last executing test programs: 6m8.87522192s ago: executing program 2 (id=100): r0 = socket$netlink(0x10, 0x3, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x800) syz_open_procfs(r1, 0x0) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000f00), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000f40)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7d7, 0x3a, 'nq\x00', 0x3a, '!\'', 0x3a, './file0'}, 0x2c) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={{0x14, 0x3ed, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x3ed, 0x1, 0x0, 0x0, {0x7}}}, 0x28}, 0x1, 0x0, 0x0, 0x4004041}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) bpf$MAP_UPDATE_ELEM(0x4, 0x0, 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) writev(r5, &(0x7f0000001980)=[{&(0x7f0000000240)="f9", 0x1}], 0x1) 6m5.122394071s ago: executing program 2 (id=106): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffffd}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x12, 0x6, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x876a}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r3, &(0x7f0000000480), &(0x7f0000000540)=@tcp}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r3, &(0x7f00000000c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa0000000000000150300000a004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) 6m0.987816858s ago: executing program 2 (id=111): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x44, 0x0, &(0x7f0000000ec0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000440)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0}) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_open_procfs$namespace(0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 6m0.40074613s ago: executing program 3 (id=112): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setparam(r0, &(0x7f00000006c0)=0x4) socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) r4 = socket(0x1e, 0x4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r6, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r3, &(0x7f0000003240), 0x4000000000000e4, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x9, 0x2c1, &(0x7f0000001880)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7") openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) 5m54.646636921s ago: executing program 3 (id=115): socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet_tcp(0x2, 0x1, 0x0) socket$igmp6(0xa, 0x3, 0x2) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0xd0, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xa, 0x80000006, 0x400}, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r1, 0xffffffffffffffff, 0x0) 5m54.548083719s ago: executing program 2 (id=116): bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x4, 0x0, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0xd}, 0x94) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000480)=""/74, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001880)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000100)={0x1, 0x0, [{0x0, 0x6e, &(0x7f0000001540)=""/110}]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 5m53.3247959s ago: executing program 2 (id=118): socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x80) connect$unix(0xffffffffffffffff, 0x0, 0x0) modify_ldt$write(0x1, &(0x7f00000000c0)={0x7, 0x1002, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x20000000002, &(0x7f0000000040)) ptrace$cont(0x21, r0, 0x80000001, 0x4) 5m51.059083341s ago: executing program 3 (id=122): r0 = syz_clone(0x4200000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x1) fchdir(r2) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) getdents64(r3, &(0x7f00000005c0)=""/4096, 0x1000) wait4(r0, 0x0, 0x40000000, 0x0) r4 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x86) fchdir(r5) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r6, 0x101, 0x1) getdents(r6, &(0x7f00000002c0)=""/201, 0xc9) 5m47.810708851s ago: executing program 2 (id=123): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = io_uring_setup(0x1eae, &(0x7f0000000080)={0x0, 0x0, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000440)=""/4095, 0x440000}], 0x2000000000000021) 5m44.068217042s ago: executing program 3 (id=128): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prctl$PR_GET_IO_FLUSHER(0x4) syz_clone(0x25000, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) setxattr$security_ima(0x0, &(0x7f0000000300), &(0x7f0000000340)=@md5={0x1, "09e30478e9059f5a2add1ca63611f68a"}, 0x11, 0x1) bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="2c385ad49100dc6626c892b6bc43", 0xe) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000004600)=[{{0x0, 0x0, &(0x7f0000002100)=[{&(0x7f0000001fc0)=""/217, 0xd9}, {0x0}], 0x2}, 0x3b83}], 0x1, 0x20001000, 0x0) keyctl$get_persistent(0x16, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) 5m40.543808893s ago: executing program 3 (id=129): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000080)="441f08100000009837a0324d7df546bcb8e8c94efe76cef3e2000000", 0x1c) io_uring_setup(0x2f00, &(0x7f00000004c0)={0x0, 0xe8e2, 0x400, 0x20001, 0x2d6}) syz_open_procfs(0x0, &(0x7f00000190c0)='net/ip_tables_targets\x00') bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xd, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="6112b400000000006113500000000000bf2000000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) connect$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x27, 0x0, 0x4e23}, 0x6e) pread64(r1, &(0x7f0000000080)=""/102356, 0x18fd4, 0x6) socket$kcm(0x2, 0x200000000000001, 0x106) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x7, 0x2}]}) r4 = socket$inet(0x2, 0xa, 0x0) sendmmsg$sock(r4, &(0x7f0000003280)=[{{&(0x7f0000000100)=@nl=@unspec, 0x12, 0x0}}], 0x1, 0x0) 5m36.303471443s ago: executing program 3 (id=134): socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x804, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$binder(&(0x7f000023d000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x6) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0) connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0) 5m32.066128416s ago: executing program 32 (id=123): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = io_uring_setup(0x1eae, &(0x7f0000000080)={0x0, 0x0, 0x1}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000440)=""/4095, 0x440000}], 0x2000000000000021) 5m19.318887149s ago: executing program 33 (id=134): socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x804, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$binder(&(0x7f000023d000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x6) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0) connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0) 2m50.392147347s ago: executing program 4 (id=439): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) r2 = dup(r1) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000007c0)={r2, 0x40, 0x0}, 0x10) 2m49.601260813s ago: executing program 4 (id=440): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2010008, &(0x7f0000000080)={[{@bh}, {@inlinecrypt}, {@nombcache}]}, 0xff, 0x548, &(0x7f0000001300)="$eJzs3c9vHFcdAPDvrL2Okzi1CxygUktFi5IKshvXtLU4lCIhOFVClHsw9saysvZG9rqNrQo2fwESQoDECS5ckPgDkFAkLhwRUiQ4g1QEQpCCBIfSQbM7G5v1rL0xa2+8/nykybw3v77f5/iNZ3aeZgM4t56PiDci4sM0TV+KiNl8eSmfotWZsu3ef/jucjYlkaZv/S2JJF+WbZamado95uV8t+mI+NpXIr6Z7As4nc93dm8v1eu1zbxaba7fqW7t7F5fW19ara3WNhYW5l9dfG3xlcUbQ2nnlYh4/Ut/+v53fvrl13/52Xf+ePMv176VpTWTr++24xgmD1vZaXr5wnTPDpvHDPYkytpT/iCvXBxsn3snmRAAAH1l1/gfiYhPRcRLMRsTh1/OAgAAAGdQ+oWZ+CDpPL8rMNVnOQAAAHCGlNpjYJNSJR8LMBOlUqXSGcP7sbhUqje2mp+51djeWOmMlZ2LcunWWr12Ix8rPBflJKvPt8t79Zd76gsR8XREfG/2YrteWW7UV0b94QcAAACcE5d77v//Odu5/z9ccjrJAQAAAMMzN+oEAAAAgBPn/h8AAADGWnnUCQAAAAAn7qtvvplNaff7r1fe3tm+3Xj7+kpt63ZlfXu5stzYvFNZbTRW2+/sWz/qePVG487nYmP7brVZ22pWr+zs3lxvbG80b67F9Kk0CAAAADjg6U/e/30SEa3PX2xPmalRJwWcislHpe47PQt6/x+e6szfO6WkgFMxMcA2710oXu46Ac62yd4Fffo6MH6M/weO+kaPvoN3ftOZlYacDwAAMHxXP1H8/P/o6/mWS34443RiOL96nv+ns6NKBDh17ef/gw7kcbEAY6U80AhAYJz9v8//j5amj5UQAAAwdDPtKSlV8o/3ZqJUqlQirrS/FrCc3Fqr125ExFMR8bvZ8oWsPt/eMznyngEAAAAAAAAAAAAAAAAAAAAAAAAA6EjTJFIAAABgrEWU/pz8qvMu/6uzL870fj4wlfy7/ZXAUxHxzo/e+sHdpWZzcz5b/vdHy5s/zJe/PIpPMAAAAIBe3fv09vxfo84GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHHz/sN3l7vTAJtfHFbcv34xIuaK4k/GdHs+HeWIuPSPJCb37ZdExMQQ4rfuRcTHi+InWVqPQhbFH8YPoXUvaaVthfFjLv8pFMW/PIT4cJ7dz84/bxT1/1I8354X97/JiP+pH1f/8188Ov9N9On/VwaM8cyDn1f7xr8X8cxk8fmvGz/pE/+FgaKX4xtf393ttzb9ccTV7t+f9hlvf4S9UrW5fqe6tbN7fW19abW2WttYWJh/dfG1xVcWb1RvrdVr+b+FMb777C8+PKz9lwr//iV5Nv3b/2LB8SYK8v/Pg7sPP9qttA7Gv/ZCQfxf/yTf4mD8Uh7n03k5W3+1W251yvs997PfPndY+1f22l9+nP//a/0O2utAR3l2sF8dAOBEbO3s3l6q12ubY1vI7tKfgDSOU5iKJyKN8S18Oys8GNYB0zRNsz5VsOp+RAxynCSG3NJScT57hb5ngFGfmQAAgGHbu+gfdSYAAAAAAAAAAAAAAAAAAABwfp3GW9Z6Y+69AjkZxiu0AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG4r8BAAD//7gG3Ac=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000005c0)) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) 2m48.108269166s ago: executing program 4 (id=443): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r1}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 2m47.137517517s ago: executing program 4 (id=448): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@quota}, {@oldalloc}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7c}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000340)='./file0/../file0\x00', 0x0, 0x100000, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0/file0\x00') 2m46.309716278s ago: executing program 4 (id=449): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x181000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, 0x0) 2m45.390094621s ago: executing program 4 (id=451): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x10, &(0x7f0000000e40)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000840)="7dc6c1e4019550edc59b2d768d0b", 0x0, 0x2f02, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m42.937182269s ago: executing program 34 (id=451): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x10, &(0x7f0000000e40)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000840)="7dc6c1e4019550edc59b2d768d0b", 0x0, 0x2f02, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 13.902749548s ago: executing program 1 (id=821): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00') openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0xfffffe14) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x8, 0xffffffffd24b2432, 0x5, 0xffff, 0x0, 0xabe6, 0x0, 0x0, 0x80, 0x7ffe}}, 0x50) syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) writev(r3, &(0x7f0000000200)=[{&(0x7f00000003c0)='n', 0xfdef}], 0x1) dup3(r1, r3, 0x6700000000000000) close_range(r0, 0xffffffffffffffff, 0x0) 13.065353596s ago: executing program 1 (id=823): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1bc, 0x19, 0x1, 0x70bd2d, 0x25dfdbfe, {{@in6=@remote, @in6=@private2, 0x0, 0x0, 0x0, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x7, 0x0, 0x0, 0x0, 0x6, 0x8000000000000001}, {}, 0x2}, [@tmpl={0x104, 0x5, [{{@in=@broadcast, 0x4d5, 0x32}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in6=@dev, 0x0, 0x2, 0x3, 0x2, 0x8000}, {{@in=@loopback, 0x0, 0x6c}, 0x0, @in=@loopback, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x35}, 0x0, 0x33}, 0x0, @in6=@private2, 0x3500, 0x0, 0x0, 0xfd, 0x204}]}]}, 0x1bc}}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) syz_emit_ethernet(0x3e, &(0x7f0000000900)={@link_local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x8, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0xe22, 0x8}}}}}}, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e9f, 0x0, @mcast1, 0x7}, 0x1c) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x952f, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 12.93970174s ago: executing program 7 (id=825): openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) 12.060825875s ago: executing program 7 (id=828): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched_retired(0xffffffffffffffff, 0x0, 0x942f1442711536f4) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x28, r2, 0x5, 0x70bd28, 0x30000, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r0, 0x8b1a, &(0x7f0000000040)) 11.965590135s ago: executing program 5 (id=829): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001400)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x408, 0xffffffff, 0xffffffff, 0x408, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {0xff}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x298, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x2, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x9, 0x19, "ca7cfb3e2d5a024c88a5da5be8fb418c67e87b7888680941313e9eaa0fb2"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x538) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x1c) connect$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c) r2 = fcntl$dupfd(r1, 0x406, r1) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmsg$NL80211_CMD_SET_REG(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x8005}, 0x0) write$binfmt_elf64(r2, &(0x7f00000004c0)=ANY=[], 0xfffffdcf) connect$unix(r2, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff) 10.753407021s ago: executing program 7 (id=831): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000340)={0x6, "1803c8098000000000000000000000000000000000000000f34100", 0xffffffffffffffff}) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f00000001c0)={0x2, "fa02791d2a69a2610f020000000000000011000100e15ac64200", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r1, 0xffffffffffffffff}) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000180), 0x28d00, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000240)={0x1b, "8a6035ceeae3ecc42317afad010000000000000400", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f00000003c0)={0x7, "34e64988e80e0000b56a0011b0d10000800000008f2700", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f00000000c0)={"0e337b42cc00d331ff0007000000000000001a00", r8, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f0000000040)={"130f2672af9ee0452321864922cd3bebd7f9cec5064e58445f1268334b4900", r9}) 10.065411184s ago: executing program 7 (id=834): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x8000, &(0x7f0000000d40)={[{@data_err_abort}, {@nodelalloc}, {@dioread_nolock}, {@max_batch_time={'max_batch_time', 0x3d, 0xb}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@noblock_validity}, {@grpid}, {@acl}, {@nodiscard}]}, 0x1, 0x627, &(0x7f0000000e00)="$eJzs3c1rHG8dAPDvzCYxaVPTihRbFAMeWpDmpRarntpe7KFgwR5EPDQ0SQ3dtKFJwdaCKXhQUBDxKtKL/4B3KV69iaDePAtVJOJBpSszO9PuL7ubbPLLviTz+cBunnlmss/z3dkn8zyzeWYCqKzZ7CmNuBAR95OImZZ109FcOVtst/PPlw+yRxKNxjf/kURS5JXbvyt+ns6ekojJiPjDrYhP1drL3Xz+4tFSvdH0g4j5rfWN+c3nL66srS89XHm48njx6leuXV/46uK1xSOJs4zr9p1vfPanP/zul1f/WL+SxI24N/795dgVx1GZjdl4V4TYmj8WEdezRIf35bgpQ0iGXA8Op1Z8Hscj4nzMRC1fapqJtZ8MtXJAXzVqEQ2gohLtHyqq7AeUY/t+jINH2dubzQFQe/xjzXMjMZmPjU7tJC0jo+Z49+wRlJ+V8b+XF3+ZPaLLeYixIyinm+1XEfGZTvEned3O5mdxsvjTSFt+L0svRMRE8V70Nv4fb8uZ3bU86M/fQeJv3Q9Z/DeKn1n+rUOWP+z4AaimNzeLA/l2tvTh+Jf1DMv+T3To/0x3OHYdxrCPf937f+XxfjI/R57u6odl/Z27nV+yrZPz1x/f/nm38lv7f9kjK7/sCw7C21cRF3fF/6O8o5e83/9Jh/2fbXK/xzK+/qe/3+62btjxN15HXOo4/vnQo81S81vrG2Vb2PX95PzqWn1lofncsYzf/v47v+5W/rDjz/Z/dBn/7bX/s7yNHsv4zd3X693WTe8bf/q3ieRenpoocr63tLX1dDFiIrlTbNKSf3XvupTblK+RxX/5C53bf6f4i6LyHb39kXeju41vPdrptl3P+7996JR519g73H1l8S93+fzvt/9/1mMZ//72s8/typoqE3vFP9X+Usn2gSMEAAAAAACA6kjz72CTdO59Ok3n5ppzeD8dp9L6k82tL64+efZ4OeJy/v+Q42n5TfdMcznJlheL/4ctl6/uWv5SRJyLiF/UpvLluQdP6svDDh4AAAAAAAAAAAAAAAAAAABGxOli/n95n+p/1Zrz/3uydb7PtQP67lA3mEuPvh7A4PXzBpPAaMvb/wGO573d7BU4Dhz/obq0f6gu7R+qS/uH6tL+obq0f6gu7R+qS/sHAAAAgBPp3Off/CWJiO2vTeWPzESxbnyoNQP67eBtfLYv9QAGrzbQXwNGyfuv/l3OByqnp/7/f4qLA/a/OsAQdLykT945aOzd+N+4GBAAAAAAAAAAAAAADMqlC+b/Q1Wl8bthVwEYkvaJ/Bd2epzo5xoAcMy59D9U18ca4ztBACfCfrP4J7utMP8fAAAAAAAAAAAAAAZmOn8k6VxxC9DpSNO5uYgzEXE2xpPVtfrKQkR8MiL+XBv/RLa8OOxKAwAAAAAAAAAAAAAAAAAAwAmz+fzFo6V6feVpa+K/bTknO1HeBXVU6tOaiGRwZZU3g52KiFGIvT+JsZacJGI7i3gkKvZ0M0aiGmlejSH+UQIAAAAAAAAAAAAAAAAAgIpqmXvcyZm4+KuB1wkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABu3D/f8Pn0j2eZ1hxwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHE//DwAA//9uejjx") bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r3}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0xb, 0x6, 0xff}, 0x3c, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x8000004, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x7, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x6, 0x1000a, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x8, 0xffffffff, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x2000000c, 0x2, 0x6d02, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xd, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2eb, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x2, 0x2, 0x5, 0x1, 0x3, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x2, 0x226, 0x5, 0x5, 0x1, 0x30b1d68f, 0xa1f, 0xf40, 0x800, 0x1, 0x6c1b, 0x0, 0x2, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f00000002c0)=0x3) 9.676105524s ago: executing program 1 (id=836): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x3, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000ffffffff000000000000fdff850000002700000085"], &(0x7f0000000680)='GPL\x00'}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000740)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000000c0)={r2}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r3, 0x3, r0, 0x5}) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x8, 0x0) 9.0737612s ago: executing program 7 (id=837): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) getdents64(0xffffffffffffffff, 0xffffffffffffffff, 0x43) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r2 = open(&(0x7f0000000440)='./file1\x00', 0x84242, 0x1df2a23c5997fa7f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xfffffffffffffffe, 0x0, {{0x6, 0x0, 0x5, 0x81, 0x1, 0x1, {0x6, 0xff, 0x5, 0x8, 0xe, 0xd615, 0x9, 0x1, 0xfffffffe, 0x2000, 0x3ffffff, 0x0, 0xffffffffffffffff, 0x5, 0x2000000}}, {0x0, 0x19}}}, 0xa0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x8810) sendfile(r2, r2, &(0x7f0000000080), 0x7f03) 8.825676793s ago: executing program 0 (id=838): io_uring_setup(0x6390, &(0x7f0000000000)={0x0, 0x621d, 0x842, 0x3, 0x39c}) socket$nl_netfilter(0x10, 0x3, 0xc) eventfd(0x5) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x1, 0x7e, 0x1, 0xffffffffffffffff, 0x2}, 0x50) socket$packet(0x11, 0x2, 0x300) socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48640) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x5}) 7.971047355s ago: executing program 5 (id=839): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan1\x00'}) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x3123764c, 0x6, 0x2, 0x80}]}) r0 = openat$kvm(0xffffff9c, &(0x7f0000000540), 0x8000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x44, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x73, 0x2, 0x2, 0x4002804c4, 0x9, 0x8000000000000000, 0xc595, 0x0, 0x4, 0xefffffffffffffff, 0x2000000000000000, 0x3, 0x8d], 0xeeee8000, 0x2002d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42282, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.812172514s ago: executing program 0 (id=840): r0 = fanotify_init(0x1a, 0x800) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0xa8) fanotify_mark(r0, 0x441, 0x4800001a, r1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r2 = creat(&(0x7f0000000240)='./file1\x00', 0x0) io_setup(0x200, &(0x7f0000000140)=0x0) io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r2, &(0x7f0000000000), 0x4000}]) 7.722934362s ago: executing program 6 (id=841): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) close(0x4) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d000010000000000000000000000008001200020002000000bd00000000001000330002030000003fff00000000000200000000000000000000570d45f3dd65602100000000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x40d0) 7.379989076s ago: executing program 1 (id=842): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0xfd2, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000002, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) shutdown(r0, 0x1) r2 = socket$packet(0x11, 0x2, 0x300) r3 = syz_io_uring_setup(0xd02, &(0x7f0000002900)={0x0, 0x10f24e, 0x0, 0x1, 0x290}, &(0x7f0000000440), &(0x7f0000001080), &(0x7f0000001040)) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000200)={0x0, r2, 0x22, {0x7f, 0x100}, 0x1c}, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) 5.978182538s ago: executing program 6 (id=843): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2b, 0x25dfdbfe, {0x60, 0x0, 0x0, r4, {0x0, 0x3}, {0xffe0, 0xa}, {0x1, 0x5}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0xf}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x55}, 0xc010) lseek(r0, 0x4, 0x3) sendmsg$inet(r1, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) 5.843360219s ago: executing program 0 (id=844): syz_usb_connect(0x3, 0x36, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) ioctl$VHOST_VDPA_GET_DEVICE_ID(0xffffffffffffffff, 0x8004af70, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', &(0x7f0000000040)=@ethtool_cmd={0x23, 0x8, 0x0, 0x400, 0x0, 0x7e, 0xe7, 0x0, 0x87, 0x0, 0x80000, 0x0, 0x1, 0x8, 0x0, 0x82000045, [0x2, 0x9]}}) socketpair$unix(0x1, 0x1, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0) syz_clone(0x1000000, 0x0, 0x0, &(0x7f0000000500), &(0x7f00000003c0), &(0x7f0000000540)="8107721541c64d48bc7d39180bb02468d2ea555fb193510d70b01d68f34766e41264bebc6b1b2a538f336c5f70ce9fa9d80700f33fb3b705856284f7eb39856126768e68dbf590e48da835fa") openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdir(0x0, 0x0) 5.759771927s ago: executing program 5 (id=845): syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x1c, 0x2, 0x7}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000800000/0x800000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15) 4.810052742s ago: executing program 1 (id=846): ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) sendmmsg(r3, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x2) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) r7 = socket$inet(0x2, 0x2, 0x1) setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000040)=0xffffffffffffff40, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r6, 0x0, 0x8, 0xf, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000780)=""/15, 0x60fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200003}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) 4.567224997s ago: executing program 7 (id=847): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r3}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000040)={0x0, r4, r3}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000480)={0xbf, 0x1f, 0x4, 0x7, "3f6052c5b79469f9d481daca49d1674e917316239561a5ace8b12c66bfc1f586"}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1}, {0xfff3}}}, 0x24}}, 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x39}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) 4.180304416s ago: executing program 6 (id=848): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) writev(r0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000480)}], 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x0, 0x0}) r1 = syz_open_dev$vbi(&(0x7f0000000380), 0x0, 0x2) ptrace$setregset(0x4205, 0x0, 0x1, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000080)={0x5, 0x2}) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x2) 2.928039671s ago: executing program 6 (id=849): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r3, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x802) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/4\x00') read$FUSE(r4, &(0x7f0000000a00)={0x2020}, 0x2020) 2.618225558s ago: executing program 5 (id=850): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09edb44848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e1bd33ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN") ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xfc778000) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, 0x0) fdatasync(0xffffffffffffffff) creat(&(0x7f0000000040)='./bus\x00', 0x122dfb579e447c7a) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x3, 0x0, 0x0, 0x4, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c678082004cb59d654cb9b1b165263bdbcef549ba197fce47ddfdd753abd950100172a00ffffff00f7ffffff000000f3e7f20000000200000000000600", "b7326736181c208220fffff2ff00000000000000000e00", [0x4]}) creat(&(0x7f00000003c0)='./file1\x00', 0xc6) 2.476405358s ago: executing program 0 (id=851): sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x400d1}, 0x8d4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_emit_ethernet(0x7a, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd61a7000200442f00fe8000000000000000000000000000bbfe80000000000000000000000000008a0c2088be0000000201009900000086dd080088be000000031c0885140100000000007b40080022eb0000000223022309020000008000000300ebb41b"], 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) munmap(&(0x7f0000f9a000/0x4000)=nil, 0x4000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@x86={0x3, 0x0, 0x6, 0x0, 0x43a, 0x4, 0x0, 0x7, 0x1, 0x9, 0xfa, 0x1, 0x0, 0x1, 0x29, 0x2, 0x9c, 0x5f, 0x0, '\x00', 0x8, 0xffffffff}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.546247787s ago: executing program 1 (id=852): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x101202) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000080)={{}, {0xe}, 0x2, 0x6}) syz_usb_connect$uac2(0x3, 0xcd, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011001000000408c0d1400400001020301090286000301003003080b00020109200609040000000101200009240102000626000311240803810000000000000200010000000c24030402"], 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000140)={0x5, 0x0, 0x4, 0x4}, 0x10) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x400, &(0x7f0000000e00)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c00084428ae54dabaa5206d4a2a00005ccc774b3ec4c81a1a9852327ff871d16d0d9344e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9aeb8576d329be6e4bb168f143400000000000000000000000000e6865e2ace6eff78baed5a0d4569e2fbb395a19d9179a601422950c6b6a33a7f69c467a660e2df37842c1e650a8344695f9c1556d58f50e98b5ca62887514fe637490d0a24f0da5e421d501d90b1953bb702", @ANYRESDEC, @ANYRES32=0x0, @ANYRES32, @ANYRESDEC], 0xfb, 0x2b4, &(0x7f00000008c0)="$eJzs3L9rE2EYwPHHpD9T22QQQUF80EVFjjb+AwZpQYwotRF1EK72oiFnUnJnJSK2m6vg7ioUBwc3Qf0Hurg5uEmXDgouHdRI73LtpZ4UbS8JzfcD5d573/e5vverPPdC37Ubz+6Xi45RNF1JDKkkRJZkXSSzUWo60NwmvPKAhC3J6ZHvn45du3nrUi6fn5xWncrNnMuq6tjxdw8fvzrxwR25/mbs7aCsZG6vfct+WTm8cmTt10xw9Kqrps5Wq645a1s6V3LKhupV2zIdS0sVx6q1tBft6vx8Xc3K3GhqvmY5jpqVupaturpVdWt1Ne+apYoahqGjKek1yX+OKCxPT5u5WAaDThiOqqzVcmYysrGw3I5BAQCA7hJz/n/2pUhk/n+v5GjJ0cpO+X9CyP/jQ/6/nxxclcivwI38P9V8fzed+dnGkQEAAAAAAAAAAAAAAAAAAAAAgN1YbzTSjUYjHWyDn0ERGRKRYL/T40Q8dnP/B9s/XOyx0D/uDYnYTxcKCwV/67fnilISWywZ7xf54T0PTX556mJ+clw9GXlvLzbjFxcKSe/58OIDmej4CT9eW+P7JRX+/VlJyyH5HBWfjYwfkFMnQ/GGpOXjHamKLXPec70V/2RC9cKV/Lb4Ya8fAAAAAAD7gaGb/vh+99oNDZYN2dbuV27ND0g6ND8QLBIUnh/Y9n3dJ0f7OnPOAAAAAAD0Gqf+qGzatlWj0FI4LyJ/7RPMbrR/YKnNmuEuuVAxFhIb92BPj/z89YvLO/X5Grwa3XER9rSw+sA/tdampER17tAfJAAAAACx2Ur6Oz0SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB6V/RSYclwF68m2PmftcdCx0q29eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALvM7AAD//yaRD3M=") openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4002050) write$UHID_INPUT(r1, &(0x7f0000001500)={0x8, {"6dc141110623fc7287042bd0718c70707c7235acaf87dedcbdaa2ff8c94a6c611c7ce6d6765db465b92d97a0af7b6eecb4a5931cec968e1876bbf17bca73611ec70ac0e87baa38c9d7636962ded95f521f157890a512e600234daaecb8afb4159af46d8b092a257ecf52f093d3a191fd3079ec810301548728eb9083556c2c117ccc0ed8b67f56e659987aecfa760c70c25caefe5cc8dbaa1313e454818e0e2704b4236d0adb10bceb631a34f848b670a265d93138087e6db8c63655d57b8d4deb451310e468ad300d52551caa6516263e35ba6ea3200509808473ccf326d8b8b50048051e218e45e93a20d15b07fb5b782eb62399a60d03bf5bddf64fb3711991531a7b69b0b2c6d5241c433f30075ffcee4f4c85d9f43d2241213fe2937a7e4dc2c56eb146dd0e86b422c827f3a49fd862a86c8b39e0313b73c2f2eae40a61392b2af8a587012d5e7c459300fb8185a8d3fcbc558a3af19aa3be32566e1730e2dc84039b240c4b47e648c824ef19098e43beff1e5412cd596c380c32d5dc5d0d36de03ec9864d7ea105ff2605485949d057e6793b3fd17d9dd8c6bbd2def643df8fc47090c225e01bc55d97c393c3883da791bdac0771ae94238c2fbe65e59ab8021447d03fb40db95b352fdf270f1c7e28501debc2c5bc739eabcd5f995225d97d80b30ea92b5841bc61fd61318fd6d6e2a8163ccf268e92032350fbc72f0789fc051914d12edc2605b75c27f896162433455188c12b78f47804d787f28b8be6db5cfe6db42a86422138aaf50eb315104813dc2a7038af8e86bcc75ce1bbbf74d2b643f95087999e36fdcf7055c43e23ffa1ecff190b63261ab305dd37def47eae502df51fdc1f6c6742fbec6df94a31888348b7a00caf677df121391513686741a345cd2b9ccfbf10de888a1c19103a152ca997bb0da93db8c2965c2734c9e5eedf912cb7dd47b433f6a441c7f0e79b589a15aef0d45acaba80e88304ed62df1658246003e466cdad50b638ce38fd398012446d18b242b6c1808be2904ecbed6ba3b8135a386f44126e433e269577e0b9635d30c94a5c9686f48ade53a1db291db355c7488decb03542b7dc62c145551d1f85a10bacbb4f8b630f150cc75a6755318bdc6bd1f09e4632ab38fa566ee79db59f0ece5c32cd7ee06b18708a1329a0aa05e50edecc518bac7d3702a93e9ae71c50a4d99c8d577d9be90691fee97fdbb63ce81b766da4ea4ea6065337ade96366adcd48f1f03170657c339442c5669863a7b6888867e19400705b73029982fe0a56d3c04f43fbee4f8cc9302fabc2d9af8529ba90f57d86f8c25e6471b1f9b1a43834dbd18783a7595d85c4d62eafeb825c5663b552cf573cdfda13adc1aebf084d758ce98b3a5e608e03fe9f1c6b19beebcaaa975348b5e795d43bda2f23c3e4eef7e4c7d6380ade4112246a6507b539f41f56b95611e41eb81e91dbef72badb6f5d38e722103c65011dc1fd89576964efc56509660674ab323614294572c7732d5ea218459f4a1392448b103fec7840c4482a16adef3f7c51aca85760f5c1b6d6c51b8d70cf74ec9834660a333aaff03121d3b5b2831ed9c3d1aca8231cb52d3f0e13946ad5b9c1d6a891ef1e793651d461e7cf34117a2b5a7af6b9631d8a648e27ef3816fe9e5b5d521722876c493203b75b69ed8af9adbfe29d6e43ab64c69e9e351db710208cd60a3d68f05049dfa94800eb3deec6a345cb7f0f07a733343a0c53032cd0b07865f4ed8c05035204d569024c98ac18d6fa9a2d0ec93197c35696d853c50c0b5c43bd0905c00e03551196c52c8c0a2eaf1009131c05cd91cad8f4f3b17400a2dca1ccfc04ab05caef3b6341afa4df70f29dcf56cf270979adc20877a7c03797009dc284e006b1268f967787015c680d8d41b8ea0300e94fc5818d8276ad24e3ca4aa55e73707eb9178e1f53084db6123cb90af5bb5f504a25a13cde9ef54df62deec0a8f71f885e41099ad01422b108650ac10ef0c6bc3ed56092be1a9cb301d533db0509d303b780599cf6bb89a2ab1b92500b45cd6e8899e6dd43d8c15b16d2b451d176ee2f51a1beba1492c2916ed6932931db4253c6f79ce24a012cae5442d6ea1e4475901adaeac284caf4c0d120d3e907770ef31db8d8a5b8464876eb95a02ac9d8d1a2e11ced0127cdc14c04ddaab83ecaff71b23b99ed785ca033637c34e4ef31cbf14ffe214caa5670cb4d72a6c56abda35a1e0854c84cccea034ffef68c6e632a30c855687c9fcaf0761f2ce4d9aca403da9605877b4f5d3957364eaf76235f1ab61343e4e846e8989143abd8dc713de62b4a1874c6f685188a1b134a8af88f02b8b529fb064644a579f92853f2f9ee69e70b8b9fabb325a36cc4aaa995e13eed4f0cf31d8ab95c09cc2f5371dc22660fa4ba9e45652a678b0e8f4340086a3e806d6eb9cbba83066bd024eab450fa0493934c80afc24e7f687c63457f2508504488b59b5984b17e22a6c9aecdcda37151f004a8f2da0aabc9932c2e82eb0b8ee358351160340f95c13224ab783d991d7436797fbb122eeeddf1c8dad7d8112f2b49515b73aad8a64b76d6a947b3f3f6e8ff2589fa845fc7273143a36794416fc0f55ee3715714e568f2ea3a99139b37a4b1f42efc40c054d6fbd262d9eddf7ca2073fb7ac5ca7db6758065657b292391cbc80ec38e899bae93b6df568d4e12c43b11a858bc666ab54897ca8e2914a1f987c66773262be067c3c8a96fad8e3009f807691f326bd0f8db0fa16538398f2183d049e80a0016680ed866a08d05fa2e4b8cc38ada87d781d9d3b484e35b3c98eca930fe6aa59885451fe13bb5d48198cf1e4562b7fd6713070d16e167e25df0c835e163e179f4e31247c0d79d2d7767509705e45e985844e64aebe8e8e30d8ed6be21bfeb41cc0f0e814e8fd59b4773cc5e82839cfa4e1804cc85bf419b35372e230fe4dbdac05549fc9ad9355f86986f3ca005c8f4f4497f852178c6f1b5062debe378939ad6d6c54988a6562fc6cea85ded130240e9190dbd97d1b08b8deee6442c99514a9480ecad44b3b36f45e2a5caaa238e33f1a8636be14bad392947651c96f4dd89350be948873254104745060d1dee3c22dae8c9b696f60978cf6db35960e0d4283e666c3ffa99c86e2a3b82b70e976c78899f7d4996f467a0e35de2ed1410fa42d860228a085c336c4b67233f48e063ceeff025d8a5206a53bb200887d83f1dea589de051b8af3f7ad031e19767b90e763a91a5087fde9ac48d72b3f97c5c360410092cda7eec6f8ccb1364c25bdd681ca78a125d2c949f75e581a895687ea784f0d6de38237810c6a07ec388d9a72ff3bceac2e4e877b36c74a599b9cccda572b18e7b426e50297fdfea897f01e7b98df7eaf90f010c7fe7060a3540599f35f02ec9369a6b1553c37d4184fcfb6647dcae4ced5641bff3f2ddd4d4fe6953688ba564bd9ea15a8fc435399d5354ac652be0c5398cf2196c078a936448fce1fb427049a5f0e434d40143f0e0aed325aa51deb4e6d2a576c2ebfff603917b9c2008271d565ca0234279651f6e8a46d07665f721f8ec183171d565d32d8ab26e0b4336b3b8ce4752af9a5db42771a70aabeee333ad81b7f1e9ce9b53022a8071ba24df48690ca90ce395f2d8ff778456e30e86eadce15e6247ab24b8bd95c1c58200a1eda9f398e268210eb49feef8207c0e97f8e3f5198b5b6eb668b3a4ecba2124d6cf3282bc86a42bd3c53c9e9d2a66feb797d9672a5733370db6a9ab3eec28869d066b479fd7a8c75bd368b8c3f59984083295bc5aacb189faac6593e0d7400831f8488830771f798b4c11740331485dd425eadf17684c45ca622481cce7463c02a50ec232484833d632f0525bfe21e55b7d073dc195bf61f029340d4825703fd1ca622a8659e507cda5c0aeb509d012b18a8837a74d5c6cc1ca3b047f2359ac70e16a801f6d41b91a6be04b79ef91e52b00694ec551cb7e07100d87517b33e9544f72a71a7f5f140a1e0b10c1edea43c45c92000010adc7f2d5c613877f98bb6fa875e53d92cf931347f70675249471f0c7c54e1402352441163b772d160ad4ac77499ba458052b9f98ff1b5efb315bb57cd8b161564a329d87bfb9fbd42f7707e472585399e3fe4b72780488a608d010af6398db3f4d8d480368d1366a798a5ae76ab9346b725107bd343e3a10cbfdf2f4dc31ffe3e3931f2506dd42a9a4f9ec4f67582f40e72c2f54e1256885753d26fbb510ceb2304f3d0b7249f191ef50ae9218725215583ca3742530748f011f8bbf21a4e9794bc3dca1a32a011d9476766e282992371192a55f1e90b0e54f3971a96e5c998b75cc4c7fb4dd2c7431022fd1f04d829a520e6ee8bee1adfccd119d3a21181ddd6b5e0a0db086ade2f511601ab93224438a12e6605f0ce3fee490dd67958e16af68356741d2aa758167ca25a8950da1c49d93d86988e382d804ed0759f9008c8e27a17fa2c2808c181f10a41e8881be44eb3c0a9cfe430fdee3b562e4c5d1bb9a4507b6080839c90ba7aabdbaa3fb7a44605b41e8f160f1b37911823ddc83448fd929b9bb6221f95c34a2cc247798b8a40fb7595cc3a308a9a75b91c5b692b06278f5e2d8ff2012900c1243924355e7777a8b22a6c4363f8b15f883444e731e039e53e909070607b5973317d447511b08f2d710ed16a75b497b689b614d3f92df7ddbf5c9e0eb78f72151df806ba0a5e2be4bfe3dd10fdc4e598d7f370eb2e342fc4237a2f607061e3b9edc0065a87103e43903cabc658f7ef4a69ce852607f81af4cdd2265de2f3daa557147e8b4fb586882a0488c4b9a066793cb8ef65b5e6c42a5a3e5f1da5eb5c2583d7a011480eba231c08ab2846d775be46d361f89926c0cde11d1b085c3a79a525ed7c903648a2e584fae0e7d5d5d7d98718308b8feb068a1727d601f76fc872589cbd981dc4abb79c1b9d6c01c2ab7e91ea4d6d8ee02d6ac3e1815be783820ae3f031e092c9361c3685bdc87c71b611cc2a72b1f943404c28f8a78fba1b9156fdfedfd83df9055a5111d484216d3b28a28f3064735fe9c11fc16cb5950004267b803ba7d80790bac30d7ef4970ed35474c95903a53d531fc577187c3a0cc9e071f98a960c73b7fa0b65cd26a97083dc75efda44f21bdc6c1dba7f5bd8324f46b15c412e498911355abfcb316c37e771bffdfa381407124b5025425b8bfcb089764bbdc79f6b07ab18d62c79ed62cc760935e921ff1eb4aad3f701160676288bcff266844cc1d7ff33e71dd9483a73877baf365e0b2ccbf9599215983ffc528a2400790aa7c9b43410bfa61e2f87be98f7f82cc650f04eb3b1b843963d93c3a5c08a626951cda3fe1493c5c249d5bee839304d5d9a4719a18cb7095a6936ec61ed666a2a563f49046ab81eb69ae1aca97adbb714213b9ba0e60733f419e4b757faf9f8bbeec44b6f66dc0bad402f85bd32d6e966ae0f96fee852ff702da7cff79da90ea78b2cd6053a31ba8c64eb6c4214b6e0cc764668e68a9be63da1f2e3c549ca54fbf581494d7aff14f5007fe8c90cc6204a5c3156c081e8ce72b0de5d0579b6b804864ffbc23f2d4640206195888ce726dc0bcf2f2b2548369cebc12cba360f8060322d6244e78fbd6a0df5c0924a55186e8c57c695c16a3500dd12dfda9bea2a861381b4e60dd256df38a6659f3313763ee17bf41e727fcd4c098bbd4260980974c51b236abc5ce08a7da3520a792282fb80128b851b2f9c21fcc37ae4c5a5d083963d2caeac7da", 