][T24861] bridge0: port 2(bridge_slave_1) entered disabled state [ 1059.385947][T24861] bridge_slave_0: left allmulticast mode [ 1059.391807][T24861] bridge_slave_0: left promiscuous mode [ 1059.445555][T24861] bridge0: port 1(bridge_slave_0) entered disabled state [ 1059.473643][ T27] audit: type=1326 audit(1753180366.774:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24855 comm="syz.5.6424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a0b8e9a9 code=0x7ffc0000 [ 1059.557512][ T27] audit: type=1326 audit(1753180366.774:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24855 comm="syz.5.6424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55a0b8e9a9 code=0x7ffc0000 [ 1059.632051][T24861] bridge0 (unregistering): left allmulticast mode [ 1060.705662][T24866] loop1: detected capacity change from 0 to 40427 [ 1060.721590][T24866] F2FS-fs (loop1): invalid crc value [ 1060.776357][T24866] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1060.836524][T24864] loop2: detected capacity change from 0 to 40427 [ 1060.900789][T24864] F2FS-fs (loop2): invalid crc value [ 1060.951481][T24864] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1060.967485][T24866] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1061.414905][T24892] syz.1.6427: attempt to access beyond end of device [ 1061.414905][T24892] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1061.633908][T24864] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1062.013251][T19465] syz-executor: attempt to access beyond end of device [ 1062.013251][T19465] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 1062.105532][T19465] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1062.262150][T24900] syz.2.6425: attempt to access beyond end of device [ 1062.262150][T24900] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 1063.057587][T24908] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1063.784198][T19818] syz-executor: attempt to access beyond end of device [ 1063.784198][T19818] loop2: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 1063.826916][T19818] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1063.846128][T19818] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1066.684559][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1066.903755][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1066.920229][ T23] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 1066.955175][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1067.453441][T24952] loop2: detected capacity change from 0 to 40427 [ 1067.653998][T24952] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1067.822617][T24952] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1067.945231][ T23] usb 2-1: config 0 descriptor?? [ 1070.223000][ T23] lenovo 0003:17EF:6047.0001: item fetching failed at offset 4/5 [ 1070.257404][ T23] lenovo 0003:17EF:6047.0001: hid_parse failed [ 1070.264082][ T23] lenovo: probe of 0003:17EF:6047.0001 failed with error -22 [ 1070.364415][ T23] usb 2-1: USB disconnect, device number 3 [ 1070.384780][T24972] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1072.873373][T16196] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 1073.108684][T16196] usb 3-1: Using ep0 maxpacket: 32 [ 1073.123352][T16196] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1073.163444][T16196] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1073.185787][T16196] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1073.205278][T16196] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1073.227298][T16196] usb 3-1: config 0 descriptor?? [ 1073.243940][T16196] hub 3-1:0.0: USB hub found [ 1073.422684][T25018] loop4: detected capacity change from 0 to 512 [ 1073.452509][T25018] EXT4-fs: Ignoring removed bh option [ 1073.476077][T25018] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 1073.507355][T16196] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 1073.541926][T16196] usbhid 3-1:0.0: can't add hid device: -71 [ 1073.562216][T16196] usbhid: probe of 3-1:0.0 failed with error -71 [ 1073.577297][T25018] EXT4-fs (loop4): 1 truncate cleaned up [ 1073.605018][T25018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1073.664099][T16196] usb 3-1: USB disconnect, device number 3 [ 1073.856216][T25022] loop1: detected capacity change from 0 to 128 [ 1074.656147][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1080.274868][T25070] overlayfs: overlapping lowerdir path [ 1080.691260][T25078] loop1: detected capacity change from 0 to 512 [ 1080.852016][T25078] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1080.967981][T25078] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1081.029525][T25078] ext4 filesystem being mounted at /432/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1081.914939][T25090] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1082.212291][ T27] audit: type=1326 audit(1753180388.753:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25077 comm="syz.1.6466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f203778e9a9 code=0x7ffc0000 [ 1082.601952][ T27] audit: type=1326 audit(1753180388.753:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25077 comm="syz.1.6466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f203778e9a9 code=0x7ffc0000 [ 1082.770689][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1082.890962][T25102] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6469'. [ 1082.961813][T25102] netlink: 'syz.5.6469': attribute type 3 has an invalid length. [ 1083.177990][T25103] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1087.129936][T25148] loop5: detected capacity change from 0 to 1024 [ 1087.168449][T25148] EXT4-fs: Ignoring removed nobh option [ 1087.174119][T25148] EXT4-fs: Ignoring removed bh option [ 1087.633651][T25150] loop1: detected capacity change from 0 to 16 [ 1089.092538][T25148] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1089.165567][T25148] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1091.726930][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1092.379673][T25194] tipc: Started in network mode [ 1092.394704][T25194] tipc: Node identity d2164e12a47c, cluster identity 4711 [ 1092.420545][T25194] tipc: Enabled bearer , priority 0 [ 1092.452277][T25194] tipc: Resetting bearer [ 1092.503603][T25193] tipc: Disabling bearer [ 1093.069744][T25214] loop5: detected capacity change from 0 to 1024 [ 1093.093437][T25214] EXT4-fs: Ignoring removed i_version option [ 1093.099717][T25214] EXT4-fs: Ignoring removed bh option [ 1093.113105][T25214] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1093.125221][T25214] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 1093.170967][T25214] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 1093.208405][T25214] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 1093.274268][T25214] EXT4-fs (loop5): external journal device major/minor numbers have changed [ 1093.327959][T25214] EXT4-fs (loop5): filesystem has both journal inode and journal device! [ 1094.280815][T25214] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6489'. [ 1094.379774][T25214] unsupported nlmsg_type 40 [ 1094.524438][T25214] loop5: detected capacity change from 0 to 1024 [ 1094.531813][T25214] EXT4-fs: Ignoring removed orlov option [ 1094.537810][T25214] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1095.090118][T25214] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1095.508743][T25239] xt_TCPMSS: Only works on TCP SYN packets [ 1097.272048][T25250] 8021q: VLANs not supported on vcan0 [ 1097.784271][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1099.225213][T25280] loop2: detected capacity change from 0 to 256 [ 1099.292532][T25280] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1099.303497][T25280] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 1099.382478][T25280] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 1099.493977][T25281] input: syz1 as /devices/virtual/input/input9 [ 1101.639977][T25295] loop4: detected capacity change from 0 to 1024 [ 1101.738429][T25295] EXT4-fs: Ignoring removed orlov option [ 1101.880444][T25295] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1102.252828][ T27] audit: type=1800 audit(1753180407.498:81): pid=25308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6503" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 1102.435461][ T27] audit: type=1800 audit(1753180407.498:82): pid=25295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6503" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 1102.546988][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1103.259570][T25326] loop2: detected capacity change from 0 to 2048 [ 1103.450123][T25326] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1104.140875][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1105.546702][T25359] overlayfs: overlapping lowerdir path [ 1108.156385][T25377] loop5: detected capacity change from 0 to 512 [ 1108.436573][T25377] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1108.450427][T25377] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1108.759064][T25376] netem: change failed [ 1110.563304][T25387] netlink: 'syz.2.6521': attribute type 4 has an invalid length. [ 1110.741815][T25388] netlink: 'syz.2.6521': attribute type 4 has an invalid length. [ 1110.951124][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1114.129243][T25430] syz.5.6524[25430] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1114.129391][T25430] syz.5.6524[25430] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1114.401755][T25432] loop5: detected capacity change from 0 to 256 [ 1114.421280][T25432] exfat: Deprecated parameter 'utf8' [ 1114.426819][T25432] exfat: Deprecated parameter 'utf8' [ 1114.857598][T25432] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 1116.959613][T25444] loop1: detected capacity change from 0 to 2048 [ 1117.210044][T25444] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1118.023856][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 1119.803332][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1119.813476][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.755177][T25480] loop2: detected capacity change from 