0xffffffffffffffcb}}, 0x1dd) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000008, 0x40010, 0xffffffffffffffff, 0x7943f000) 1.420985306s ago: executing program 6 (id=853): socket$netlink(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0xa001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, 0x0, 0x4000000) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x7ffffffe}, 0x0, 0x0) 1.21331598s ago: executing program 0 (id=854): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f00000004c0)={0x1d, r2, 0x40000000002, {0x2, 0xff, 0x2}, 0xfe}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) r5 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r4, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f0000000280)="4dfb0cf0d556f1327d", 0x9}, 0x1, 0x0, 0x0, 0x400c000}, 0xee) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x111, 0x70bd27, 0x100000, {0x0, 0x0, 0x74, r4, {0x6, 0xfff2}, {0x5, 0xfff3}, {0xd, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0xc4) 720.728957ms ago: executing program 6 (id=855): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='auxv\x00') ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x3, 0x180, 0x2, 0x10, 0xf1, 0x100000001, 0x10, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbd9], 0x4000, 0x43180}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x6, 0x4, 0x200000000000043, 0x2000004, 0x0, 0x2004cb, 0x0, 0xa7c, 0x9, 0x8, 0xd1a, 0x803, 0x0, 0x9, 0x9], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0xeeee3001, 0x8, 0x8, 0xb, 0x2a, 0x42, 0x0, 0xfd, 0x81, 0x80}, {0x5000, 0x33000, 0x0, 0x0, 0x42, 0x5, 0x75, 0x6, 0x36, 0xd, 0x6, 0x89}, {0x0, 0xd000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x0, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0x0, 0x8, 0x7, 0xe}, {0xf000, 0xd000, 0xf, 0x2, 0x7, 0x7, 0x4, 0x8, 0x7, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0x8, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0xf, 0x5, 0xb, 0x5, 0x2, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xe, 0x5, 0xcd, 0x7, 0xfc, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0xc000, 0x7}, 0x80000021, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x30000, [0x6800000000000000, 0x5, 0x4, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 601.211389ms ago: executing program 5 (id=856): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}}, 0x14}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "8b0f00", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x1, 0x0, 0xffd}}}}}}}, 0x0) 157.420344ms ago: executing program 0 (id=857): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000140)={[{@test_dummy_encryption_v1}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") symlinkat(0x0, 0xffffffffffffff9c, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x2010042, &(0x7f0000000380)={[{@subsystem='net_prio'}]}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r4, 0x10e, 0xc, 0x0, 0x0) 0s ago: executing program 5 (id=858): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x2c, r3, 0x431, 0x0, 0x0, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000880}, 0x20004010) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x4c, r5, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}]]}, 0x4c}}, 0x20000014) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140)={0x26000, 0xe000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x0, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000100)={0x0, 0x10000}) kernel console output (not intermixed with test programs): 3018][ T6691] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 399.937978][ T6691] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 400.233173][ T6691] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 400.333027][ T6691] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 400.367020][ T6691] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 400.493675][ T6691] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 400.745539][ T6691] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 400.846545][ T6691] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 401.495866][ T7010] loop4: detected capacity change from 0 to 256 [ 402.375251][ T6691] 8021q: adding VLAN 0 to HW filter on device bond0 [ 402.734564][ T6691] 8021q: adding VLAN 0 to HW filter on device team0 [ 403.005647][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.013194][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 403.166115][ T7028] loop1: detected capacity change from 0 to 1764 [ 403.369058][ T1116] bridge0: port 2(bridge_slave_1) entered blocking state [ 403.376672][ T1116] bridge0: port 2(bridge_slave_1) entered forwarding state [ 403.604614][ T6763] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 403.738253][ T6763] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 403.833212][ T6763] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 403.892001][ T7034] loop4: detected capacity change from 0 to 2048 [ 403.952617][ T6763] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 404.006718][ T7034] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 404.083050][ T6763] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 404.184563][ T6763] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 404.484500][ T6763] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 405.038705][ T6763] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 405.633788][ T7048] vivid-004: disconnect [ 405.669681][ T7046] vivid-004: reconnect [ 405.866096][ T7052] loop1: detected capacity change from 0 to 64 [ 405.946761][ T7052] MINIX-fs: mounting file system with errors, running fsck is recommended [ 407.202670][ T6763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.575191][ T6763] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.725919][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.733499][ T5879] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.097854][ T1116] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.105494][ T1116] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.737699][ T7081] netlink: 4892 bytes leftover after parsing attributes in process `syz.1.323'. [ 409.529549][ T7090] loop0: detected capacity change from 0 to 256 [ 409.585472][ T7090] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 409.702441][ T7090] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 409.771483][ T7090] FAT-fs (loop0): Filesystem has been set read-only [ 409.851550][ T7090] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 409.907001][ T7090] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 409.981117][ T7090] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 410.031268][ T7090] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 410.078481][ T7090] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 410.139221][ T7090] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 410.190792][ T7090] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 410.219014][ T7091] loop1: detected capacity change from 0 to 4096 [ 410.261236][ T29] audit: type=1800 audit(1780112292.946:10): pid=7090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.326" name="file1" dev="loop0" ino=1048618 res=0 errno=0 [ 410.389518][ T7097] loop4: detected capacity change from 0 to 2048 [ 410.433179][ T7101] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 410.584614][ T7097] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 410.876754][ T6691] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 411.303395][ T5596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 412.071474][ T7122] netlink: 44 bytes leftover after parsing attributes in process `syz.4.330'. [ 412.136535][ T7122] netlink: 92 bytes leftover after parsing attributes in process `syz.4.330'. [ 413.794581][ T7139] loop1: detected capacity change from 0 to 1024 [ 413.880759][ T7139] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 414.144642][ T7139] EXT4-fs error (device loop1): ext4_map_blocks:791: inode #3: block 2: comm syz.1.336: lblock 2 mapped to illegal pblock 2 (length 1) [ 414.271443][ T7139] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 414.274605][ T7139] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 414.284175][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 414.284266][ C1] EXT4-fs (loop1): initial error at time 1780112296: ext4_map_blocks:791: inode 3: block 2 [ 414.284456][ C1] EXT4-fs (loop1): last error at time 1780112296: ext4_map_blocks:791: inode 3: block 2 [ 414.380647][ T7139] EXT4-fs error (device loop1): ext4_map_blocks:791: inode #3: block 48: comm syz.1.336: lblock 0 mapped to illegal pblock 48 (length 1) [ 414.516680][ T7139] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 414.518928][ T7139] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 414.607797][ T7139] EXT4-fs error (device loop1): ext4_acquire_dquot:7034: comm syz.1.336: Failed to acquire dquot type 0 [ 414.624973][ T6763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 414.654637][ T7139] loop1: lost filesystem error report for type 5 error -117 [ 414.655495][ T7139] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6383: Corrupt filesystem [ 414.738387][ T7139] loop1: lost filesystem error report for type 5 error -117 [ 414.740723][ T7139] EXT4-fs error (device loop1): ext4_evict_inode:267: inode #11: comm syz.1.336: mark_inode_dirty error [ 414.816878][ T6691] veth0_vlan: entered promiscuous mode [ 414.849732][ T7139] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 414.854919][ T7139] EXT4-fs warning (device loop1): ext4_evict_inode:270: couldn't mark inode dirty (err -117) [ 414.948230][ T7139] EXT4-fs (loop1): 1 orphan inode deleted [ 414.970624][ T1148] EXT4-fs error (device loop1): ext4_map_blocks:791: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 414.989933][ T6691] veth1_vlan: entered promiscuous mode [ 414.996338][ T7139] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 415.058739][ T1148] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 415.101788][ T1148] EXT4-fs error (device loop1): ext4_release_dquot:7070: comm kworker/u8:9: Failed to release dquot type 0 [ 415.174410][ T7139] EXT4-fs error (device loop1): __ext4_get_inode_loc:4885: comm syz.1.336: Invalid inode table block 1 in block_group 0 [ 415.474369][ T6691] veth0_macvtap: entered promiscuous mode [ 415.572601][ T6691] veth1_macvtap: entered promiscuous mode [ 415.599094][ T5584] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 415.641824][ T5584] EXT4-fs error (device loop1): __ext4_get_inode_loc:4885: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 415.702288][ T5584] loop1: lost filesystem error report for type 5 error -117 [ 415.706814][ T5584] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6383: Corrupt filesystem [ 415.789013][ T5584] loop1: lost filesystem error report for type 5 error -117 [ 415.789885][ T5584] EXT4-fs error (device loop1): ext4_quota_off:7318: inode #3: comm syz-executor: mark_inode_dirty error [ 415.889605][ T6691] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 415.898617][ T5584] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 416.065963][ T6691] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 416.095298][ T7165] loop0: detected capacity change from 0 to 512 [ 416.152294][ T7165] EXT4-fs (loop0): Test dummy encryption mode enabled [ 416.243258][ T7165] EXT4-fs (loop0): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 416.305024][ T7165] EXT4-fs error (device loop0): ext4_empty_dir:3085: inode #2: comm syz.0.343: Directory hole found for htree leaf block 0 [ 416.336243][ T5878] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.359665][ T7165] EXT4-fs (loop0): Remounting filesystem read-only [ 416.390536][ T5878] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.443923][ T5878] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.473249][ T5734] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 416.512901][ T5878] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.733786][ T5734] usb 5-1: config 1 has an invalid interface number: 7 but max is 0 [ 416.780537][ T5734] usb 5-1: config 1 has no interface number 0 [ 416.824553][ T5734] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 416.837846][ T5581] EXT4-fs (loop0): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 416.892088][ T5734] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 416.950106][ T5734] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 417.049422][ T5734] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 417.088184][ T5734] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.142859][ T5734] usb 5-1: Product: syz [ 417.174230][ T5734] usb 5-1: Manufacturer: syz [ 417.200799][ T5734] usb 5-1: SerialNumber: syz [ 417.264318][ T7167] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 417.979131][ T7178] loop1: detected capacity change from 0 to 32768 [ 417.989718][ T7178] btrfs: Deprecated parameter 'usebackuproot' [ 417.996334][ T7178] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 418.018616][ T7178] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.345 (7178) [ 419.023755][ T7178] BTRFS info (device loop1 state S): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 419.034960][ T7178] BTRFS info (device loop1 state S): using blake2b checksum algorithm [ 419.044307][ T7178] BTRFS warning (device loop1 state ES): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 419.068697][ T7178] workqueue: max_active 2097158 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 419.084562][ T7178] workqueue: max_active 2097158 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 419.105518][ T7167] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 419.128825][ T7178] workqueue: max_active 2097158 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 419.150738][ T7178] workqueue: max_active 2097158 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 419.177008][ T7178] workqueue: max_active 2097158 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 419.197958][ T7178] workqueue: max_active 2097158 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 419.315100][ T56] BTRFS warning (device loop1 state ES): checksum verify failed on logical 5332992 mirror 1 wanted 0xb929531db417ae5491593d99afe1510df15bdaa63fb6603d26a93ec9245f098d found 0x363308d2114680d601348c08228f0717ad7958309dd0d8905f734334b97c6240 level 0, ignored [ 419.524178][ T7178] BTRFS warning (device loop1 state ES): mismatching generation and generation_v2 found in root item. This root was probably mounted with an older kernel. Resetting all new fields. [ 419.605211][ T6180] BTRFS warning (device loop1 state ECS): checksum verify failed on logical 5267456 mirror 1 wanted 0xce6a0dc39dad9e7cbba6cc000b67b0cf7f3e351c922d08ed6fd033c276f2526b found 0x64ab88c05a065dd447f4993032483e5ee243ed11629c93abf488b4eae2f264eb level 0, ignored [ 419.809283][ T7178] BTRFS info (device loop1 state ECS): enabling ssd optimizations [ 419.817589][ T7178] BTRFS info (device loop1 state ECS): turning off barriers [ 419.825347][ T7178] BTRFS info (device loop1 state ECS): disabling log replay at mount time [ 419.834222][ T7178] BTRFS info (device loop1 state ECS): enabling disk space caching [ 419.842453][ T7178] BTRFS info (device loop1 state ECS): force clearing of disk cache [ 419.850769][ T7178] BTRFS info (device loop1 state ECS): trying to use backup root at mount time [ 419.859872][ T7178] BTRFS info (device loop1 state ECS): ignoring bad roots [ 419.867375][ T7178] BTRFS info (device loop1 state ECS): ignoring data csums [ 419.874897][ T7178] BTRFS info (device loop1 state ECS): ignoring meta csums [ 419.886519][ T7178] BTRFS info (device loop1 state ECS): ignoring unknown super block flags [ 419.939985][ T34] BTRFS warning (device loop1 state ECS): checksum verify failed on logical 5308416 mirror 1 wanted 0x47c1be8eef63a64480a0d216c40351d1b0e275802e790c94e39791d738abc154 found 0xf19f77b986157fede8f5210016dedcf3b91e2eab63d44a6f9e296b017f4bdebe level 0, ignored [ 419.985347][ T5734] usb 5-1: Error in usbnet_get_endpoints (-71) [ 420.339121][ T5584] BTRFS info (device loop1 state ECS): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 420.371841][ T5734] usb 5-1: USB disconnect, device number 6 [ 420.458253][ T6763] veth0_vlan: entered promiscuous mode [ 420.733736][ T6763] veth1_vlan: entered promiscuous mode [ 421.387525][ T6763] veth0_macvtap: entered promiscuous mode [ 421.520744][ T6763] veth1_macvtap: entered promiscuous mode [ 421.940293][ T7222] loop4: detected capacity change from 0 to 256 [ 421.944655][ T6763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 422.107722][ T7222] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d) [ 422.243299][ T6763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 422.494924][ T52] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.557086][ T52] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.621942][ T52] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.683328][ T52] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.703080][ T5583] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 422.714151][ T5583] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 422.725662][ T5583] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 422.751105][ T5583] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 422.766996][ T5583] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 423.180626][ T5734] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 423.398290][ T5734] usb 1-1: Using ep0 maxpacket: 8 [ 423.461878][ T5734] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 423.538474][ T5734] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 423.641318][ T5734] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 423.690542][ T5734] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.766646][ T5734] usb 1-1: config 0 descriptor?? [ 424.416983][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x2 [ 424.463742][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.527479][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.547799][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.606262][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.633918][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.684469][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.729592][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.768176][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.819166][ T5734] hid-led 0003:0FC5:B080.0001: unknown main item tag 0x0 [ 424.844543][ T5583] Bluetooth: hci2: command tx timeout [ 424.878342][ T5734] hid-led 0003:0FC5:B080.0001: unbalanced collection at end of report description [ 425.021696][ T5734] hid-led 0003:0FC5:B080.0001: probe with driver hid-led failed with error -22 [ 425.136510][ T5734] usb 1-1: USB disconnect, device number 4 [ 425.264049][ T7257] comedi comedi3: aio_iiro_16: I/O port conflict (0x100,8) [ 425.809656][ T52] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.139838][ T52] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.431698][ T52] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.756724][ T52] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.769797][ T7277] capability: warning: `syz.0.363' uses deprecated v2 capabilities in a way that may be insecure [ 426.922288][ T5583] Bluetooth: hci2: command tx timeout [ 427.345595][ T7286] loop1: detected capacity change from 0 to 256 [ 427.962460][ T52] bridge_slave_1: left allmulticast mode [ 427.992611][ T52] bridge_slave_1: left promiscuous mode [ 428.021872][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.114734][ T52] bridge_slave_0: left allmulticast mode [ 428.167563][ T52] bridge_slave_0: left promiscuous mode [ 428.256588][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.737002][ T7302] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.370'. [ 429.015533][ T5583] Bluetooth: hci2: command tx timeout [ 429.631960][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.685783][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 429.727517][ T52] bond0 (unregistering): Released all slaves [ 431.080847][ T5583] Bluetooth: hci2: command tx timeout [ 431.131246][ T52] hsr_slave_0: left promiscuous mode [ 431.157929][ T52] hsr_slave_1: left promiscuous mode [ 431.212663][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 431.283237][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 431.331548][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 431.356960][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 431.514479][ T52] veth1_macvtap: left promiscuous mode [ 431.521056][ T52] veth0_macvtap: left promiscuous mode [ 431.558883][ T52] veth1_vlan: left promiscuous mode [ 431.577491][ T52] veth0_vlan: left promiscuous mode [ 432.859903][ T52] team0 (unregistering): Port device team_slave_1 removed [ 432.899977][ T52] team0 (unregistering): Port device team_slave_0 removed [ 434.219101][ T7342] vlan2: entered promiscuous mode [ 434.221626][ T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 434.248241][ T7342] bridge0: entered promiscuous mode [ 434.343234][ T7342] bridge0: port 3(vlan2) entered blocking state [ 434.382417][ T5682] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 434.397662][ T7342] bridge0: port 3(vlan2) entered disabled state [ 434.429372][ T7342] vlan2: entered allmulticast mode [ 434.446088][ T7342] bridge0: entered allmulticast mode [ 434.463418][ T24] usb 1-1: too many configurations: 238, using maximum allowed: 8 [ 434.487929][ T7342] vlan2: left allmulticast mode [ 434.498261][ T24] usb 1-1: config index 0 descriptor too short (expected 64836, got 72) [ 434.505816][ T7342] bridge0: left allmulticast mode [ 434.540676][ T24] usb 1-1: config index 1 descriptor too short (expected 64836, got 72) [ 434.571487][ T5682] usb 5-1: Using ep0 maxpacket: 8 [ 434.591998][ T5682] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 434.623756][ T24] usb 1-1: config index 2 descriptor too short (expected 64836, got 72) [ 434.637032][ T5682] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 434.652817][ T24] usb 1-1: config index 3 descriptor too short (expected 64836, got 72) [ 434.689000][ T5682] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 434.721048][ T24] usb 1-1: config index 4 descriptor too short (expected 64836, got 72) [ 434.755485][ T5682] usb 5-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 434.801933][ T24] usb 1-1: config index 5 descriptor too short (expected 64836, got 72) [ 434.805016][ T5682] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.829121][ T24] usb 1-1: config index 6 descriptor too short (expected 64836, got 72) [ 434.889063][ T5682] usb 5-1: config 0 descriptor?? [ 434.910624][ T24] usb 1-1: config index 7 descriptor too short (expected 64836, got 72) [ 434.952297][ T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 434.991784][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.027797][ T24] usb 1-1: Product: syz [ 435.059006][ T24] usb 1-1: Manufacturer: syz [ 435.108393][ T24] usb 1-1: SerialNumber: syz [ 435.163938][ T24] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 435.362486][ T5734] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 435.511522][ T5682] hid_parser_main: 19 callbacks suppressed [ 435.511615][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x4 [ 435.614631][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x6 [ 435.666727][ T48] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 435.689029][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x0 [ 435.697565][ T48] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 435.706903][ T48] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 435.728582][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x0 [ 435.748810][ T48] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 435.765819][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x0 [ 435.775425][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x0 [ 435.787615][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x0 [ 435.795999][ T48] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 435.805572][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x0 [ 435.813238][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x0 [ 435.824640][ T5682] elecom 0003:056E:00FE.0002: unknown main item tag 0x0 [ 435.845128][ T5682] elecom 0003:056E:00FE.0002: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.4-1/input0 [ 435.917132][ T5682] usb 5-1: USB disconnect, device number 7 [ 436.316378][ T9] usb 1-1: USB disconnect, device number 5 [ 436.846846][ T5734] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 436.887843][ T5734] ath9k_htc: Failed to initialize the device [ 436.950452][ T9] usb 1-1: ath9k_htc: USB layer deinitialized [ 437.410101][ T7356] fido_id[7356]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 437.531808][ T7368] netlink: 264 bytes leftover after parsing attributes in process `syz.1.386'. [ 437.965113][ T48] Bluetooth: hci3: command tx timeout [ 438.783677][ T7384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.391'. [ 439.963861][ T7225] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.972727][ T7225] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.991893][ T7225] bridge_slave_0: entered allmulticast mode [ 440.017748][ T7225] bridge_slave_0: entered promiscuous mode [ 440.041549][ T48] Bluetooth: hci3: command tx timeout [ 440.472124][ T5879] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.826863][ T7225] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.866834][ T7225] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.919511][ T7225] bridge_slave_1: entered allmulticast mode [ 440.954898][ T7225] bridge_slave_1: entered promiscuous mode [ 441.258915][ T5879] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.538997][ T7225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.704285][ T5879] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.750915][ T7225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 442.120731][ T48] Bluetooth: hci3: command tx timeout [ 442.165119][ T5879] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.383561][ T7225] team0: Port device team_slave_0 added [ 443.216716][ T7225] team0: Port device team_slave_1 added [ 443.352063][ T7421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.399'. [ 443.525873][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 443.762778][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 443.811490][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 443.879341][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 443.932887][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1794, setting to 1024 [ 443.995727][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024 [ 444.049752][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 444.088860][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 444.135034][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 444.201240][ T48] Bluetooth: hci3: command tx timeout [ 444.241362][ T9] usb 5-1: New USB device found, idVendor=104f, idProduct=0004, bcdDevice=c6.c3 [ 444.276258][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.292674][ T9] usb 5-1: Product: syz [ 444.297644][ T9] usb 5-1: Manufacturer: syz [ 444.313506][ T9] usb 5-1: SerialNumber: syz [ 444.328905][ T9] usb 5-1: config 0 descriptor?? [ 444.368104][ T7417] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 444.438721][ T9] iuu_phoenix 5-1:0.0: iuu_phoenix converter detected [ 444.486623][ T9] usb 5-1: iuu_phoenix converter now attached to ttyUSB0 [ 444.623179][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.634212][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.719158][ T5682] usb 5-1: USB disconnect, device number 8 [ 444.835017][ T5682] iuu_phoenix ttyUSB0: iuu_phoenix converter now disconnected from ttyUSB0 [ 444.898267][ T5682] iuu_phoenix 5-1:0.0: device disconnected [ 445.225715][ T7225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 445.260552][ T7225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 445.348228][ T7225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 445.370911][ T7225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 445.381477][ T7225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 445.431962][ T7225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 446.162552][ T5879] bridge_slave_1: left allmulticast mode [ 446.187884][ T5879] bridge_slave_1: left promiscuous mode [ 446.224457][ T5879] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.305258][ T5879] bridge_slave_0: left allmulticast mode [ 446.355487][ T5879] bridge_slave_0: left promiscuous mode [ 446.395722][ T5879] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.953338][ T24] hid_parser_main: 49 callbacks suppressed [ 446.953431][ T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 447.023766][ T24] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 447.798360][ T7458] fido_id[7458]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 448.299130][ T5879] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.391860][ T5879] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.435575][ T5879] bond0 (unregistering): Released all slaves [ 448.687199][ T7225] hsr_slave_0: entered promiscuous mode [ 448.748842][ T7225] hsr_slave_1: entered promiscuous mode [ 449.239307][ T7470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.412'. [ 450.086757][ T5232] 8021q: adding VLAN 0 to HW filter on device eth5 [ 450.495132][ T5879] hsr_slave_0: left promiscuous mode [ 450.589147][ T5879] hsr_slave_1: left promiscuous mode [ 450.633134][ T5879] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 450.690574][ T5879] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 450.763923][ T5879] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 450.787901][ T5879] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 450.862539][ T5879] veth1_macvtap: left promiscuous mode [ 450.874408][ T5879] veth0_macvtap: left promiscuous mode [ 450.891201][ T5879] veth1_vlan: left promiscuous mode [ 450.902422][ T5879] veth0_vlan: left promiscuous mode [ 451.984965][ T5879] team0 (unregistering): Port device team_slave_1 removed [ 452.045387][ T5879] team0 (unregistering): Port device team_slave_0 removed [ 453.107092][ T7502] loop0: detected capacity change from 0 to 512 [ 453.293323][ T7502] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 453.389046][ T7510] loop1: detected capacity change from 0 to 256 [ 453.402761][ T7502] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 453.481644][ T7510] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xcab3d314, utbl_chksum : 0xe619d30d) [ 453.496312][ T7502] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 453.890727][ T5581] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 455.217115][ T7524] 9p: Bad value for 'wfdno' [ 456.038861][ T7349] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.064968][ T7349] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.091847][ T7349] bridge_slave_0: entered allmulticast mode [ 456.136465][ T7349] bridge_slave_0: entered promiscuous mode [ 456.176101][ T7349] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.183988][ T7349] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.203911][ T7349] bridge_slave_1: entered allmulticast mode [ 456.215432][ T7349] bridge_slave_1: entered promiscuous mode [ 456.240802][ T7529] loop0: detected capacity change from 0 to 4096 [ 456.360648][ T5734] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 456.470030][ T7529] ntfs3(loop0): Failed to initialize $Extend/$ObjId. [ 456.577933][ T5734] usb 5-1: unable to get BOS descriptor or descriptor too short [ 456.618635][ T5734] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 456.658366][ T5734] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 456.706885][ T5734] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 456.778988][ T7349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 456.799562][ T5734] usb 5-1: string descriptor 0 read error: -22 [ 456.813717][ T5734] usb 5-1: New USB device found, idVendor=04b4, idProduct=0384, bcdDevice= 0.40 [ 456.843957][ T5734] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.863336][ T7225] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 456.937836][ T7225] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 456.968979][ T5734] usb 5-1: Audio class v2/v3 interfaces need an interface association [ 457.005640][ T7225] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 457.105599][ T7225] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 457.165730][ T7349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 457.466526][ T7225] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 457.595918][ T7225] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 457.629330][ T5734] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 457.683271][ T5734] snd-usb-hiface 5-1:1.0: probe with driver snd-usb-hiface failed with error -22 [ 457.833138][ T7225] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 457.916011][ T9] usb 5-1: USB disconnect, device number 9 [ 457.940179][ T7225] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 458.049408][ T7349] team0: Port device team_slave_0 added [ 458.129814][ T7349] team0: Port device team_slave_1 added [ 458.252919][ T7543] loop1: detected capacity change from 0 to 4096 [ 458.307924][ T7543] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 458.427353][ T7349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 458.449305][ T7349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 458.526954][ T7349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 458.585799][ T7543] ntfs3(loop1): ino=19, mi_enum_attr [ 458.621315][ T7543] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 458.704445][ T7349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 458.758978][ T7349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 458.885055][ T7349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 459.577016][ T7349] hsr_slave_0: entered promiscuous mode [ 459.622204][ T7349] hsr_slave_1: entered promiscuous mode [ 459.665718][ T7349] debugfs: 'hsr0' already exists in 'hsr' [ 459.688585][ T7349] Cannot create hsr debugfs directory [ 461.100291][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.436'. [ 461.485896][ T7576] loop1: detected capacity change from 0 to 128 [ 461.639051][ T7576] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 461.729857][ T7576] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 461.921765][ T29] audit: type=1800 audit(1780112344.616:11): pid=7576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.438" name="bus" dev="loop1" ino=12 res=0 errno=0 [ 462.489289][ T5584] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 462.716291][ T7583] loop4: detected capacity change from 0 to 512 [ 462.754491][ T7583] EXT4-fs: Ignoring removed bh option [ 462.793093][ T7583] EXT4-fs: inline encryption not supported [ 462.882866][ T7583] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 462.996795][ T7583] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1148: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 463.049806][ T7583] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.440: bg 0: block 248: padding at end of block bitmap is not set [ 463.101853][ T7583] loop4: lost filesystem error report for type 5 error -117 [ 463.120395][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 463.130706][ T7583] Quota error (device loop4): write_blk: dquota write failed [ 463.134508][ C0] EXT4-fs (loop4): last error at time 1780112345: ext4_validate_block_bitmap:441 [ 463.203244][ T7583] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 463.229522][ T7583] EXT4-fs error (device loop4): ext4_acquire_dquot:7034: comm syz.4.440: Failed to acquire dquot type 1 [ 463.271127][ T7583] loop4: lost filesystem error report for type 5 error -28 [ 463.277056][ T7583] EXT4-fs (loop4): 1 truncate cleaned up [ 463.336522][ T7583] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 463.408352][ T7589] capability: warning: `syz.1.441' uses 32-bit capabilities (legacy support in use) [ 463.525658][ T7589] program syz.1.441 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 463.656581][ T7583] syz.4.440 (7583) used greatest stack depth: 2800 bytes left [ 463.723016][ T5596] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 463.734568][ T6180] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-5 [ 463.779424][ T6180] EXT4-fs error (device loop4): ext4_release_dquot:7070: comm kworker/u8:16: Failed to release dquot type 1 [ 463.851019][ T6180] loop4: lost filesystem error report for type 5 error -117 [ 464.034257][ T7225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 464.211926][ T7596] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 464.273599][ T7596] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 464.714831][ T7225] 8021q: adding VLAN 0 to HW filter on device team0 [ 464.755332][ T7349] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 464.829739][ T7602] loop4: detected capacity change from 0 to 512 [ 464.846314][ T7349] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 464.869077][ T7602] EXT4-fs: Ignoring removed oldalloc option [ 464.879876][ T7602] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 464.905961][ T7349] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 464.927048][ T7602] EXT4-fs (loop4): 1 truncate cleaned up [ 464.960849][ T7602] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 465.041272][ T7349] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 465.171699][ T7349] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 465.242062][ T7349] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 465.310096][ T6180] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.317799][ T6180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 465.455846][ T7349] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 465.530628][ T5596] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 465.557040][ T7349] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 465.595484][ T5596] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 465.602339][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.615054][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 466.072692][ T7385] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 466.609272][ T14] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.896892][ T14] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.145622][ T14] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.367730][ T14] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.093463][ T14] bridge_slave_1: left allmulticast mode [ 468.107855][ T14] bridge_slave_1: left promiscuous mode [ 468.124209][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.149788][ T14] bridge_slave_0: left allmulticast mode [ 468.156377][ T14] bridge_slave_0: left promiscuous mode [ 468.176515][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.949155][ T14] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 469.012069][ T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 469.049358][ T14] bond0 (unregistering): Released all slaves [ 469.694883][ T7349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 469.997440][ T5583] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 470.008404][ T5583] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 470.019184][ T5583] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 470.037451][ T5583] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 470.048819][ T5583] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 470.171233][ T14] hsr_slave_0: left promiscuous mode [ 470.217937][ T14] hsr_slave_1: left promiscuous mode [ 470.272282][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 470.314449][ T14] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 470.331769][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 470.339312][ T14] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 470.434520][ T14] veth1_macvtap: left promiscuous mode [ 470.448616][ T14] veth0_macvtap: left promiscuous mode [ 470.460076][ T14] veth1_vlan: left promiscuous mode [ 470.488673][ T14] veth0_vlan: left promiscuous mode [ 470.507518][ T7653] loop0: detected capacity change from 0 to 512 [ 470.557614][ T7653] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 471.054754][ T5581] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.404795][ T7661] loop0: detected capacity change from 0 to 1024 [ 471.458274][ T7661] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 471.737123][ T5581] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.877735][ T14] team0 (unregistering): Port device team_slave_1 removed [ 471.958705][ T14] team0 (unregistering): Port device team_slave_0 removed [ 472.122063][ T5583] Bluetooth: hci4: command tx timeout [ 472.595389][ T7349] 8021q: adding VLAN 0 to HW filter on device team0 [ 472.763804][ T6180] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.771409][ T6180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 472.934368][ T6180] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.941972][ T6180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.201146][ T5583] Bluetooth: hci4: command tx timeout [ 475.157476][ T7225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 476.280684][ T5583] Bluetooth: hci4: command tx timeout [ 477.481151][ T7744] loop1: detected capacity change from 0 to 128 [ 477.524604][ T7744] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 477.609684][ T7744] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 477.652704][ T7225] veth0_vlan: entered promiscuous mode [ 477.805852][ T7225] veth1_vlan: entered promiscuous mode [ 477.936407][ T7349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 478.579507][ T5583] Bluetooth: hci4: command tx timeout [ 479.152569][ T5869] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 479.868010][ T7643] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.929262][ T7643] bridge0: port 1(bridge_slave_0) entered disabled state [ 479.991287][ T7643] bridge_slave_0: entered allmulticast mode [ 480.053481][ T7643] bridge_slave_0: entered promiscuous mode [ 480.199239][ T7643] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.255338][ T7643] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.278866][ T7643] bridge_slave_1: entered allmulticast mode [ 480.311138][ T7643] bridge_slave_1: entered promiscuous mode [ 480.697476][ T7643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 480.799879][ T7643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 480.971254][ T7225] veth0_macvtap: entered promiscuous mode [ 481.359330][ T7643] team0: Port device team_slave_0 added [ 481.469938][ T7643] team0: Port device team_slave_1 added [ 481.848206][ T7781] loop5: detected capacity change from 0 to 2640 [ 481.914588][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 481.953695][ T7643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.969195][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 481.980039][ T7643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 482.015383][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 482.057963][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 482.064626][ T7643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 482.106408][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 482.151248][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 482.171284][ T7643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 482.183272][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 482.208671][ T7643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 482.251489][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 482.286954][ T7781] ldm_validate_partition_table(): Disk read failed. [ 482.316057][ T7643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 482.332609][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 482.392180][ T7781] Buffer I/O error on dev loop5, logical block 0, async page read [ 482.444721][ T7781] Dev loop5: unable to read RDB block 0 [ 482.502909][ T7781] loop5: unable to read partition table [ 482.552878][ T7781] loop_reread_partitions: partition scan of loop5 (3„ ¾‚³˜) failed (rc=-5) [ 482.644456][ T48] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 482.662455][ T48] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 482.674919][ T48] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 482.698340][ T48] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 482.714148][ T48] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 483.105623][ T7643] hsr_slave_0: entered promiscuous mode [ 483.173589][ T7643] hsr_slave_1: entered promiscuous mode [ 483.223775][ T7643] debugfs: 'hsr0' already exists in 'hsr' [ 483.251422][ T7643] Cannot create hsr debugfs directory [ 483.344031][ T5232] 8021q: adding VLAN 0 to HW filter on device eth5 [ 484.111064][ T7349] veth0_vlan: entered promiscuous mode [ 484.472180][ T7349] veth1_vlan: entered promiscuous mode [ 484.760733][ T5583] Bluetooth: hci5: command tx timeout [ 484.837807][ T7643] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 484.858042][ T7643] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 484.870073][ T7643] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 484.893806][ T7643] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 484.954350][ T7643] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 484.986876][ T7643] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 485.054674][ T7643] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 485.080608][ T7643] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 485.604242][ T14] bridge_slave_1: left allmulticast mode [ 485.611665][ T14] bridge_slave_1: left promiscuous mode [ 485.635672][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.661323][ T14] bridge_slave_0: left allmulticast mode [ 485.667328][ T14] bridge_slave_0: left promiscuous mode [ 485.675616][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.107508][ T14] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 486.128047][ T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 486.152262][ T14] bond0 (unregistering): Released all slaves [ 486.174690][ T7349] veth0_macvtap: entered promiscuous mode [ 486.206214][ T5232] 8021q: adding VLAN 0 to HW filter on device eth6 [ 486.348044][ T7349] veth1_macvtap: entered promiscuous mode [ 486.413916][ T14] hsr_slave_0: left promiscuous mode [ 486.423977][ T14] hsr_slave_1: left promiscuous mode [ 486.431988][ T14] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 486.445357][ T14] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 486.470237][ T14] veth0_macvtap: left promiscuous mode [ 486.476341][ T14] veth1_vlan: left promiscuous mode [ 486.482715][ T14] veth0_vlan: left promiscuous mode [ 486.841922][ T5583] Bluetooth: hci5: command tx timeout [ 486.952937][ T14] team0 (unregistering): Port device team_slave_1 removed [ 487.015425][ T14] team0 (unregistering): Port device team_slave_0 removed [ 487.525045][ T7349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 487.724244][ T7349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 487.868939][ T5969] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.900947][ T5969] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.941003][ T5969] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.964954][ T5969] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.169829][ T7643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 488.390019][ T7643] 8021q: adding VLAN 0 to HW filter on device team0 [ 488.487081][ T7789] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.497106][ T7789] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.507726][ T7789] bridge_slave_0: entered allmulticast mode [ 488.518164][ T7789] bridge_slave_0: entered promiscuous mode [ 488.557062][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.564655][ T5879] bridge0: port 1(bridge_slave_0) entered forwarding state [ 488.591762][ T7789] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.606005][ T7789] bridge0: port 2(bridge_slave_1) entered disabled state [ 488.632729][ T7789] bridge_slave_1: entered allmulticast mode [ 488.655971][ T7789] bridge_slave_1: entered promiscuous mode [ 488.833397][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.840971][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 488.873473][ T7789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 488.924420][ T5583] Bluetooth: hci5: command tx timeout [ 488.935114][ T7789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 489.217059][ T7789] team0: Port device team_slave_0 added [ 489.269836][ T7789] team0: Port device team_slave_1 added [ 489.545789][ T7789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 489.553094][ T7789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.621655][ T7789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 489.639061][ T7789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 489.649687][ T7789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 489.676222][ T7789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 489.714118][ T5232] 8021q: adding VLAN 0 to HW filter on device eth7 [ 489.930501][ T7789] hsr_slave_0: entered promiscuous mode [ 489.942197][ T7789] hsr_slave_1: entered promiscuous mode [ 491.012120][ T5583] Bluetooth: hci5: command tx timeout [ 491.746501][ T7789] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 491.795969][ T7789] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 491.828643][ T7789] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 491.886722][ T7789] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 491.938867][ T7789] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 492.003660][ T7789] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 492.028369][ T7789] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 492.068578][ T7789] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 492.362862][ T5879] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.404536][ T5879] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 492.617084][ T5869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.650923][ T5869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 493.040008][ T7643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 493.329790][ T7789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 493.366781][ T7889] input: syz0 as /devices/virtual/input/input5 [ 493.715487][ T5232] 8021q: adding VLAN 0 to HW filter on device eth8 [ 494.101177][ T2076] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 494.781660][ T2076] usb 1-1: Using ep0 maxpacket: 32 [ 494.808005][ T2076] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.875103][ T2076] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.918387][ T2076] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 494.936455][ T2076] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.969945][ T2076] usb 1-1: config 0 descriptor?? [ 495.651103][ T2076] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 495.822545][ T2076] usb 1-1: USB disconnect, device number 6 [ 496.476305][ T7898] fido_id[7898]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 496.674049][ T7789] 8021q: adding VLAN 0 to HW filter on device team0 [ 496.858555][ T5969] bridge0: port 1(bridge_slave_0) entered blocking state [ 496.866163][ T5969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 497.148774][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.156398][ T5878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 498.681766][ T5583] Bluetooth: hci3: command 0x0c1a tx timeout [ 498.684243][ T9] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 498.752037][ T9] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 499.363812][ T7643] veth0_vlan: entered promiscuous mode [ 499.608049][ T7643] veth1_vlan: entered promiscuous mode [ 500.219911][ T7643] veth0_macvtap: entered promiscuous mode [ 500.326453][ T7643] veth1_macvtap: entered promiscuous mode [ 500.782621][ T7643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 500.922091][ T5583] Bluetooth: hci4: command 0x0c1a tx timeout [ 500.937748][ T9] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 501.005963][ T9] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 501.030241][ T7643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 501.294223][ T5878] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.349472][ T34] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.424156][ T34] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.469489][ T34] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.242225][ T9] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 503.243074][ T5583] Bluetooth: hci5: command 0x0c1a tx timeout [ 503.276127][ T7789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 