0 to 128 [ 1123.880559][T25488] loop4: detected capacity change from 0 to 40427 [ 1124.063705][T25488] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1124.229886][T25488] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1124.379058][T25480] syz.2.6541: attempt to access beyond end of device [ 1124.379058][T25480] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 1124.464607][T25480] syz.2.6541: attempt to access beyond end of device [ 1124.464607][T25480] loop2: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 1124.573283][T25480] syz.2.6541: attempt to access beyond end of device [ 1124.573283][T25480] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 1128.987547][T25524] loop5: detected capacity change from 0 to 128 [ 1129.094780][T25524] syz.5.6552: attempt to access beyond end of device [ 1129.094780][T25524] loop5: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 1129.287907][T25526] overlayfs: overlapping lowerdir path [ 1130.005036][T25533] loop5: detected capacity change from 0 to 40427 [ 1130.087318][T25533] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1130.152591][T25533] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1134.966682][T25563] loop4: detected capacity change from 0 to 40427 [ 1135.059896][T25563] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 1135.066509][T25563] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 1135.090762][T25563] F2FS-fs (loop4): invalid crc value [ 1136.103683][T25563] F2FS-fs (loop4): sanity_check_inode: corrupted inode footer i_ino=3, ino,nid: [14170371, 3] run fsck to fix. [ 1136.128600][T25563] F2FS-fs (loop4): Failed to read root inode [ 1136.277012][T25576] loop5: detected capacity change from 0 to 1024 [ 1136.392158][T25576] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1136.516770][T25576] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1136.597908][T25576] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1136.696472][T25576] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 16: comm syz.5.6564: path /47/file1: bad entry in directory: rec_len is smaller than minimal - offset=876, inode=0, rec_len=0, size=1024 fake=0 [ 1136.812680][T25576] EXT4-fs (loop5): Remounting filesystem read-only [ 1136.906875][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1137.300317][T25588] overlayfs: overlapping lowerdir path [ 1137.640744][T25589] loop5: detected capacity change from 0 to 40427 [ 1137.684782][T25589] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1137.737815][T25589] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1138.342765][ T5794] Bluetooth: hci1: command 0x0406 tx timeout [ 1140.092527][T25619] loop2: detected capacity change from 0 to 512 [ 1140.100222][T25619] EXT4-fs: Ignoring removed nobh option [ 1140.122820][T25619] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.6575: iget: bad i_size value: 38620345925642 [ 1140.132126][T25610] xt_l2tp: wrong L2TP version: 0 [ 1140.138046][T25619] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.6575: couldn't read orphan inode 15 (err -117) [ 1140.165773][T25619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1140.287952][T25623] random: crng reseeded on system resumption [ 1140.678453][T25626] loop4: detected capacity change from 0 to 2048 [ 1140.728401][T25626] EXT4-fs (loop4): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1140.799812][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 1141.004868][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1142.506804][T25641] loop2: detected capacity change from 0 to 16 [ 1143.703221][T25641] erofs: (device loop2): mounted with root inode @ nid 36. [ 1143.728087][T25641] syz.2.6578: attempt to access beyond end of device [ 1143.728087][T25641] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16 [ 1143.750199][T25641] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6578'. [ 1144.123446][T25640] loop4: detected capacity change from 0 to 40427 [ 1144.213577][T25640] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1144.274555][T25640] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1145.482380][T25657] syz.1.6583[25657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1145.482529][T25657] syz.1.6583[25657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1145.503212][T25657] loop1: detected capacity change from 0 to 256 [ 1145.559132][T25657] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1145.822088][T25657] batadv_slave_0: entered promiscuous mode [ 1148.218591][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 1148.328005][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 1152.804168][T25716] overlayfs: overlapping lowerdir path [ 1154.275401][T25731] xt_hashlimit: max too large, truncated to 1048576 [ 1154.285804][T25731] No such timeout policy "syz1" [ 1157.252977][T25752] loop1: detected capacity change from 0 to 1024 [ 1157.314327][T25752] EXT4-fs: Ignoring removed orlov option [ 1157.338528][T25752] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1158.468283][T25752] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1159.713233][T25763] loop2: detected capacity change from 0 to 512 [ 1161.072555][T25763] EXT4-fs (loop2): 1 truncate cleaned up [ 1161.080143][T25763] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1162.541292][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1163.280687][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1165.099665][T25794] loop4: detected capacity change from 0 to 256 [ 1165.107171][T25794] exfat: Unknown parameter 'iochar' [ 1168.778658][T25808] loop4: detected capacity change from 0 to 128 [ 1168.946713][T25815] syz.4.6617: attempt to access beyond end of device [ 1168.946713][T25815] loop4: rw=2049, sector=145, nr_sectors = 536 limit=128 [ 1169.268709][T25817] overlayfs: overlapping lowerdir path [ 1170.816541][T25833] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6623'. [ 1172.193352][T25842] overlayfs: failed to resolve './file1': -2 [ 1173.100470][T25846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6625'. [ 1173.938625][T25852] loop5: detected capacity change from 0 to 512 [ 1176.750724][T25852] EXT4-fs warning (device loop5): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop5. [ 1176.794960][T25858] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6630'. [ 1177.415334][T25867] loop2: detected capacity change from 0 to 512 [ 1177.450470][T25867] EXT4-fs: Ignoring removed bh option [ 1177.534115][T25867] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 1177.672746][T25869] loop4: detected capacity change from 0 to 512 [ 1177.920678][T25869] EXT4-fs (loop4): 1 truncate cleaned up [ 1177.933774][T25869] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1178.268461][T25867] EXT4-fs (loop2): 1 truncate cleaned up [ 1178.291499][T25867] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1180.071488][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1180.271754][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1180.495127][T25883] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6635'. [ 1180.726747][ T27] audit: type=1326 audit(1753180480.908:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25886 comm="syz.1.6636" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f203778e9a9 code=0x0 [ 1185.098084][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1185.109767][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1188.199547][T25954] loop2: detected capacity change from 0 to 256 [ 1195.266664][T25997] syzkaller0: entered promiscuous mode [ 1195.272527][T25997] syzkaller0: entered allmulticast mode [ 1195.409460][T26004] loop4: detected capacity change from 0 to 256 [ 1195.421433][T26004] exfat: Deprecated parameter 'namecase' [ 1195.427528][T26004] exfat: Deprecated parameter 'utf8' [ 1195.525603][T26004] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1196.325587][T26007] loop1: detected capacity change from 0 to 512 [ 1196.404078][T26007] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1196.421909][T26007] ext4 filesystem being mounted at /477/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1196.440807][T26007] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1196.877874][T26017] loop4: detected capacity change from 0 to 512 [ 1196.937357][T26017] EXT4-fs (loop4): 1 truncate cleaned up [ 1196.945452][T26017] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1198.400156][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1198.990453][T26038] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6675'. [ 1201.846758][T26072] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1202.377334][T26078] loop2: detected capacity change from 0 to 512 [ 1202.660926][T26078] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1202.674209][T26078] ext4 filesystem being mounted at /451/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1205.542252][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1205.784423][T26092] loop2: detected capacity change from 0 to 128 [ 1205.953192][T26092] syz.2.6687: attempt to access beyond end of device [ 1205.953192][T26092] loop2: rw=2049, sector=145, nr_sectors = 208 limit=128 [ 1206.048399][T26092] syz.2.6687: attempt to access beyond end of device [ 1206.048399][T26092] loop2: rw=524288, sector=145, nr_sectors = 208 limit=128 [ 1206.100797][T26092] syz.2.6687: attempt to access beyond end of device [ 1206.100797][T26092] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 1211.000646][T16205] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1211.037102][T26147] loop4: detected capacity change from 0 to 256 [ 1212.546223][T16205] usb 2-1: Using ep0 maxpacket: 16 [ 1214.536492][T26164] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6707'. [ 1214.545880][T16205] usb 2-1: device descriptor read/all, error -71 [ 1215.145170][T26161] loop5: detected capacity change from 0 to 8192 [ 1217.080001][T26174] syz.4.6710[26174] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1217.080151][T26174] syz.4.6710[26174] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1218.163440][T26183] netlink: 64 bytes leftover after parsing attributes in process `syz.1.6711'. [ 1218.231827][ T27] audit: type=1326 