503.297959][ T9] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 506.049990][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.050254][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.355390][ T8023] loop1: detected capacity change from 0 to 256 [ 506.368807][ T7789] veth0_vlan: entered promiscuous mode [ 506.511551][ T7789] veth1_vlan: entered promiscuous mode [ 506.928862][ T7789] veth0_macvtap: entered promiscuous mode [ 506.983465][ T7789] veth1_macvtap: entered promiscuous mode [ 507.172214][ T7789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 507.262812][ T7789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 507.356337][ T34] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.356666][ T34] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.356853][ T34] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 507.357127][ T34] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.694953][ T8048] sctp: [Deprecated]: syz.1.517 (pid 8048) Use of int in max_burst socket option deprecated. [ 508.694953][ T8048] Use struct sctp_assoc_value instead [ 509.089392][ T6538] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 509.089477][ T6538] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 509.491962][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 509.519835][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 514.255764][ T8084] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 514.487236][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 514.672231][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 514.728547][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 514.770704][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 514.794625][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 514.875584][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 514.927664][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 514.972117][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.304458][ T9] usb 1-1: GET_CAPABILITIES returned 2f [ 515.319210][ T9] usbtmc 1-1:16.0: can't read capabilities [ 515.564523][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 515.608388][ T7937] usb 1-1: USB disconnect, device number 7 [ 516.721132][ T7937] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 516.934466][ T7937] usb 7-1: config 0 has an invalid interface number: 50 but max is 0 [ 516.978753][ T7937] usb 7-1: config 0 has no interface number 0 [ 517.006621][ T7937] usb 7-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 517.065500][ T7937] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 517.111774][ T7937] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.147804][ T7937] usb 7-1: Product: syz [ 517.175119][ T7937] usb 7-1: Manufacturer: syz [ 517.723498][ T7937] usb 7-1: SerialNumber: syz [ 517.735800][ T7937] usb 7-1: config 0 descriptor?? [ 517.766978][ T7937] yurex 7-1:0.50: USB YUREX device now attached to Yurex #0 [ 518.425012][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.517870][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.970253][ T5869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.023848][ T5869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.151442][ T8144] loop7: detected capacity change from 0 to 1024 [ 519.290136][ T8144] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 519.360757][ T8150] IPVS: sh: FWM 3 0x00000003 - no destination available [ 519.474396][ T8144] EXT4-fs error (device loop7): ext4_map_blocks:833: inode #3: block 1: comm syz.7.538: lblock 1 mapped to illegal pblock 1 (length 1) [ 519.551773][ T8154] mmap: syz.0.540 (8154) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 519.582554][ T8144] loop7: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 519.586321][ T8144] Quota error (device loop7): write_blk: dquota write failed [ 519.595742][ C0] EXT4-fs (loop7): error count since last fsck: 1 [ 519.595831][ C0] EXT4-fs (loop7): initial error at time 1780112402: ext4_map_blocks:833: inode 3: block 1 [ 519.596021][ C0] EXT4-fs (loop7): last error at time 1780112402: ext4_map_blocks:833: inode 3: block 1 [ 519.802838][ T8144] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota [ 519.877939][ T8144] EXT4-fs error (device loop7): ext4_acquire_dquot:7034: comm syz.7.538: Failed to acquire dquot type 0 [ 519.917061][ T9] usb 7-1: USB disconnect, device number 2 [ 519.951796][ T9] yurex 7-1:0.50: USB YUREX #0 now disconnected [ 519.978785][ T8144] loop7: lost filesystem error report for type 5 error -117 [ 520.006835][ T8144] EXT4-fs error (device loop7): ext4_free_blocks:6718: comm syz.7.538: Freeing blocks not in datazone - block = 0, count = 4096 [ 520.116992][ T8144] loop7: lost filesystem error report for type 5 error -117 [ 520.119611][ T8144] EXT4-fs error (device loop7): ext4_read_inode_bitmap:139: comm syz.7.538: Invalid inode bitmap blk 0 in block_group 0 [ 520.147674][ T5969] EXT4-fs error (device loop7): ext4_map_blocks:791: inode #3: block 1: comm kworker/u8:15: lblock 1 mapped to illegal pblock 1 (length 1) [ 520.200830][ T8144] loop7: lost filesystem error report for type 5 error -117 [ 520.204413][ T8144] EXT4-fs error (device loop7) in ext4_free_inode:361: Corrupt filesystem [ 520.253234][ T5969] loop7: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 520.255395][ T5969] Quota error (device loop7): remove_tree: Can't read quota data block 1 [ 520.290104][ T8144] loop7: lost filesystem error report for type 5 error -117 [ 520.292942][ T8144] EXT4-fs (loop7): 1 orphan inode deleted [ 520.353232][ T5969] EXT4-fs error (device loop7): ext4_release_dquot:7070: comm kworker/u8:15: Failed to release dquot type 0 [ 520.369748][ T8144] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 520.399651][ T5969] loop7: lost filesystem error report for type 5 error -117 [ 520.567333][ T8144] EXT4-fs error (device loop7): ext4_map_blocks:791: inode #3: block 1: comm syz.7.538: lblock 1 mapped to illegal pblock 1 (length 1) [ 520.722839][ T8144] Quota error (device loop7): find_tree_dqentry: Can't read quota tree block 1 [ 520.740260][ T8144] Quota error (device loop7): qtree_read_dquot: Can't read quota structure for id 980643439 [ 520.753845][ T9] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 520.784406][ T8144] EXT4-fs error (device loop7): ext4_acquire_dquot:7034: comm syz.7.538: Failed to acquire dquot type 0 [ 521.011216][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 521.042618][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 521.097277][ T9] usb 7-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 521.163091][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.199580][ T7643] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 521.215038][ T5778] EXT4-fs error (device loop7): ext4_map_blocks:791: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1) [ 521.239680][ T9] usb 7-1: config 0 descriptor?? [ 521.288815][ T5778] loop7: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 521.291049][ T5778] Quota error (device loop7): remove_tree: Can't read quota data block 1 [ 521.379144][ T5778] EXT4-fs error (device loop7): ext4_release_dquot:7070: comm kworker/u8:10: Failed to release dquot type 0 [ 521.420731][ T5778] loop7: lost filesystem error report for type 5 error -117 [ 521.827664][ T9] isku 0003:1E7D:319C.0005: unknown main item tag 0x0 [ 521.909944][ T9] isku 0003:1E7D:319C.0005: unknown main item tag 0x0 [ 521.936498][ T9] isku 0003:1E7D:319C.0005: unknown main item tag 0x0 [ 521.964325][ T9] isku 0003:1E7D:319C.0005: unknown main item tag 0x0 [ 521.991902][ T9] isku 0003:1E7D:319C.0005: unknown main item tag 0x0 [ 522.022628][ T9] isku 0003:1E7D:319C.0005: unknown main item tag 0x0 [ 522.050222][ T9] isku 0003:1E7D:319C.0005: unknown main item tag 0x0 [ 522.121824][ T9] isku 0003:1E7D:319C.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.6-1/input0 [ 522.442315][ T7937] usb 7-1: USB disconnect, device number 3 [ 522.872853][ T8197] netlink: 4 bytes leftover after parsing attributes in process `syz.7.549'. [ 523.119115][ T8199] netlink: 1243 bytes leftover after parsing attributes in process `syz.1.550'. [ 523.252140][ T8195] fido_id[8195]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 523.694638][ T8205] loop7: detected capacity change from 0 to 64 [ 525.279019][ T8215] loop6: detected capacity change from 0 to 4096 [ 525.284425][ T8221] loop7: detected capacity change from 0 to 256 [ 525.343352][ T8215] ntfs3(loop6): Different NTFS sector size (2048) and media sector size (512). [ 525.433896][ T8221] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d) [ 525.527981][ T8220] loop1: detected capacity change from 0 to 2048 [ 525.568820][ T8221] exFAT-fs (loop7): valid_size(150994954) is greater than size(10) [ 525.646804][ T29] audit: type=1800 audit(1780112408.336:12): pid=8224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.558" name="file1" dev="loop7" ino=1048637 res=0 errno=0 [ 525.766484][ T8220] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 525.875198][ T8215] ntfs3(loop6): Failed to initialize $Extend/$ObjId. [ 526.279961][ T8215] ntfs3(loop6): ino=21, "bus" failed to extend initialized size to 8002007ffb. [ 526.576593][ T5584] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.385726][ T8239] loop1: detected capacity change from 0 to 128 [ 527.581449][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 527.585165][ T8239] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 527.677638][ T8239] ext4 filesystem being mounted at /174/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 527.688342][ T8243] loop3: detected capacity change from 0 to 7 [ 527.712891][ T8243] Dev loop3: unable to read RDB block 7 [ 527.757247][ T8243] loop3: AHDI p3 p4 [ 527.782148][ T8243] loop3: partition table partially beyond EOD, truncated [ 527.797388][ T9] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 527.827649][ T8243] loop3: p3 start 1702000233 is beyond EOD, truncated [ 527.873760][ T9] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 527.957862][ T9] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 528.018010][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.093796][ T8237] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 528.197242][ T5675] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 528.245604][ T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 528.421431][ T5675] usb 6-1: config 0 has no interfaces? [ 528.496652][ T5584] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 528.533792][ T5675] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 528.610931][ T5675] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 528.658319][ T5675] usb 6-1: Product: syz [ 528.690460][ T5675] usb 6-1: Manufacturer: syz [ 528.719874][ T5675] usb 6-1: SerialNumber: syz [ 528.797724][ T5675] usb 6-1: config 0 descriptor?? [ 529.099115][ T8244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 529.173534][ T9] usb 1-1: USB disconnect, device number 8 [ 529.202443][ T8244] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 529.286253][ T7937] usb 6-1: USB disconnect, device number 2 [ 529.880780][ T5675] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 530.121460][ T5675] usb 7-1: unable to get BOS descriptor or descriptor too short [ 530.144627][ T8264] veth1_to_bond: entered allmulticast mode [ 530.204792][ T5675] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 530.210144][ T8264] veth1_to_bond: entered promiscuous mode [ 530.257466][ T5675] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 530.289581][ T8262] veth1_to_bond: left promiscuous mode [ 530.299962][ T5675] usb 7-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 530.336567][ T8262] veth1_to_bond: left allmulticast mode [ 530.374264][ T5675] usb 7-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 530.454566][ T5675] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 530.501803][ T5675] usb 7-1: config 1 interface 1 has no altsetting 0 [ 530.563839][ T5675] usb 7-1: string descriptor 0 read error: -22 [ 530.600973][ T5675] usb 7-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 530.623927][ T5675] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.895069][ T8279] loop1: detected capacity change from 0 to 256 [ 532.010914][ T8279] exfat: Deprecated parameter 'utf8' [ 532.055863][ T8279] exfat: Deprecated parameter 'utf8' [ 532.103746][ T8279] exfat: Deprecated parameter 'utf8' [ 532.284683][ T8279] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xc70f51ff, utbl_chksum : 0xe619d30d) [ 532.571394][ T5675] usb 7-1: USB disconnect, device number 4 [ 533.596447][ T29] audit: type=1326 audit(1780112416.296:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8287 comm="syz.1.577" exe="/root/ci-upstream-kmsan-gce-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdc42b9ce59 code=0x0 [ 535.662981][ T8320] loop6: detected capacity change from 0 to 512 [ 535.683835][ T8319] loop0: detected capacity change from 0 to 1024 [ 535.697032][ T8320] EXT4-fs: Ignoring removed oldalloc option [ 535.711112][ T8319] EXT4-fs: Ignoring removed nomblk_io_submit option [ 535.781138][ T8320] EXT4-fs (loop6): 1 truncate cleaned up [ 535.791051][ T5675] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 535.825882][ T8319] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 535.858368][ T8320] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 535.888636][ T8319] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 536.005388][ T5675] usb 2-1: Using ep0 maxpacket: 32 [ 536.056990][ T5675] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 536.083673][ T8319] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.584: bg 0: block 112: padding at end of block bitmap is not set [ 536.098691][ T5675] usb 2-1: config 0 has no interface number 0 [ 536.130196][ T5675] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 536.173531][ T8319] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 536.187054][ T5675] usb 2-1: config 0 interface 85 has no altsetting 0 [ 536.233458][ T8319] EXT4-fs (loop0): This should not happen!! Data will be lost [ 536.233458][ T8319] [ 536.260117][ T5675] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 536.284282][ T5675] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.307397][ T8319] EXT4-fs (loop0): Total free blocks count 0 [ 536.319486][ T5675] usb 2-1: Product: syz [ 536.359675][ T5675] usb 2-1: Manufacturer: syz [ 536.423895][ T5675] usb 2-1: SerialNumber: syz [ 536.446842][ T8319] EXT4-fs (loop0): Free/Dirty block details [ 536.473946][ T8319] EXT4-fs (loop0): free_blocks=0 [ 536.547892][ T8319] EXT4-fs (loop0): dirty_blocks=64 [ 536.567611][ T8319] EXT4-fs (loop0): Block reservation details [ 536.569177][ T5675] usb 2-1: config 0 descriptor?? [ 536.594086][ T8319] EXT4-fs (loop0): i_reserved_data_blocks=4 [ 536.866798][ T7349] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.251359][ T5581] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 537.376665][ T5581] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 537.397933][ T5675] appletouch 2-1:0.85: Geyser mode initialized. [ 537.463552][ T5675] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input6 [ 537.629757][ T5675] usb 2-1: USB disconnect, device number 4 [ 537.653034][ T7937] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 537.701286][ T5734] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 537.772999][ T5675] appletouch 2-1:0.85: input: appletouch disconnected [ 537.861773][ T7937] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 537.921200][ T7937] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 537.948397][ T5734] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 538.003513][ T7937] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 538.027621][ T5734] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 538.053624][ T7937] usb 8-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 538.116355][ T5734] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 538.144173][ T7937] usb 8-1: Manufacturer: syz [ 538.231437][ T7937] usb 8-1: config 0 descriptor?? [ 538.263427][ T5734] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 538.397809][ T5734] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.587639][ T5734] usb 7-1: config 0 descriptor?? [ 538.828494][ T8349] netlink: 4 bytes leftover after parsing attributes in process `syz.0.591'. [ 539.576510][ T8351] netlink: 8 bytes leftover after parsing attributes in process `syz.5.592'. [ 539.676114][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 539.737495][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 539.831950][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 539.911179][ T7937] uclogic 0003:256C:006D.0006: failed retrieving string descriptor #100: -71 [ 539.990499][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 540.075710][ T7937] uclogic 0003:256C:006D.0006: failed retrieving pen parameters: -71 [ 540.111405][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 540.205483][ T7937] uclogic 0003:256C:006D.0006: failed probing pen v1 parameters: -71 [ 540.241234][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 540.309460][ T7937] uclogic 0003:256C:006D.0006: failed probing parameters: -71 [ 540.343280][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 540.458585][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 540.469671][ T7937] uclogic 0003:256C:006D.0006: probe with driver uclogic failed with error -71 [ 540.557217][ T5734] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 540.646327][ T7937] usb 8-1: USB disconnect, device number 2 [ 540.797994][ T5734] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 540.908723][ T5734] usb 7-1: USB disconnect, device number 5 [ 