audit(1753180515.986:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26182 comm="syz.1.6711" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f203778e9a9 code=0x0 [ 1221.357880][T26211] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6717'. [ 1221.504140][T26212] loop4: detected capacity change from 0 to 16 [ 1221.539155][T26212] erofs: (device loop4): mounted with root inode @ nid 36. [ 1221.591420][T26212] syz.4.6716: attempt to access beyond end of device [ 1221.591420][T26212] loop4: rw=0, sector=34359739344, nr_sectors = 8 limit=16 [ 1222.454174][T26212] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6716'. [ 1227.393862][T26240] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6725'. [ 1228.013062][T26246] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6727'. [ 1228.437922][T26250] syzkaller0: entered promiscuous mode [ 1228.454849][T26250] syzkaller0: entered allmulticast mode [ 1228.472302][T26254] loop2: detected capacity change from 0 to 512 [ 1228.482635][T26255] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6730'. [ 1228.500101][T26254] EXT4-fs: Ignoring removed mblk_io_submit option [ 1228.506668][T26254] EXT4-fs: Ignoring removed bh option [ 1228.512535][T26254] ext4: Unknown parameter 'fsuuid' [ 1228.767439][T26257] netlink: 'syz.2.6729': attribute type 27 has an invalid length. [ 1230.310703][T26272] loop4: detected capacity change from 0 to 512 [ 1230.337769][T26272] EXT4-fs (loop4): 1 truncate cleaned up [ 1230.344814][T26272] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1230.710195][T26257] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.717653][T26257] bridge0: port 1(bridge_slave_0) entered disabled state [ 1231.068579][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1231.217422][T26257] wg2: left promiscuous mode [ 1231.222332][T26257] wg2: left allmulticast mode [ 1232.579563][T26257] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1232.612954][T26257] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1232.886551][T26292] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1232.980474][T26257] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1232.994174][T26257] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1233.003290][T26257] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1233.016880][T26257] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1233.056274][T26257] mac80211_hwsim hwsim22 wlan0: left promiscuous mode [ 1233.084776][T26257] macvtap1: left promiscuous mode [ 1233.089902][T26257] macvtap1: left allmulticast mode [ 1233.099681][T26257] macvtap2: left promiscuous mode [ 1233.107349][T26257] macvtap2: left allmulticast mode [ 1233.121277][T26257] macvtap3: left promiscuous mode [ 1233.136375][T26257] macvtap3: left allmulticast mode [ 1233.141700][T26257] macvtap4: left promiscuous mode [ 1233.162238][T26257] macvtap4: left allmulticast mode [ 1233.227470][T26257] batadv0: left promiscuous mode [ 1233.302611][T26262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1233.310654][T26262] 8021q: adding VLAN 0 to HW filter on device team0 [ 1233.323970][T26262] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1233.350091][T26267] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6732'. [ 1233.633263][T26312] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6739'. [ 1233.875843][T26317] syzkaller0: entered promiscuous mode [ 1233.913811][T26317] syzkaller0: entered allmulticast mode [ 1235.577974][T26333] loop4: detected capacity change from 0 to 512 [ 1235.707409][T26333] EXT4-fs (loop4): 1 truncate cleaned up [ 1235.716770][T26333] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1236.700723][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1237.395901][T26349] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6748'. [ 1238.083568][T26356] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6750'. [ 1238.268403][T26359] loop2: detected capacity change from 0 to 128 [ 1238.278096][T26354] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1238.404406][T26363] syz.2.6751: attempt to access beyond end of device [ 1238.404406][T26363] loop2: rw=2049, sector=145, nr_sectors = 448 limit=128 [ 1238.502136][T26359] syz.2.6751: attempt to access beyond end of device [ 1238.502136][T26359] loop2: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 1240.659426][T26374] syzkaller0: entered promiscuous mode [ 1240.680859][T26374] syzkaller0: entered allmulticast mode [ 1245.832609][T26413] loop1: detected capacity change from 0 to 128 [ 1245.934175][T26414] overlayfs: overlapping lowerdir path [ 1246.053706][T26413] syz.1.6762: attempt to access beyond end of device [ 1246.053706][T26413] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 1246.217737][T26415] syz.1.6762: attempt to access beyond end of device [ 1246.217737][T26415] loop1: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 1250.103124][T26437] syzkaller0: entered promiscuous mode [ 1250.103147][T26437] syzkaller0: entered allmulticast mode [ 1250.735518][T26450] loop5: detected capacity change from 0 to 1024 [ 1250.759344][T26450] EXT4-fs: Ignoring removed orlov option [ 1250.783161][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1250.791089][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1250.818102][T26450] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1250.911122][T26450] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1252.055340][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1253.687061][T26485] syzkaller0: entered promiscuous mode [ 1253.694111][T26485] syzkaller0: entered allmulticast mode [ 1254.558969][T26496] xt_hashlimit: max too large, truncated to 1048576 [ 1254.566952][T26496] No such timeout policy "syz1" [ 1256.184834][T26500] loop2: detected capacity change from 0 to 256 [ 1256.197168][T26500] exfat: Deprecated parameter 'namecase' [ 1256.203330][T26500] exfat: Deprecated parameter 'utf8' [ 1257.082573][T26500] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1257.834697][T26506] loop1: detected capacity change from 0 to 2048 [ 1257.912655][T26506] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1259.729508][T26528] loop5: detected capacity change from 0 to 512 [ 1260.019375][T26513] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 1260.927156][T26528] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.6789: bad orphan inode 11862016 [ 1260.952321][T26528] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1260.965460][T26528] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1262.599419][T26537] loop4: detected capacity change from 0 to 256 [ 1262.606762][T26537] exfat: Deprecated parameter 'namecase' [ 1262.612577][T26537] exfat: Deprecated parameter 'utf8' [ 1262.708769][T26537] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1263.174648][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 1263.744901][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1265.108143][T26560] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6796'. [ 1265.302425][T26558] syz.5.6795[26558] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1265.302572][T26558] syz.5.6795[26558] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1265.366276][T26558] loop5: detected capacity change from 0 to 256 [ 1266.776255][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 1266.781799][T26576] loop5: detected capacity change from 0 to 1024 [ 1266.808587][T26577] netlink: 60 bytes leftover after parsing attributes in process `syz.4.6800'. [ 1266.816395][T26576] EXT4-fs: Ignoring removed orlov option [ 1266.843452][T26577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6800'. [ 1266.853193][T26576] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1266.894827][T26576] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1268.593694][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1269.017007][T26591] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1270.279529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 1270.885199][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 1271.108283][T26605] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6806'. [ 1271.474122][T26609] netlink: 'syz.1.6807': attribute type 4 has an invalid length. [ 1271.481928][T26609] netlink: 14345 bytes leftover after parsing attributes in process `syz.1.6807'. [ 1271.883687][T26615] loop5: detected capacity change from 0 to 256 [ 1271.891068][T26615] exfat: Deprecated parameter 'namecase' [ 1271.896816][T26615] exfat: Deprecated parameter 'utf8' [ 1274.200042][T26615] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1274.532768][T26620] syzkaller0: entered promiscuous mode [ 1274.546615][T26620] syzkaller0: entered allmulticast mode [ 1274.657106][T26622] loop1: detected capacity change from 0 to 1024 [ 1274.679392][T26622] EXT4-fs: Ignoring removed orlov option [ 1274.721102][T26622] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1274.773629][T26622] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1275.067743][T26632] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1275.842817][T26639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6816'. [ 1279.134251][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1279.236183][T26656] netlink: 'syz.5.6820': attribute type 10 has an invalid length. [ 1279.266267][T26656] netlink: 55 bytes leftover after parsing attributes in process `syz.5.6820'. [ 1279.636290][T26667] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6825'. [ 1279.833755][T26670] xt_hashlimit: max too large, truncated to 1048576 [ 1279.843780][T26670] No such timeout policy "syz1" [ 1282.112496][T26681] loop4: detected capacity change from 0 to 1024 [ 1282.150862][T26681] EXT4-fs: Ignoring removed orlov option [ 1282.197481][T26681] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1282.268136][T26683] netlink: 'syz.5.6830': attribute type 2 has an invalid length. [ 1282.304105][T26683] netlink: 164 bytes leftover after parsing attributes in process `syz.5.6830'. [ 1282.333792][T26681] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1282.373633][T26683] netlink: 'syz.5.6830': attribute type 2 has an invalid length. [ 1282.381695][T26683] netlink: 164 bytes leftover after parsing attributes in process `syz.5.6830'. [ 1282.584966][T26692] netlink: 'syz.1.6832': attribute type 39 has an invalid length. [ 1283.501922][T26700] loop2: detected capacity change from 0 to 512 [ 1283.683991][T26702] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6835'. [ 1283.730783][T26700] EXT4-fs (loop2): 1 truncate cleaned up [ 1283.774328][T26700] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1284.524800][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1285.221182][T26715] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1285.419568][T26687] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 7: invalid block bitmap [ 1285.559051][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1285.761345][T26722] netlink: 'syz.5.6841': attribute type 29 has an invalid length. [ 1285.771098][T26722] netlink: 'syz.5.6841': attribute type 29 has an invalid length. [ 1285.784624][T26722] netlink: 'syz.5.6841': attribute type 29 has an invalid length. [ 1285.795105][T26722] netlink: 'syz.5.6841': attribute type 29 has an invalid length. [ 1285.810226][T26722] netlink: 'syz.5.6841': attribute type 29 has an invalid length. [ 1288.625684][T26730] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6844'. [ 1288.819127][T26740] loop1: detected capacity change from 0 to 1024 [ 1288.837249][T26740] EXT4-fs: Ignoring removed orlov option [ 1288.987236][T26740] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1289.030884][T26740] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1289.753409][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1290.247662][T26769] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6854'. [ 1290.407950][T26771] loop1: detected capacity change from 0 to 512 [ 1290.492989][T26771] EXT4-fs (loop1): 1 truncate cleaned up [ 1290.550851][T26771] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1290.714238][T26776] netlink: 'syz.4.6856': attribute type 1 has an invalid length. [ 1291.416589][T26783] netlink: 'syz.2.6858': attribute type 13 has an invalid length. [ 1291.545100][T26785] loop4: detected capacity change from 0 to 1024 [ 1291.566728][T26785] EXT4-fs: Ignoring removed orlov option [ 1291.591563][T26785] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1291.622315][T26788] netlink: 'syz.2.6861': attribute type 29 has an invalid length. [ 1291.631611][T26788] netlink: 'syz.2.6861': attribute type 29 has an invalid length. [ 1291.644314][T26788] netlink: 'syz.2.6861': attribute type 29 has an invalid length. [ 1291.654237][T26788] netlink: 'syz.2.6861': attribute type 29 has an invalid length. [ 1291.664063][T26788] netlink: 'syz.2.6861': attribute type 29 has an invalid length. [ 1291.825605][T26785] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1292.457449][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1292.664759][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1293.942913][T26814] netlink: 'syz.2.6869': attribute type 21 has an invalid length. [ 1295.256781][T26825] syz.2.6871[26825] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1295.256922][T26825] syz.2.6871[26825] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1295.287399][T26825] loop2: detected capacity change from 0 to 256 [ 1295.555022][T26831] loop2: detected capacity change from 0 to 1024 [ 1295.569025][T26831] EXT4-fs: Ignoring removed orlov option [ 1295.593584][T26831] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1295.656374][T26831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1295.813604][T26838] syzkaller0: entered promiscuous mode [ 1295.832651][T26838] syzkaller0: entered allmulticast mode [ 1296.370883][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1296.825054][T26847] netlink: 144 bytes leftover after parsing attributes in process `syz.4.6880'. [ 1298.464209][T26857] syz.1.6882[26857] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1298.464317][T26857] syz.1.6882[26857] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1298.645201][T26857] loop1: detected capacity change from 0 to 256 [ 1298.853464][T26861] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1300.071109][T26871] loop2: detected capacity change from 0 to 512 [ 1300.216787][T26871] EXT4-fs (loop2): 1 truncate cleaned up [ 1300.228958][T26871] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1300.826494][T19818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1301.413593][T26891] overlayfs: overlapping lowerdir path [ 1304.063535][T26908] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1305.616387][T26922] loop5: detected capacity change from 0 to 512 [ 1306.432122][T26922] EXT4-fs (loop5): 1 truncate cleaned up [ 1306.444098][T26922] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1306.854108][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1309.311722][T26953] loop5: detected capacity change from 0 to 128 [ 1310.654566][T26975] loop4: detected capacity change from 0 to 512 [ 1310.916497][T26975] EXT4-fs (loop4): 1 truncate cleaned up [ 1310.928339][T26975] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1311.546032][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1313.974966][T26994] loop2: detected capacity change from 0 to 128 [ 1314.113685][T26997] loop1: detected capacity change from 0 to 256 [ 1314.121193][T26997] exfat: Deprecated parameter 'namecase' [ 1314.126963][T26997] exfat: Deprecated parameter 'utf8' [ 1314.359651][T26997] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1314.901485][T27012] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1315.871288][T27022] loop4: detected capacity change from 0 to 128 [ 1316.532832][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1316.539818][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1321.159193][T27051] overlayfs: overlapping lowerdir path [ 1323.340201][T27076] loop1: detected capacity change from 0 to 256 [ 1323.347900][T27076] exfat: Deprecated parameter 'namecase' [ 1323.353666][T27076] exfat: Deprecated parameter 'utf8' [ 1323.422012][T27076] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1324.181100][T27080] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1327.749237][T27111] overlayfs: overlapping lowerdir path [ 1327.897085][T27115] loop4: detected capacity change from 0 to 256 [ 1327.940087][T27115] exfat: Deprecated parameter 'namecase' [ 1327.984031][T27115] exfat: Deprecated parameter 'utf8' [ 1328.042544][T27115] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1328.175354][T27120] syz.4.6956[27120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1328.175468][T27120] syz.4.6956[27120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1328.199598][T27120] loop4: detected capacity change from 0 to 256 [ 1328.261935][T26306] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1328.485558][T26306] usb 6-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 1328.522874][T26306] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1328.551809][T26306] usb 6-1: config 0 descriptor?? [ 1328.956346][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 1331.637305][T26306] kaweth 6-1:0.0: Firmware present in device. [ 1331.649243][T26306] kaweth 6-1:0.0: Statistics collection: 0 [ 1331.655292][T26306] kaweth 6-1:0.0: Multicast filter limit: 0 [ 1331.661858][T26306] kaweth 6-1:0.0: MTU: 0 [ 1331.666289][T26306] kaweth 6-1:0.0: Read MAC address 00:00:00:00:00:00 [ 1331.688373][T27128] loop1: detected capacity change from 0 to 64 [ 1331.893131][T26306] kaweth: probe of 6-1:0.0 failed with error -5 [ 1332.026806][T27134] netlink: 'syz.1.6960': attribute type 64 has an invalid length. [ 1332.034875][T27134] netlink: 'syz.1.6960': attribute type 4 has an invalid length. [ 1332.046584][T27134] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6960'. [ 1332.081733][T26306] usb 6-1: USB disconnect, device number 2 [ 1332.976675][T27139] loop2: detected capacity change from 0 to 256 [ 1333.053193][T27139] exfat: Deprecated parameter 'namecase' [ 1333.061186][T27139] exfat: Bad value for 'errors' [ 1333.669937][T27147] loop1: detected capacity change from 0 to 256 [ 1333.694119][T27147] exfat: Deprecated parameter 'namecase' [ 1333.702814][T27144] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6963'. [ 1333.714950][T27147] exfat: Deprecated parameter 'utf8' [ 1333.754426][T27147] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1335.212056][T27161] overlayfs: overlapping lowerdir path [ 1336.661644][T27174] loop5: detected capacity change from 0 to 512 [ 1336.806160][T27174] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1337.191196][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1337.840539][T27183] loop5: detected capacity change from 0 to 512 [ 1338.028330][T27183] EXT4-fs (loop5): 1 truncate cleaned up [ 1338.041222][T27183] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1338.561969][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1338.637548][T27186] loop2: detected capacity change from 0 to 256 [ 1338.674425][T27186] exfat: Deprecated parameter 'namecase' [ 1338.702934][T27186] exfat: Deprecated parameter 'utf8' [ 1338.810559][T27186] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1341.222412][T27200] syzkaller0: entered promiscuous mode [ 1341.256194][T27200] syzkaller0: entered allmulticast mode [ 1348.926880][T27253] tipc: Enabling of bearer rejected, failed to enable media [ 1349.096380][T27256] syzkaller0: entered promiscuous mode [ 1349.160856][T27256] syzkaller0: entered allmulticast mode [ 1350.875426][T27274] loop5: detected capacity change from 0 to 1024 [ 1350.900906][T27274] EXT4-fs: Ignoring removed orlov option [ 1350.921143][T27274] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1351.037717][T27274] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1353.208205][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1356.094340][T27314] tipc: Enabling of bearer rejected, failed to enable media [ 1356.142685][T27314] syzkaller0: entered promiscuous mode [ 1356.152473][T27314] syzkaller0: entered allmulticast mode [ 1358.182654][T27321] loop2: detected capacity change from 0 to 32768 [ 1359.286645][ T27] audit: type=1800 