542.736004][ T8376] fido_id[8376]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 543.244182][ T5734] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 543.529789][ T5734] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 543.658917][ T5734] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 543.824983][ T5734] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 543.956204][ T5734] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.282070][ T8406] loop7: detected capacity change from 0 to 40427 [ 544.305759][ T8406] F2FS-fs (loop7): invalid crc value [ 544.579684][ T8406] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 544.594913][ T8406] F2FS-fs (loop7): Start checkpoint disabled! [ 544.601341][ T5734] usb 2-1: usb_control_msg returned -32 [ 544.614363][ T8406] F2FS-fs (loop7): f2fs_disable_checkpoint() finish, err:0 [ 544.626057][ T8406] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6 [ 544.652791][ T29] audit: type=1800 audit(1780112427.356:14): pid=8406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.605" name="file1" dev="loop7" ino=10 res=0 errno=0 [ 544.690820][ T5734] usbtmc 2-1:16.0: can't read capabilities [ 545.272888][ T5734] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 545.591053][ T8423] bio_check_eod: 176 callbacks suppressed [ 545.591247][ T8423] syz.7.605: attempt to access beyond end of device [ 545.591247][ T8423] loop7: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 545.623556][ T8423] syz.7.605: attempt to access beyond end of device [ 545.623556][ T8423] loop7: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 545.646566][ T8423] syz.7.605: attempt to access beyond end of device [ 545.646566][ T8423] loop7: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 545.668370][ T8423] syz.7.605: attempt to access beyond end of device [ 545.668370][ T8423] loop7: rw=2049, sector=45120, nr_sectors = 8 limit=40427 [ 545.687817][ T8423] syz.7.605: attempt to access beyond end of device [ 545.687817][ T8423] loop7: rw=2049, sector=45128, nr_sectors = 8 limit=40427 [ 545.710203][ T8423] syz.7.605: attempt to access beyond end of device [ 545.710203][ T8423] loop7: rw=2049, sector=45136, nr_sectors = 16 limit=40427 [ 545.731624][ T8423] syz.7.605: attempt to access beyond end of device [ 545.731624][ T8423] loop7: rw=2049, sector=45152, nr_sectors = 8 limit=40427 [ 545.819780][ T8423] syz.7.605: attempt to access beyond end of device [ 545.819780][ T8423] loop7: rw=2049, sector=45160, nr_sectors = 8 limit=40427 [ 545.843718][ T8423] syz.7.605: attempt to access beyond end of device [ 545.843718][ T8423] loop7: rw=2049, sector=45168, nr_sectors = 8 limit=40427 [ 545.864378][ T8423] syz.7.605: attempt to access beyond end of device [ 545.864378][ T8423] loop7: rw=2049, sector=45176, nr_sectors = 8 limit=40427 [ 547.800642][ T5675] usb 2-1: USB disconnect, device number 5 [ 548.251976][ T5734] usb 7-1: Using ep0 maxpacket: 32 [ 548.329405][ T1116] CPU: 0 UID: 0 PID: 1116 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(lazy) [ 548.329554][ T1116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 548.329655][ T1116] Workqueue: writeback wb_workfn (flush-7:7) [ 548.329841][ T1116] Call Trace: [ 548.329885][ T1116] [ 548.329933][ T1116] __dump_stack+0x26/0x30 [ 548.330077][ T1116] dump_stack_lvl+0x14c/0x1c0 [ 548.330255][ T1116] dump_stack+0x1e/0x25 [ 548.330388][ T1116] f2fs_stop_checkpoint+0xac3/0xc70 [ 548.330560][ T1116] f2fs_write_end_io+0x1207/0x2200 [ 548.330772][ T1116] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 548.330916][ T1116] bio_endio+0xfcc/0x1120 [ 548.331094][ T1116] submit_bio_noacct+0x533/0x2920 [ 548.331321][ T1116] submit_bio+0x57a/0x620 [ 548.331503][ T1116] f2fs_submit_write_bio+0x115/0x310 [ 548.331702][ T1116] __submit_merged_bio+0x16b/0x700 [ 548.331885][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.332074][ T1116] __submit_merged_write_cond+0x4ba/0xae0 [ 548.332282][ T1116] f2fs_write_data_pages+0x4f4d/0x5c60 [ 548.332533][ T1116] ? sysvec_apic_timer_interrupt+0x52/0x90 [ 548.332734][ T1116] ? seccomp_attach_filter+0x200/0x18a0 [ 548.332879][ T1116] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 548.333044][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.333214][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.333384][ T1116] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 548.333577][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.333742][ T1116] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 548.333912][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.334078][ T1116] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 548.334251][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.334424][ T1116] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 548.334595][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.334762][ T1116] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 548.334928][ T1116] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 548.335068][ T1116] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 548.335207][ T1116] do_writepages+0x3f2/0x860 [ 548.335330][ T1116] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 548.335513][ T1116] ? queue_io+0x7a1/0x7b0 [ 548.335661][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.335847][ T1116] __writeback_single_inode+0x101/0x10a0 [ 548.336049][ T1116] writeback_sb_inodes+0xb1a/0x1d50 [ 548.336333][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.336501][ T1116] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 548.336683][ T1116] wb_writeback+0x4d3/0xc50 [ 548.336870][ T1116] ? queue_io+0x4a1/0x7b0 [ 548.337034][ T1116] wb_workfn+0x3a2/0x1970 [ 548.337180][ T1116] ? kmsan_get_metadata+0xf1/0x160 [ 548.337371][ T1116] ? __pfx_wb_workfn+0x10/0x10 [ 548.337517][ T1116] process_scheduled_works+0xb65/0x1e40 [ 548.337736][ T1116] worker_thread+0xee4/0x1590 [ 548.337922][ T1116] kthread+0x53a/0x5f0 [ 548.338079][ T1116] ? __pfx_worker_thread+0x10/0x10 [ 548.338241][ T1116] ? __pfx_kthread+0x10/0x10 [ 548.338397][ T1116] ret_from_fork+0x20f/0x8d0 [ 548.338539][ T1116] ? __switch_to+0x573/0x7a0 [ 548.338703][ T1116] ? __pfx_kthread+0x10/0x10 [ 548.338864][ T1116] ret_from_fork_asm+0x1a/0x30 [ 548.339050][ T1116] [ 548.733602][ T1116] F2FS-fs (loop7): Stopped filesystem due to reason: 3 [ 548.797298][ T5734] usb 7-1: device descriptor read/all, error -71 [ 550.056104][ T8443] netlink: 8 bytes leftover after parsing attributes in process `syz.5.615'. [ 550.188619][ T8443] netlink: 'syz.5.615': attribute type 5 has an invalid length. [ 550.265681][ T8443] netlink: 'syz.5.615': attribute type 8 has an invalid length. [ 550.332488][ T8443] netlink: 8 bytes leftover after parsing attributes in process `syz.5.615'. [ 550.403164][ T8447] loop6: detected capacity change from 0 to 4096 [ 550.425948][ T8447] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512). [ 550.617799][ T8447] ntfs3(loop6): ino=19, mi_enum_attr [ 550.623700][ T8447] ntfs3(loop6): Mark volume as dirty due to NTFS errors [ 550.671026][ T8443] geneve2: entered promiscuous mode [ 550.694347][ T8443] geneve2: entered allmulticast mode [ 550.751343][ T29] audit: type=1800 audit(1780112433.436:15): pid=8447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.616" name="file1" dev="loop6" ino=33 res=0 errno=0 [ 550.860015][ T52] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 550.945064][ T5869] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 551.111937][ T5869] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 551.184673][ T5869] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 551.874679][ T8457] overlayfs: failed lookup in lower (newroot/13, name='file0', err=-40): overlapping layers [ 552.060738][ T5675] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 552.268876][ T5675] usb 2-1: Using ep0 maxpacket: 8 [ 552.309445][ T5675] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 552.370806][ T5675] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 552.415008][ T5675] usb 2-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00 [ 552.450493][ T5675] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.558070][ T5675] usb 2-1: config 0 descriptor?? [ 552.982298][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 553.146748][ T5675] aquacomputer_d5next 0003:0C70:F0B6.0008: hidraw0: USB HID v0.00 Device [HID 0c70:f0b6] on usb-dummy_hcd.1-1/input0 [ 553.191427][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 553.211517][ T8470] loop6: detected capacity change from 0 to 4096 [ 553.232615][ T9] usb 6-1: config 1 has an invalid interface number: 105 but max is 0 [ 553.270827][ T8470] EXT4-fs: inline encryption not supported [ 553.274259][ T9] usb 6-1: config 1 has no interface number 0 [ 553.340934][ T9] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 553.348285][ T8470] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 553.417455][ T9] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 553.439111][ T8470] EXT4-fs (loop6): Test dummy encryption mode enabled [ 553.480688][ T9] usb 6-1: config 1 interface 105 has no altsetting 0 [ 553.551787][ T8470] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8842c1a8, mo2=0003] [ 553.557493][ T9] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 553.644727][ T8470] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 553.679205][ T9] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 553.750599][ T9] usb 6-1: Product: syz [ 553.799071][ T9] usb 6-1: Manufacturer: syz [ 553.843319][ T9] usb 6-1: SerialNumber: syz [ 553.902732][ T8472] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 553.972694][ T8472] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 554.165173][ T8487] loop2: detected capacity change from 0 to 7 [ 554.287940][ T8487] loop2: [ 554.315925][ T8487] loop2: partition table partially beyond EOD, truncated [ 554.401029][ T5734] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 554.547031][ T8472] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 554.611583][ T8472] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 554.622205][ T7349] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 554.623792][ T5734] usb 8-1: Using ep0 maxpacket: 8 [ 554.711192][ T5734] usb 8-1: config index 0 descriptor too short (expected 74, got 45) [ 554.763646][ T5734] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 554.786432][ T5734] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 554.865335][ T5734] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024 [ 554.924714][ T5734] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 554.988863][ T5734] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 555.078833][ T5734] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 555.105313][ T24] usb 2-1: USB disconnect, device number 6 [ 555.157803][ T5734] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.522863][ T9] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 555.580878][ T5734] usb 8-1: usb_control_msg returned -32 [ 555.608493][ T5734] usbtmc 8-1:16.0: can't read capabilities [ 555.722180][ T9] aqc111 6-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 9e:8c:bd:f2:ee:51 [ 555.814100][ T9] usb 6-1: USB disconnect, device number 3 [ 555.857368][ T9] aqc111 6-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 555.989425][ T8499] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -71 [ 556.083437][ T8499] usbtmc 8-1:16.0: usb_control_msg returned -32 [ 556.104352][ T9] aqc111 6-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 556.115140][ T5734] usb 8-1: USB disconnect, device number 3 [ 556.152677][ T9] aqc111 6-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 556.212264][ T9] aqc111 6-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 556.885751][ T8512] loop5: detected capacity change from 0 to 256 [ 556.915438][ T8512] exfat: Deprecated parameter 'utf8' [ 556.931551][ T8512] exfat: Deprecated parameter 'namecase' [ 556.948286][ T8512] exfat: Deprecated parameter 'utf8' [ 557.039425][ T8512] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 557.121383][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 557.168597][ T8512] exFAT-fs (loop5): start_clu is invalid cluster(0x0) [ 557.379557][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 557.413415][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 557.444371][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 557.482415][ T9] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 557.523084][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.755562][ T9] usb 1-1: config 0 descriptor?? [ 558.307444][ C1] Unknown status report in ack skb [ 558.389634][ T9] savu 0003:1E7D:2D5A.0009: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 558.582680][ T9] usb 1-1: USB disconnect, device number 9 [ 559.209450][ T8532] fido_id[8532]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 559.317536][ T8543] loop7: detected capacity change from 0 to 512 [ 559.398077][ T8543] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 559.588091][ T8543] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 559.702152][ T8543] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 559.916694][ T8555] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 560.458297][ T7643] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 561.079580][ T8564] loop0: detected capacity change from 0 to 2048 [ 561.098209][ T8572] loop7: detected capacity change from 0 to 128 [ 561.166333][ T8572] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 561.257139][ T8564] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 561.301657][ T8572] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 561.491231][ T8564] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 561.562127][ T8564] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 33 with max blocks 33 with error 28 [ 561.633522][ T8564] EXT4-fs (loop0): This should not happen!! Data will be lost [ 561.633522][ T8564] [ 561.654941][ T8564] EXT4-fs (loop0): Total free blocks count 0 [ 561.667105][ T8564] EXT4-fs (loop0): Free/Dirty block details [ 561.674360][ T8564] EXT4-fs (loop0): free_blocks=2415919504 [ 561.682393][ T8564] EXT4-fs (loop0): dirty_blocks=64 [ 561.688055][ T8564] EXT4-fs (loop0): Block reservation details [ 561.737669][ T8564] EXT4-fs (loop0): i_reserved_data_blocks=4 [ 561.839581][ T7643] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 562.193255][ T14] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 562.287423][ T5581] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 566.552675][ T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 566.751334][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 566.780112][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 566.804256][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 566.877492][ T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 566.919504][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.009405][ T9] usb 7-1: config 0 descriptor?? [ 567.501983][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.515492][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.585104][ T9] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 568.211056][ T9] usb 7-1: USB disconnect, device number 8 [ 568.438123][ T8643] fido_id[8643]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 569.624316][ T8657] syzkaller0: entered promiscuous mode [ 569.662367][ T8657] syzkaller0: entered allmulticast mode [ 570.251036][ T24] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 570.410924][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 570.457939][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.728405][ T24] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 55456, setting to 1024 [ 570.938495][ T24] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 570.997798][ T24] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 571.055166][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.103315][ T24] usb 7-1: Product: syz [ 571.113588][ T24] usb 7-1: Manufacturer: syz [ 571.125189][ T24] usb 7-1: SerialNumber: syz [ 571.459773][ T8671] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 572.317845][ T8671] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 572.578556][ T24] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 572.604815][ T24] cdc_ncm 7-1:1.0: dwNtbInMaxSize=3 is too small. Using 2048 [ 572.641443][ T24] cdc_ncm 7-1:1.0: setting rx_max = 2048 [ 572.803315][ T24] cdc_ncm 7-1:1.0: setting tx_max = 16384 [ 572.855434][ T24] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 572.934907][ T24] usb 7-1: USB disconnect, device number 9 [ 572.971815][ T24] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM (NO ZLP) [ 573.041054][ T9] Process accounting resumed [ 573.650776][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 573.888326][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 574.538990][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 574.599582][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 574.692236][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 574.751765][ T9] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 574.814013][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.874756][ T9] usb 6-1: config 0 descriptor?? [ 574.974396][ T24] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 575.135522][ T8702] random: crng reseeded on system resumption [ 575.174091][ T24] usb 7-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 575.237010][ T24] usb 7-1: config 0 interface 0 has no altsetting 0 [ 575.267124][ T24] usb 7-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 575.286283][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.307118][ T24] usb 