audit(1753180647.924:85): pid=27342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.7008" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 1360.991023][T27365] overlayfs: overlapping lowerdir path [ 1361.931063][T27370] loop1: detected capacity change from 0 to 256 [ 1361.945314][T27370] exfat: Deprecated parameter 'namecase' [ 1361.964646][T27370] exfat: Deprecated parameter 'utf8' [ 1362.016161][T27370] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1365.183568][T27398] loop1: detected capacity change from 0 to 256 [ 1365.483611][T27400] loop4: detected capacity change from 0 to 256 [ 1365.539235][T27400] exfat: Deprecated parameter 'namecase' [ 1365.598636][T27400] exfat: Deprecated parameter 'utf8' [ 1365.687791][T27400] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1368.176762][T27425] loop5: detected capacity change from 0 to 4096 [ 1368.220577][T27425] ntfs3: loop5: Different NTFS sector size (1024) and media sector size (512). [ 1368.388936][T27425] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 1368.476804][T27435] loop2: detected capacity change from 0 to 256 [ 1368.562403][T27437] loop1: detected capacity change from 0 to 256 [ 1368.609733][T27437] exfat: Deprecated parameter 'namecase' [ 1368.615619][T27437] exfat: Deprecated parameter 'utf8' [ 1368.674309][T27437] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1376.385292][T27506] loop5: detected capacity change from 0 to 256 [ 1376.392835][T27506] FAT-fs (loop5): "posix" option is obsolete, not supported now [ 1376.484780][T27506] capability: warning: `syz.5.7067' uses 32-bit capabilities (legacy support in use) [ 1380.905865][T27553] loop5: detected capacity change from 0 to 512 [ 1380.940203][T27553] EXT4-fs (loop5): 1 truncate cleaned up [ 1380.946981][T27553] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1381.406253][T27555] EXT4-fs error (device loop5): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 7: invalid block bitmap [ 1382.155523][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1382.167834][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1382.348759][T27546] loop1: detected capacity change from 0 to 32768 [ 1382.544631][T27546] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1382.899293][T27579] overlayfs: overlapping lowerdir path [ 1382.935450][T27546] XFS (loop1): Ending clean mount [ 1383.076794][T27546] XFS (loop1): Quotacheck needed: Please wait. [ 1383.339808][T27546] XFS (loop1): Quotacheck: Done. [ 1383.430227][T19465] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1383.818681][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1384.817577][T27601] overlayfs: failed to resolve './file0': -2 [ 1388.067183][T27621] syzkaller0: entered promiscuous mode [ 1388.073435][T27621] syzkaller0: entered allmulticast mode [ 1388.144877][T27618] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 1388.151435][T27618] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1388.159114][T27618] vhci_hcd vhci_hcd.0: Device attached [ 1388.206967][T27623] vhci_hcd: connection closed [ 1388.209602][ T61] vhci_hcd: stop threads [ 1388.231929][ T61] vhci_hcd: release socket [ 1388.236511][ T61] vhci_hcd: disconnect device [ 1388.885708][T27633] loop4: detected capacity change from 0 to 4096 [ 1388.937750][T27633] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 1389.185312][T27633] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 1389.853153][T27641] xt_hashlimit: max too large, truncated to 1048576 [ 1389.860106][T27641] No such timeout policy "syz1" [ 1391.325804][T27653] loop4: detected capacity change from 0 to 64 [ 1391.710313][T27658] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7107'. [ 1391.832597][T27647] loop2: detected capacity change from 0 to 32768 [ 1391.885100][T27647] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.7103 (27647) [ 1392.023645][T27647] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1392.063026][T27647] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 1392.084935][T27647] BTRFS info (device loop2): force clearing of disk cache [ 1392.104796][T27647] BTRFS info (device loop2): enabling auto defrag [ 1392.123598][T27663] loop4: detected capacity change from 0 to 1024 [ 1392.130415][T27647] BTRFS info (device loop2): max_inline at 0 [ 1392.136548][T27647] BTRFS info (device loop2): enabling disk space caching [ 1392.167176][T27647] BTRFS info (device loop2): disk space caching is enabled [ 1392.432179][T27647] BTRFS info (device loop2): enabling ssd optimizations [ 1392.504744][T27647] BTRFS info (device loop2): rebuilding free space tree [ 1392.628820][T27663] hfsplus: invalid extended attribute record [ 1392.863379][T27647] BTRFS info (device loop2): disabling free space tree [ 1392.880904][T27647] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1392.911912][T27647] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1392.916521][ T61] hfsplus: b-tree write err: -5, ino 4 [ 1392.991936][T27682] loop1: detected capacity change from 0 to 1024 [ 1393.031802][T27682] EXT4-fs: Ignoring removed orlov option [ 1393.062368][T27682] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1393.141985][T27682] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1393.510750][T19818] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1396.782399][T19465] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1396.884120][T27711] overlayfs: overlapping lowerdir path [ 1397.265027][T27710] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1397.923752][T27716] loop1: detected capacity change from 0 to 64 [ 1398.958696][T27733] loop4: detected capacity change from 0 to 40427 [ 1399.022169][T27734] (null): rxe_set_mtu: Set mtu to 4096 [ 1399.033296][T27734] lo speed is unknown, defaulting to 1000 [ 1399.055778][T27734] lo speed is unknown, defaulting to 1000 [ 1399.071295][T27734] lo speed is unknown, defaulting to 1000 [ 1399.727615][T27733] F2FS-fs (loop4): invalid crc value [ 1399.771664][T27733] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1399.834484][T27733] F2FS-fs (loop4): Start checkpoint disabled! [ 1399.864872][T27733] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 1399.910596][T27734] infiniband syz0: set active [ 1399.915371][T27734] infiniband syz0: added lo [ 1399.922783][T27734] syz0: rxe_create_cq: returned err = -12 [ 1399.928796][T27734] infiniband syz0: Couldn't create ib_mad CQ [ 1399.935031][T27734] infiniband syz0: Couldn't open port 1 [ 1399.960400][T27734] RDS/IB: syz0: added [ 1399.964692][T27734] smc: adding ib device syz0 with port count 1 [ 1399.970903][T27734] smc: ib device syz0 port 1 has pnetid [ 1399.977996][T27734] lo speed is unknown, defaulting to 1000 [ 1400.102023][T27734] lo speed is unknown, defaulting to 1000 [ 1400.166484][T26303] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 1400.227127][T27734] lo speed is unknown, defaulting to 1000 [ 1400.338998][T16205] lo speed is unknown, defaulting to 1000 [ 1400.345319][T16205] lo speed is unknown, defaulting to 1000 [ 1400.453978][T27734] lo speed is unknown, defaulting to 1000 [ 1401.173675][T26303] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1401.284042][T26303] usb 2-1: config 0 has no interface number 0 [ 1401.342898][T26303] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1401.389218][T26303] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1401.438914][T26303] usb 2-1: config 0 descriptor?? [ 1401.481086][T26303] usb 2-1: selecting invalid altsetting 1 [ 1401.513679][T26303] dvb_ttusb_budget: ttusb_init_controller: error [ 1401.520331][T26303] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1401.733690][ T147] kworker/u4:6: attempt to access beyond end of device [ 1401.733690][ T147] loop4: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 1401.849266][ T5927] kworker/u4:10: attempt to access beyond end of device [ 1401.849266][ T5927] loop4: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 1401.976551][T27753] loop2: detected capacity change from 0 to 64 [ 1401.991489][ T5927] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1402.025459][ T5927] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1402.075112][ T5927] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1402.127047][ T5927] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1402.159490][T26303] DVB: Unable to find symbol cx22700_attach() [ 1402.446502][T27755] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1402.549141][T26303] DVB: Unable to find symbol tda10046_attach() [ 1402.594078][T26303] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1402.678812][T26303] usb 2-1: USB disconnect, device number 6 [ 1407.490395][T27784] loop4: detected capacity change from 0 to 512 [ 1407.517901][T27783] syzkaller0: entered promiscuous mode [ 1407.543226][T27783] syzkaller0: entered allmulticast mode [ 1407.567080][T27784] EXT4-fs (loop4): 1 truncate cleaned up [ 1407.574219][T27784] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1407.972678][T27780] loop2: detected capacity change from 0 to 32768 [ 1408.003921][T27780] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.7137 (27780) [ 1408.041314][T27791] loop5: detected capacity change from 0 to 64 [ 1408.052934][T27780] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1408.073133][T27780] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 1408.087002][T27780] BTRFS info (device loop2): use zlib compression, level 3 [ 1408.130862][T27780] BTRFS info (device loop2): enabling auto defrag [ 1408.152240][T27780] BTRFS info (device loop2): doing ref verification [ 1408.173676][T27780] BTRFS info (device loop2): use no compression [ 1408.180022][T27780] BTRFS info (device loop2): force clearing of disk cache [ 1408.214459][T27780] BTRFS info (device loop2): turning off barriers [ 1408.253711][T27780] BTRFS info (device loop2): turning on barriers [ 1408.276816][T27780] BTRFS info (device loop2): setting nodatacow, compression disabled [ 1408.302057][T27780] BTRFS info (device loop2): using free space tree [ 1408.625339][T27780] BTRFS info (device loop2): enabling ssd optimizations [ 1408.645734][T27780] BTRFS info (device loop2): auto enabling async discard [ 1408.685595][T27780] BTRFS info (device loop2): rebuilding free space tree [ 1408.826297][T27787] EXT4-fs error (device loop4): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 7: invalid block bitmap [ 1409.594210][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1409.942281][T27824] xt_hashlimit: max too large, truncated to 1048576 [ 1409.949222][T27824] No such timeout policy "syz1" [ 1410.966757][T19818] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1419.277473][T27882] loop5: detected capacity change from 0 to 64 [ 1429.793651][T27959] xt_hashlimit: max too large, truncated to 1048576 [ 1429.846917][T27959] No such timeout policy "syz1" [ 1430.308073][T27969] loop4: detected capacity change from 0 to 512 [ 1431.045579][T27969] EXT4-fs (loop4): 1 truncate cleaned up [ 1431.052790][T27969] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1431.341731][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1434.988765][T27998] Invalid option length (57448) for dns_resolver key [ 1435.158613][T27991] loop5: detected capacity change from 0 to 32768 [ 1436.916934][T28005] loop2: detected capacity change from 0 to 40427 [ 1436.956292][T28005] F2FS-fs (loop2): invalid crc value [ 1436.970697][T28005] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1437.020122][T28005] F2FS-fs (loop2): Start checkpoint disabled! [ 1437.062169][T28005] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 1437.754059][ T12] kworker/u4:1: attempt to access beyond end of device [ 1437.754059][ T12] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 1437.812219][ T12] kworker/u4:1: attempt to access beyond end of device [ 1437.812219][ T12] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 1437.829495][ T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1437.856709][ T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1437.879708][ T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1437.941476][ T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1441.294122][ T5794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1441.331865][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1441.342756][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1441.362422][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1441.370318][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1441.377882][ T5794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1441.816693][T28031] tipc: Enabled bearer , priority 0 [ 1441.826903][T28034] syzkaller0: entered promiscuous mode [ 1441.837913][T28034] syzkaller0: entered allmulticast mode [ 1442.032660][T28027] tipc: Resetting bearer [ 1442.121590][T28027] tipc: Disabling bearer [ 1443.147391][T28045] lo speed is unknown, defaulting to 1000 [ 1443.650327][ T5794] Bluetooth: hci2: command tx timeout [ 1444.169884][T25091] tipc: Left network mode [ 1444.557119][T28045] chnl_net:caif_netlink_parms(): no params data found [ 1445.858526][ T5794] Bluetooth: hci2: command tx timeout [ 1446.477561][T28045] bridge0: port 1(bridge_slave_0) entered blocking state [ 1446.732179][T28045] bridge0: port 1(bridge_slave_0) entered disabled state [ 1446.788203][T28045] bridge_slave_0: entered allmulticast mode [ 1446.860310][T28045] bridge_slave_0: entered promiscuous mode [ 1447.372223][T28045] bridge0: port 2(bridge_slave_1) entered blocking state [ 1447.412467][T28045] bridge0: port 2(bridge_slave_1) entered disabled state [ 1447.420830][T28045] bridge_slave_1: entered allmulticast mode [ 1447.428763][T28045] bridge_slave_1: entered promiscuous mode [ 1447.563005][T28045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1447.584736][T28045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1447.729433][T28121] syzkaller0: entered promiscuous mode [ 1447.746417][T28121] syzkaller0: entered allmulticast mode [ 1447.816349][T28120] tipc: Enabled bearer , priority 0 [ 1447.833010][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 1447.839763][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 1447.864296][T28045] team0: Port device team_slave_0 added [ 1447.967068][T28045] team0: Port device team_slave_1 added [ 1448.064408][T28119] tipc: Resetting bearer [ 1448.081818][ T5794] Bluetooth: hci2: command tx timeout [ 1448.181001][T28119] tipc: Disabling bearer [ 1448.445451][T28045] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1448.527003][T28045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1448.714885][T28045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1448.899662][T28045] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1448.946818][T28045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1449.083282][T28045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1449.160556][T25091] hsr_slave_0: left promiscuous mode [ 1449.166971][T25091] hsr_slave_1: left promiscuous mode [ 1449.204714][T25091] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1449.223438][T25091] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1449.290191][T25091] bridge_slave_1: left allmulticast mode [ 1449.295916][T25091] bridge_slave_1: left promiscuous mode [ 1449.329420][T25091] bridge0: port 2(bridge_slave_1) entered disabled state [ 1449.374861][T25091] bridge_slave_0: left allmulticast mode [ 1449.396641][T25091] bridge_slave_0: left promiscuous mode [ 1449.402510][T25091] bridge0: port 1(bridge_slave_0) entered disabled state [ 1449.486814][T25091] infiniband syz0: set down [ 1450.307671][ T5794] Bluetooth: hci2: command tx timeout [ 1451.302062][T25091] team0 (unregistering): Port device team_slave_1 removed [ 1451.785529][T25091] team0 (unregistering): Port device team_slave_0 removed [ 1452.239769][T25091] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1452.527105][T25091] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1453.928252][T25091] bond0 (unregistering): Released all slaves [ 1454.089648][T26005] smc: removing ib device syz0 [ 1454.168710][T23501] lo speed is unknown, defaulting to 1000 [ 1454.437110][T28179] tipc: Enabling of bearer rejected, failed to enable media [ 1454.619062][T28045] hsr_slave_0: entered promiscuous mode [ 1454.656912][T28195] loop5: detected capacity change from 0 to 1024 [ 1454.696952][T28045] hsr_slave_1: entered promiscuous mode [ 1454.791722][T28195] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1454.806862][T28045] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1454.814508][T28045] Cannot create hsr debugfs directory [ 1455.238378][T28208] 9pnet_fd: Insufficient options for proto=fd [ 1456.027250][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1456.920576][T28217] loop4: detected capacity change from 0 to 1024 [ 1456.964470][T28217] EXT4-fs: Ignoring removed orlov option [ 1457.079493][T28217] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1457.247484][T28217] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1459.934517][T28045] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1459.984454][T28045] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1460.005739][T28045] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1460.028629][T28045] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1460.281778][T23291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1460.590898][T28045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1463.070957][T28281] overlayfs: overlapping lowerdir path [ 1466.136939][T28292] loop1: detected capacity change from 0 to 40427 [ 1466.145941][T28292] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x7 [ 1466.166622][T28292] F2FS-fs (loop1): invalid crc value [ 1466.232627][T28292] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1466.303427][T28292] F2FS-fs (loop1): Start checkpoint disabled! [ 1466.333682][T28292] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 1467.618611][ T147] kworker/u4:6: attempt to access beyond end of device [ 1467.618611][ T147] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 1467.632985][ T147] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1467.640835][ T147] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 1467.683294][T28269] tipc: Enabled bearer , priority 0 [ 1467.692622][T28270] syzkaller0: entered promiscuous mode [ 1467.698149][T28270] syzkaller0: entered allmulticast mode [ 1467.742556][T28275] tipc: Resetting bearer [ 1467.773375][T28265] tipc: Resetting bearer [ 1467.890090][T28265] tipc: Disabling bearer [ 1467.929931][T28045] 8021q: adding VLAN 0 to HW filter on device team0 [ 1467.971094][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1467.978354][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1468.021388][T25091] bridge0: port 2(bridge_slave_1) entered blocking state [ 1468.028641][T25091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1469.578809][T28045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1470.135978][T28045] veth0_vlan: entered promiscuous mode [ 1470.152970][T28045] veth1_vlan: entered promiscuous mode [ 1470.257739][T28045] veth0_macvtap: entered promiscuous mode [ 1470.300255][T28045] veth1_macvtap: entered promiscuous mode [ 1470.366468][T28045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1470.379957][T28045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1470.392382][T28045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1470.411290][T28045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1470.423957][T28045] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1470.465687][T28045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1470.526780][T28045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1470.579251][T28045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1470.603727][T28045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1470.631473][T28045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1470.653121][T28045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1470.676494][T28045] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1470.738986][T28045] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1470.761072][T28045] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1470.788509][T28045] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1470.799272][T28045] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1471.868651][ T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1471.939240][ T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1473.579866][T26005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1473.633661][T26005] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1474.466779][T28380] xt_hashlimit: max too large, truncated to 1048576 [ 1474.540346][T28380] No such timeout policy "syz1" [ 1475.438357][T23293] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1475.452353][T23293] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1475.465666][T23293] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1475.474280][T23293] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1475.482465][T23293] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1475.489939][T23293] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1477.998377][ T5794] Bluetooth: hci3: command tx timeout [ 1478.491037][T26005] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1479.232834][T26005] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1479.553245][T26005] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1479.663476][T28389] chnl_net:caif_netlink_parms(): no params data found [ 1479.781888][T26005] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1480.160027][ T5794] Bluetooth: hci3: command tx timeout [ 1480.493489][T28389] bridge0: port 1(bridge_slave_0) entered blocking state [ 1480.517174][T28389] bridge0: port 1(bridge_slave_0) entered disabled state [ 1480.538641][T28389] bridge_slave_0: entered allmulticast mode [ 1480.546177][T28389] bridge_slave_0: entered promiscuous mode [ 1480.610319][T28389] bridge0: port 2(bridge_slave_1) entered blocking state [ 1480.645681][T28389] bridge0: port 2(bridge_slave_1) entered disabled state [ 1480.656951][T28389] bridge_slave_1: entered allmulticast mode [ 1480.664369][T28389] bridge_slave_1: entered promiscuous mode [ 1480.882377][T28389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1480.927032][T28389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1481.253801][T28389] team0: Port device team_slave_0 added [ 1481.289529][T26005] tipc: Left network mode [ 1481.299569][T28389] team0: Port device team_slave_1 added [ 1481.689907][T28389] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1481.717825][T28389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1481.809368][T28389] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1481.855531][T28389] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1481.862544][T28389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1481.954962][T28389] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1482.378233][ T5794] Bluetooth: hci3: command tx timeout [ 1482.392219][T28389] hsr_slave_0: entered promiscuous mode [ 1482.457175][T28389] hsr_slave_1: entered promiscuous mode [ 1482.524130][T28389] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1482.562351][T28389] Cannot create hsr debugfs directory [ 1484.198437][T26005] hsr_slave_0: left promiscuous mode [ 1484.225873][T26005] hsr_slave_1: left promiscuous mode [ 1484.246095][T26005] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1484.254692][T26005] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1484.278313][T26005] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1484.496494][T26005] bridge_slave_1: left allmulticast mode [ 1484.502223][T26005] bridge_slave_1: left promiscuous mode [ 1484.581660][T26005] bridge0: port 2(bridge_slave_1) entered disabled state [ 1485.124699][ T5794] Bluetooth: hci3: command tx timeout [ 1485.159782][T26005] bridge_slave_0: left allmulticast mode [ 1485.197865][T26005] bridge_slave_0: left promiscuous mode [ 1485.203796][T26005] bridge0: port 1(bridge_slave_0) entered disabled state [ 1485.378483][T26005] team0: left allmulticast mode [ 1485.408864][T26005] team_slave_0: left allmulticast mode [ 1485.426854][T26005] team_slave_1: left allmulticast mode [ 1485.443337][T26005] team0: left promiscuous mode [ 1485.454648][T26005] team_slave_0: left promiscuous mode [ 1485.460348][T26005] team_slave_1: left promiscuous mode [ 1485.495815][T26005] veth1_vlan: left promiscuous mode [ 1485.509049][T26005] veth0_vlan: left promiscuous mode [ 1485.554159][T28501] overlayfs: overlapping lowerdir path [ 1487.315440][T26005] team0 (unregistering): Port device team_slave_1 removed [ 1487.390394][T26005] team0 (unregistering): Port device team_slave_0 removed [ 1487.457818][T26005] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1487.527702][T26005] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1488.244391][T26005] bond0 (unregistering): Released all slaves [ 1488.448007][T28512] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 1488.477985][T28512] macvtap1: entered promiscuous mode [ 1489.297971][T28525] xt_hashlimit: max too large, truncated to 1048576 [ 1489.307999][T28525] No such timeout policy "syz1" [ 1490.425872][T28389] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1490.461693][T28389] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1490.501839][T28389] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1490.522494][T28389] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1490.992644][T28389] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1491.089363][T28389] 8021q: adding VLAN 0 to HW filter on device team0 [ 1491.171259][ T147] bridge0: port 1(bridge_slave_0) entered blocking state [ 1491.178592][ T147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1491.245693][ T147] bridge0: port 2(bridge_slave_1) entered blocking state [ 1491.252960][ T147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1491.738645][T28553] loop5: detected capacity change from 0 to 1024 [ 1491.764814][T28553] EXT4-fs: Ignoring removed orlov option [ 1491.803474][T28553] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1491.878387][T28553] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1493.712617][T28389] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1494.776875][T28389] veth0_vlan: entered promiscuous mode [ 1495.342265][T28569] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1495.710793][T28389] veth1_vlan: entered promiscuous mode [ 1495.752125][T24325] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1495.863182][T28389] veth0_macvtap: entered promiscuous mode [ 1496.584454][T28389] veth1_macvtap: entered promiscuous mode [ 1496.607125][T28389] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.618245][T28389] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.628140][T28389] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.638872][T28389] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.668489][T28389] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.698730][T28389] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.727756][T28389] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1496.805739][T28389] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1496.860384][T28389] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.037013][T28389] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1497.058815][T28389] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.068956][T28389] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1497.079903][T28389] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.123057][T28389] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1497.604010][T28389] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1497.633377][T28389] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1497.642405][T28389] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1497.720707][T28589] loop2: detected capacity change from 0 to 512 [ 1497.943550][T28589] EXT4-fs (loop2): 1 truncate cleaned up [ 1497.957116][T28589] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1498.280916][T28389] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1498.466842][T28591] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 7: invalid block bitmap [ 1498.633932][T28045] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1499.171246][T25091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1499.182658][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1499.214337][T25091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1499.231339][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1499.240832][T28597] loop5: detected capacity change from 0 to 40427 [ 1499.253491][T28597] F2FS-fs (loop5): invalid crc value [ 1499.289945][T28597] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1499.371603][T28597] F2FS-fs (loop5): Start checkpoint disabled! [ 1499.401073][T28597] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 1500.417050][ T61] kworker/u4:5: attempt to access beyond end of device [ 1500.417050][ T61] loop5: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 1501.395006][ T61] kworker/u4:5: attempt to access beyond end of device [ 1501.395006][ T61] loop5: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 1501.484746][ T61] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1501.491713][ T61] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1501.543169][ T61] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1501.556202][ T61] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 1502.836038][T28637] xt_hashlimit: max too large, truncated to 1048576 [ 1502.843168][T28637] No such timeout policy "syz1" [ 1504.999658][T28653] overlayfs: overlapping lowerdir path [ 1509.059244][T28686] loop5: detected capacity change from 0 to 128 [ 1509.255026][T28686] FAT-fs (loop5): Directory bread(block 32) failed [ 1509.324808][T28690] loop4: detected capacity change from 0 to 1024 [ 1509.357093][T28686] FAT-fs (loop5): Directory bread(block 33) failed [ 1509.402233][T28686] FAT-fs (loop5): Directory bread(block 34) failed [ 1509.585941][T28686] FAT-fs (loop5): Directory bread(block 35) failed [ 1510.044878][T28686] FAT-fs (loop5): Directory bread(block 36) failed [ 1510.087242][T28686] FAT-fs (loop5): Directory bread(block 37) failed [ 1510.093968][T28686] FAT-fs (loop5): Directory bread(block 38) failed [ 1510.151874][T28686] FAT-fs (loop5): Directory bread(block 39) failed [ 1510.158614][T28686] FAT-fs (loop5): Directory bread(block 40) failed [ 1510.180514][T28695] ================================================================== [ 1510.188680][T28695] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x595/0x1210 [ 1510.196524][T28695] Read of size 2 at addr ffff888031199218 by task syz.4.7307/28695 [ 1510.204446][T28695] [ 1510.206816][T28695] CPU: 1 PID: 28695 Comm: syz.4.7307 Not tainted 6.6.99-syzkaller #0 [ 1510.214914][T28695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1510.225104][T28695] Call Trace: [ 1510.228449][T28695] [ 1510.231443][T28695] dump_stack_lvl+0x16c/0x230 [ 1510.236174][T28695] ? __lock_acquire+0x7c80/0x7c80 [ 1510.241233][T28695] ? show_regs_print_info+0x20/0x20 [ 1510.246510][T28695] ? load_image+0x3b0/0x3b0 [ 1510.251067][T28695] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 1510.256493][T28695] ? __virt_addr_valid+0x18c/0x540 [ 1510.261686][T28695] ? __virt_addr_valid+0x469/0x540 [ 1510.266849][T28695] print_report+0xac/0x200 [ 1510.271312][T28695] ? hfsplus_uni2asc+0x595/0x1210 [ 1510.276478][T28695] kasan_report+0x117/0x150 [ 1510.281027][T28695] ? __asan_memcpy+0x40/0x70 [ 1510.285673][T28695] ? hfsplus_uni2asc+0x595/0x1210 [ 1510.290747][T28695] hfsplus_uni2asc+0x595/0x1210 [ 1510.295673][T28695] hfsplus_listxattr+0x58f/0xb80 [ 1510.300673][T28695] ? hfsplus_getxattr+0x160/0x160 [ 1510.305753][T28695] ? kasan_save_free_info+0x2e/0x50 [ 1510.311035][T28695] ? slab_free_freelist_hook+0x130/0x1b0 [ 1510.316723][T28695] ? user_path_at_empty+0x4c/0x60 [ 1510.321806][T28695] ? kmem_cache_free+0xf8/0x280 [ 1510.326712][T28695] ? bpf_lsm_inode_listxattr+0x9/0x10 [ 1510.332137][T28695] ? hfsplus_getxattr+0x160/0x160 [ 1510.337222][T28695] listxattr+0x107/0x280 [ 1510.341521][T28695] path_listxattr+0xdd/0x1b0 [ 1510.346251][T28695] ? path_getxattr+0x400/0x400 [ 1510.351065][T28695] ? lockdep_hardirqs_on+0x98/0x150 [ 1510.356318][T28695] do_syscall_64+0x55/0xb0 [ 1510.360774][T28695] ? clear_bhb_loop+0x40/0x90 [ 1510.365490][T28695] ? clear_bhb_loop+0x40/0x90 [ 1510.370207][T28695] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1510.376145][T28695] RIP: 0033:0x7f613738e9a9 [ 1510.380615][T28695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1510.400270][T28695] RSP: 002b:00007f613814e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 1510.408726][T28695] RAX: ffffffffffffffda RBX: 00007f61375b6080 RCX: 00007f613738e9a9 [ 1510.416733][T28695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 1510.424737][T28695] RBP: 00007f6137410d69 R08: 0000000000000000 R09: 0000000000000000 [ 1510.432746][T28695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1510.440748][T28695] R13: 0000000000000001 R14: 00007f61375b6080 R15: 00007ffc830b3348 [ 1510.448762][T28695] [ 1510.451809][T28695] [ 1510.454152][T28695] Allocated by task 28695: [ 1510.458599][T28695] kasan_set_track+0x4e/0x70 [ 1510.463238][T28695] __kasan_kmalloc+0x8f/0xa0 [ 1510.467872][T28695] __kmalloc+0xb4/0x240 [ 1510.472079][T28695] hfsplus_find_init+0x89/0x1d0 [ 1510.476967][T28695] hfsplus_listxattr+0x390/0xb80 [ 1510.481948][T28695] listxattr+0x107/0x280 [ 1510.486258][T28695] path_listxattr+0xdd/0x1b0 [ 1510.490893][T28695] do_syscall_64+0x55/0xb0 [ 1510.495347][T28695] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1510.501279][T28695] [ 1510.503622][T28695] Last potentially related work creation: [ 1510.509360][T28695] kasan_save_stack+0x3e/0x60 [ 1510.514070][T28695] __kasan_record_aux_stack+0xaf/0xc0 [ 1510.519471][T28695] kvfree_call_rcu+0xee/0x780 [ 1510.524179][T28695] neigh_periodic_work+0x3f7/0xd70 [ 1510.529324][T28695] process_scheduled_works+0xa45/0x15b0 [ 1510.534995][T28695] worker_thread+0xa55/0xfc0 [ 1510.539613][T28695] kthread+0x2fa/0x390 [ 1510.543704][T28695] ret_from_fork+0x48/0x80 [ 1510.548235][T28695] ret_from_fork_asm+0x11/0x20 [ 1510.553034][T28695] [ 1510.555391][T28695] The buggy address belongs to the object at ffff888031199000 [ 1510.555391][T28695] which belongs to the cache kmalloc-1k of size 1024 [ 1510.569698][T28695] The buggy address is located 0 bytes to the right of [ 1510.569698][T28695] allocated 536-byte region [ffff888031199000, ffff888031199218) [ 1510.584355][T28695] [ 1510.586700][T28695] The buggy address belongs to the physical page: [ 1510.593147][T28695] page:ffffea0000c46600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31198 [ 1510.603347][T28695] head:ffffea0000c46600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1510.612309][T28695] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1510.620330][T28695] page_type: 0xffffffff() [ 1510.624707][T28695] raw: 00fff00000000840 ffff888017841dc0 dead000000000100 dead000000000122 [ 1510.633322][T28695] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 1510.641930][T28695] page dumped because: kasan: bad access detected [ 1510.648378][T28695] page_owner tracks the page as allocated [ 1510.654123][T28695] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 19671, tgid 19670 (syz.3.4822), ts 718714177808, free_ts 717783638215 [ 1510.676492][T28695] post_alloc_hook+0x1cd/0x210 [ 1510.681305][T28695] get_page_from_freelist+0x195c/0x19f0 [ 1510.686906][T28695] __alloc_pages+0x1e3/0x460 [ 1510.691713][T28695] alloc_slab_page+0x5d/0x170 [ 1510.696436][T28695] new_slab+0x87/0x2e0 [ 1510.700547][T28695] ___slab_alloc+0xc6d/0x12f0 [ 1510.705289][T28695] __kmem_cache_alloc_node+0x1a2/0x260 [ 1510.710787][T28695] __kmalloc_node_track_caller+0xa2/0x230 [ 1510.716544][T28695] kmalloc_reserve+0x117/0x260 [ 1510.721348][T28695] __alloc_skb+0x138/0x2c0 [ 1510.725794][T28695] __pskb_copy_fclone+0xac/0x10c0 [ 1510.730854][T28695] tipc_sk_mcast_rcv+0x597/0xea0 [ 1510.735831][T28695] tipc_mcast_xmit+0x1091/0x16a0 [ 1510.740792][T28695] __tipc_sendmsg+0x1f51/0x2940 [ 1510.745679][T28695] tipc_sendmsg+0x55/0x70 [ 1510.750043][T28695] ____sys_sendmsg+0x5bf/0x950 [ 1510.754846][T28695] page last free stack trace: [ 1510.759537][T28695] free_unref_page_prepare+0x7ce/0x8e0 [ 1510.765051][T28695] free_unref_page+0x32/0x2e0 [ 1510.769766][T28695] __unfreeze_partials+0x1cf/0x210 [ 1510.774918][T28695] put_cpu_partial+0x17c/0x250 [ 1510.779718][T28695] __slab_free+0x31d/0x410 [ 1510.784437][T28695] qlist_free_all+0x75/0xe0 [ 1510.788980][T28695] kasan_quarantine_reduce+0x143/0x160 [ 1510.794497][T28695] __kasan_slab_alloc+0x22/0x80 [ 1510.799384][T28695] slab_post_alloc_hook+0x6e/0x4d0 [ 1510.804566][T28695] kmem_cache_alloc+0x11e/0x2e0 [ 1510.809458][T28695] getname_flags+0xbb/0x500 [ 1510.813996][T28695] __x64_sys_unlink+0x3c/0x50 [ 1510.818708][T28695] do_syscall_64+0x55/0xb0 [ 1510.823160][T28695] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1510.829093][T28695] [ 1510.831465][T28695] Memory state around the buggy address: [ 1510.837126][T28695] ffff888031199100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1510.845223][T28695] ffff888031199180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1510.853346][T28695] >ffff888031199200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1510.861434][T28695] ^ [ 1510.866308][T28695] ffff888031199280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1510.874400][T28695] ffff888031199300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1510.882499][T28695] ================================================================== [ 1510.919421][T28686] FAT-fs (loop5): Directory bread(block 41) failed [ 1510.931902][ T27] audit: type=1800 audit(1753180789.778:86): pid=28690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7307" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 1510.952226][T28695] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1510.959471][T28695] CPU: 0 PID: 28695 Comm: syz.4.7307 Not tainted 6.6.99-syzkaller #0 [ 1510.967578][T28695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1510.977661][T28695] Call Trace: [ 1510.980972][T28695] [ 1510.983924][T28695] dump_stack_lvl+0x16c/0x230 [ 1510.988640][T28695] ? show_regs_print_info+0x20/0x20 [ 1510.993876][T28695] ? load_image+0x3b0/0x3b0 [ 1510.998439][T28695] panic+0x2c0/0x710 [ 1511.002382][T28695] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1511.008597][T28695] ? bpf_jit_dump+0xd0/0xd0 [ 1511.013150][T28695] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 1511.019103][T28695] ? _raw_spin_unlock+0x40/0x40 [ 1511.024006][T28695] ? hfsplus_uni2asc+0x595/0x1210 [ 1511.029070][T28695] check_panic_on_warn+0x84/0xa0 [ 1511.034054][T28695] ? hfsplus_uni2asc+0x595/0x1210 [ 1511.039124][T28695] end_report+0x6f/0x140 [ 1511.043404][T28695] kasan_report+0x128/0x150 [ 1511.047966][T28695] ? __asan_memcpy+0x40/0x70 [ 1511.052613][T28695] ? hfsplus_uni2asc+0x595/0x1210 [ 1511.057674][T28695] hfsplus_uni2asc+0x595/0x1210 [ 1511.062569][T28695] hfsplus_listxattr+0x58f/0xb80 [ 1511.067564][T28695] ? hfsplus_getxattr+0x160/0x160 [ 1511.072634][T28695] ? kasan_save_free_info+0x2e/0x50 [ 1511.077926][T28695] ? slab_free_freelist_hook+0x130/0x1b0 [ 1511.083597][T28695] ? user_path_at_empty+0x4c/0x60 [ 1511.088666][T28695] ? kmem_cache_free+0xf8/0x280 [ 1511.093576][T28695] ? bpf_lsm_inode_listxattr+0x9/0x10 [ 1511.098991][T28695] ? hfsplus_getxattr+0x160/0x160 [ 1511.104061][T28695] listxattr+0x107/0x280 [ 1511.108347][T28695] path_listxattr+0xdd/0x1b0 [ 1511.113061][T28695] ? path_getxattr+0x400/0x400 [ 1511.117868][T28695] ? lockdep_hardirqs_on+0x98/0x150 [ 1511.123142][T28695] do_syscall_64+0x55/0xb0 [ 1511.127600][T28695] ? clear_bhb_loop+0x40/0x90 [ 1511.132571][T28695] ? clear_bhb_loop+0x40/0x90 [ 1511.137275][T28695] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1511.143214][T28695] RIP: 0033:0x7f613738e9a9 [ 1511.147656][T28695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1511.167317][T28695] RSP: 002b:00007f613814e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 1511.175767][T28695] RAX: ffffffffffffffda RBX: 00007f61375b6080 RCX: 00007f613738e9a9 [ 1511.183861][T28695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 1511.191871][T28695] RBP: 00007f6137410d69 R08: 0000000000000000 R09: 0000000000000000 [ 1511.199881][T28695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1511.207878][T28695] R13: 0000000000000001 R14: 00007f61375b6080 R15: 00007ffc830b3348 [ 1511.215883][T28695] [ 1511.219230][T28695] Kernel Offset: disabled [ 1511.223601][T28695] Rebooting in 86400 seconds..