7-1: config 0 descriptor?? [ 575.765536][ T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.000B/input/input7 [ 575.837329][ T24] zeroplus 0003:0C12:0005.000C: unknown main item tag 0x0 [ 575.865004][ T24] zeroplus 0003:0C12:0005.000C: unknown main item tag 0x0 [ 575.888644][ T24] zeroplus 0003:0C12:0005.000C: unknown main item tag 0x0 [ 575.907039][ T24] zeroplus 0003:0C12:0005.000C: unknown main item tag 0x0 [ 575.931357][ T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.000B/input/input8 [ 575.931481][ T24] zeroplus 0003:0C12:0005.000C: unknown main item tag 0x0 [ 575.996338][ T24] zeroplus 0003:0C12:0005.000C: unknown main item tag 0x0 [ 576.057988][ T24] zeroplus 0003:0C12:0005.000C: unbalanced collection at end of report description [ 576.091015][ T5734] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 576.162396][ T24] zeroplus 0003:0C12:0005.000C: parse failed [ 576.184691][ T24] zeroplus 0003:0C12:0005.000C: probe with driver zeroplus failed with error -22 [ 576.256044][ T9] kye 0003:0458:5011.000B: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.5-1/input0 [ 576.303256][ T24] usb 7-1: USB disconnect, device number 10 [ 576.317047][ T5734] usb 1-1: Using ep0 maxpacket: 16 [ 576.381002][ T5734] usb 1-1: config 0 has an invalid interface number: 34 but max is 0 [ 576.406145][ T5734] usb 1-1: config 0 has no interface number 0 [ 576.452748][ T5734] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 576.495966][ T5734] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 576.569025][ T5734] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 576.616263][ T5734] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.654757][ T5734] usb 1-1: Product: syz [ 576.677948][ T5734] usb 1-1: Manufacturer: syz [ 576.714297][ T5734] usb 1-1: SerialNumber: syz [ 577.081585][ T5734] usb 1-1: config 0 descriptor?? [ 577.144368][ T8722] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 577.194599][ T9] usb 6-1: reset high-speed USB device number 4 using dummy_hcd [ 577.236353][ T8722] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 577.668750][ T8722] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 577.716892][ T8722] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 577.994570][ T5734] asix 1-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random [ 578.403197][ T8741] loop5: detected capacity change from 0 to 512 [ 578.612602][ T8741] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 578.710104][ T5682] usb 6-1: USB disconnect, device number 4 [ 578.825030][ T8741] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 579.373038][ T5734] asix 1-1:0.34 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 579.433382][ T5734] asix 1-1:0.34 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 579.493117][ T5734] asix 1-1:0.34: probe with driver asix failed with error -71 [ 579.638060][ T5734] usb 1-1: USB disconnect, device number 10 [ 579.964804][ T7789] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 580.282069][ C0] Unknown status report in ack skb [ 580.557924][ T8765] loop5: detected capacity change from 0 to 1024 [ 580.686310][ T8765] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 580.791398][ T8765] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 581.015483][ T8765] EXT4-fs error (device loop5): ext4_map_blocks:833: inode #15: block 3: comm syz.5.711: lblock 3 mapped to illegal pblock 3 (length 3) [ 581.102773][ T8765] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 581.196989][ T8773] loop6: detected capacity change from 0 to 1764 [ 581.202193][ T8765] EXT4-fs (loop5): This should not happen!! Data will be lost [ 581.202193][ T8765] [ 581.241096][ T8768] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 581.370182][ T8765] EXT4-fs: Ignoring removed orlov option [ 581.393735][ T8765] EXT4-fs (loop5): re-mounted 00000000-0000-0006-0000-000000000000. [ 581.444005][ T8765] EXT4-fs error (device loop5): ext4_map_blocks:791: inode #15: block 3: comm syz.5.711: lblock 3 mapped to illegal pblock 3 (length 1) [ 581.518416][ T8765] EXT4-fs (loop5): Remounting filesystem read-only [ 581.851598][ T5682] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 582.102033][ T5682] usb 8-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.07 [ 582.153566][ T5682] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.212791][ T7789] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 582.298411][ T5682] usb 8-1: config 0 descriptor?? [ 583.323482][ T5682] usb 8-1: Cannot set autoneg [ 583.630281][ T5682] MOSCHIP usb-ethernet driver 8-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 583.656405][ T5682] usb 8-1: USB disconnect, device number 4 [ 583.749139][ T8798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.722'. [ 584.481293][ T8806] loop5: detected capacity change from 0 to 256 [ 584.779367][ T8806] FAT-fs (loop5): Directory bread(block 64) failed [ 584.823060][ T8806] FAT-fs (loop5): Directory bread(block 65) failed [ 584.861579][ T8806] FAT-fs (loop5): Directory bread(block 66) failed [ 584.898392][ T8806] FAT-fs (loop5): Directory bread(block 67) failed [ 584.928950][ T8806] FAT-fs (loop5): Directory bread(block 68) failed [ 584.958071][ T8806] FAT-fs (loop5): Directory bread(block 69) failed [ 584.976107][ T8806] FAT-fs (loop5): Directory bread(block 70) failed [ 585.001935][ T8806] FAT-fs (loop5): Directory bread(block 71) failed [ 585.041007][ T8806] FAT-fs (loop5): Directory bread(block 72) failed [ 585.071920][ T8806] FAT-fs (loop5): Directory bread(block 73) failed [ 585.130867][ T5734] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 585.343700][ T5734] usb 2-1: Using ep0 maxpacket: 32 [ 585.392267][ T5734] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 585.455116][ T5734] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 585.492512][ T5734] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 585.541446][ T5734] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.639543][ T5734] usb 2-1: config 0 descriptor?? [ 585.706040][ T5734] hub 2-1:0.0: USB hub found [ 585.965088][ T5734] hub 2-1:0.0: 1 port detected [ 586.238274][ T8827] loop0: detected capacity change from 0 to 128 [ 586.269314][ T8828] netlink: 24 bytes leftover after parsing attributes in process `syz.5.733'. [ 586.294872][ T8827] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 586.477408][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.5.733'. [ 586.517168][ T8834] loop6: detected capacity change from 0 to 64 [ 586.642830][ T5734] hub 2-1:0.0: activate --> -90 [ 586.669868][ T29] audit: type=1800 audit(1780112469.366:16): pid=8834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.736" name="file1" dev="loop6" ino=22 res=0 errno=0 [ 586.823627][ T8834] bio_check_eod: 176 callbacks suppressed [ 586.823701][ T8834] syz.6.736: attempt to access beyond end of device [ 586.823701][ T8834] loop6: rw=0, sector=107, nr_sectors = 1 limit=64 [ 586.852743][ T8834] buffer_io_error: 11 callbacks suppressed [ 586.852874][ T8834] Buffer I/O error on dev loop6, logical block 107, async page read [ 586.874129][ T24] usb 2-1: USB disconnect, device number 7 [ 586.960535][ T8834] syz.6.736: attempt to access beyond end of device [ 586.960535][ T8834] loop6: rw=0, sector=108, nr_sectors = 1 limit=64 [ 586.995862][ T8836] loop0: detected capacity change from 0 to 128 [ 587.014867][ T8834] Buffer I/O error on dev loop6, logical block 108, async page read [ 587.055076][ T8834] syz.6.736: attempt to access beyond end of device [ 587.055076][ T8834] loop6: rw=0, sector=109, nr_sectors = 1 limit=64 [ 587.075819][ T8834] Buffer I/O error on dev loop6, logical block 109, async page read [ 587.089800][ T8836] EXT4-fs (loop0): Test dummy encryption mode enabled [ 587.107005][ T8834] syz.6.736: attempt to access beyond end of device [ 587.107005][ T8834] loop6: rw=0, sector=110, nr_sectors = 1 limit=64 [ 587.127887][ T8834] Buffer I/O error on dev loop6, logical block 110, async page read [ 587.139789][ T8836] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 587.141380][ T8834] syz.6.736: attempt to access beyond end of device [ 587.141380][ T8834] loop6: rw=0, sector=111, nr_sectors = 1 limit=64 [ 587.178761][ T8836] ext4 filesystem being mounted at /200/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 587.202639][ T8834] Buffer I/O error on dev loop6, logical block 111, async page read [ 587.216147][ T8834] syz.6.736: attempt to access beyond end of device [ 587.216147][ T8834] loop6: rw=0, sector=112, nr_sectors = 1 limit=64 [ 587.230033][ T8834] Buffer I/O error on dev loop6, logical block 112, async page read [ 587.240989][ T8834] syz.6.736: attempt to access beyond end of device [ 587.240989][ T8834] loop6: rw=0, sector=113, nr_sectors = 1 limit=64 [ 587.254390][ T8834] Buffer I/O error on dev loop6, logical block 113, async page read [ 588.552341][ T8844] fscrypt (loop0): Missing crypto API support for AES-256-CBC-CTS (API name: "cts(cbc(aes))") [ 589.396018][ T5682] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 589.590749][ T5682] usb 6-1: Using ep0 maxpacket: 8 [ 589.635722][ T5682] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 589.691400][ T5682] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 589.778117][ T5682] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 589.874817][ T5682] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 589.981364][ T5682] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 590.081841][ T5682] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 590.158080][ T5682] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.681896][ T5682] usb 6-1: usb_control_msg returned -32 [ 590.705827][ T8857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 590.772096][ T5682] usbtmc 6-1:16.0: can't read capabilities [ 590.837431][ T8857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 590.978265][ T5682] usb 6-1: USB disconnect, device number 5 [ 592.712873][ T8876] netlink: 4 bytes leftover after parsing attributes in process `syz.5.748'. [ 593.401354][ T8885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.749'. [ 595.703907][ T8901] warning: `syz.6.756' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 596.620934][ T5682] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 596.842381][ T5682] usb 7-1: Using ep0 maxpacket: 16 [ 596.869361][ T5682] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.917258][ T5682] usb 7-1: config 0 interface 0 has no altsetting 0 [ 596.948240][ T5682] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 596.992688][ T5682] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.028856][ T5682] usb 7-1: config 0 descriptor?? [ 597.618647][ T5682] nzxt-smart2 0003:1E71:2009.000D: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.6-1/input0 [ 598.120059][ T5682] usb 7-1: USB disconnect, device number 11 [ 598.415048][ T8922] fido_id[8922]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 598.538842][ T8927] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off. [ 598.593725][ T8927] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 600.199418][ T8940] netlink: 4 bytes leftover after parsing attributes in process `syz.7.767'. [ 601.106161][ T5581] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 601.680269][ T8948] loop1: detected capacity change from 0 to 1024 [ 601.764150][ T8948] EXT4-fs: Ignoring removed orlov option [ 602.047266][ T8948] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 602.114023][ T8950] netlink: 12 bytes leftover after parsing attributes in process `syz.0.771'. [ 602.538406][ T8958] tipc: Started in network mode [ 602.588869][ T8958] tipc: Node identity 4ead261cee5d, cluster identity 4711 [ 602.646667][ T8958] tipc: Enabled bearer , priority 0 [ 603.116431][ T5584] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 603.342510][ T8959] syzkaller0: entered promiscuous mode [ 603.382163][ T8959] syzkaller0: entered allmulticast mode [ 603.421435][ T8959] tipc: Resetting bearer [ 603.454537][ T8957] tipc: Resetting bearer [ 603.929394][ T8957] tipc: Disabling bearer [ 604.029084][ T24] tipc: Node number set to 2700092956 [ 604.143077][ T8980] loop0: detected capacity change from 0 to 128 [ 604.197180][ T8980] EXT4-fs (loop0): Test dummy encryption mode enabled [ 604.252633][ T8980] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 604.279899][ T8980] ext4 filesystem being mounted at /203/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 605.185972][ T8993] netlink: 20 bytes leftover after parsing attributes in process `syz.6.784'. [ 605.343551][ T8998] netlink: 20 bytes leftover after parsing attributes in process `syz.6.784'. [ 605.401295][ T8998] nbd: device at index 64 is going down [ 605.688311][ T8994] fscrypt (loop0): Missing crypto API support for AES-256-CBC-CTS (API name: "cts(cbc(aes))") [ 605.715394][ T7864] udevd[7864]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 606.053929][ T7863] udevd[7863]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 606.650864][ T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 606.842375][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 606.874623][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 606.915674][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 606.977221][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 607.012331][ T24] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 607.059652][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.098021][ T24] usb 2-1: config 0 descriptor?? [ 607.337928][ T9021] kvm: pic: level sensitive irq not supported [ 607.338474][ T9021] kvm: pic: non byte read [ 607.650069][ T24] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 607.657827][ T24] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 607.685166][ T24] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 607.725288][ T24] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 607.746678][ T24] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 607.764551][ T24] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 608.583589][ T9028] loop7: detected capacity change from 0 to 32768 [ 608.619769][ T9028] XFS (loop7): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 608.643538][ T9032] netlink: 'syz.6.795': attribute type 4 has an invalid length. [ 608.696764][ T9038] loop5: detected capacity change from 0 to 128 [ 608.757260][ T24] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000E/input/input9 [ 608.773932][ T9042] netlink: 'syz.6.795': attribute type 4 has an invalid length. [ 608.888046][ T9028] XFS (loop7): Ending clean mount [ 608.899003][ T24] microsoft 0003:045E:07DA.000E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 608.923776][ T29] audit: type=1804 audit(1780112491.626:17): pid=9038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.796" name="/newroot/46/bus/bus" dev="loop5" ino=1048639 res=1 errno=0 [ 609.062868][ T9038] syz.5.796: attempt to access beyond end of device [ 609.062868][ T9038] loop5: rw=2049, sector=171, nr_sectors = 1 limit=128 [ 609.165241][ T9038] Buffer I/O error on dev loop5, logical block 171, lost async page write [ 609.646216][ T1116] kworker/u8:8: attempt to access beyond end of device [ 609.646216][ T1116] loop5: rw=1, sector=171, nr_sectors = 1 limit=128 [ 609.691679][ T24] usb 2-1: USB disconnect, device number 8 [ 609.734895][ T1116] Buffer I/O error on dev loop5, logical block 171, lost async page write [ 609.994212][ T7643] XFS (loop7): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 610.197549][ T9046] fido_id[9046]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 612.683830][ T9075] loop1: detected capacity change from 0 to 1024 [ 614.981082][ T9088] netlink: 4 bytes leftover after parsing attributes in process `syz.7.810'. [ 616.724162][ T9094] loop7: detected capacity change from 0 to 1024 [ 616.813920][ T9094] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 616.949126][ T9099] uprobe: syz.1.814:9099 failed to unregister, leaking uprobe [ 617.052799][ T9101] binder: 9100:9101 ioctl c0306201 200000000080 returned -14 [ 617.138619][ T9101] binder: 9100:9101 ioctl c0306201 2000000003c0 returned -14 [ 617.222273][ T9094] EXT4-fs (loop7): shut down requested (2) [ 617.491642][ T9104] tipc: Failed to remove unknown binding: 66,0,0/0:4068424711/4068424713 [ 617.531085][ T9104] tipc: Failed to remove unknown binding: 66,0,0/0:4068424711/4068424712 [ 617.631437][ T7643] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 618.134400][ T9114] loop7: detected capacity change from 0 to 512 [ 618.208878][ T9114] EXT4-fs: Ignoring removed orlov option [ 618.351127][ T9114] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 618.393673][ T9114] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 618.525694][ T5581] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 618.943724][ T7643] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 619.035103][ T9123] syz_tun: entered allmulticast mode [ 619.346557][ T9128] tipc: Enabled bearer , priority 0 [ 619.375597][ T9125] xt_hashlimit: size too large, truncated to 1048576 [ 620.104688][ T9132] syzkaller0: entered promiscuous mode [ 620.128513][ T9132] syzkaller0: entered allmulticast mode [ 620.182471][ T9132] tipc: Resetting bearer [ 620.206547][ T9126] tipc: Resetting bearer [ 620.534401][ T9139] xt_hashlimit: size too large, truncated to 1048576 [ 620.664210][ T9126] tipc: Disabling bearer [ 620.873951][ T9147] loop2: detected capacity change from 0 to 7 [ 620.900229][ T9147] Dev loop2: unable to read RDB block 7 [ 620.917810][ T9147] loop2: unable to read partition table [ 620.944343][ T9147] loop2: partition table beyond EOD, truncated [ 620.960178][ T9147] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 622.117969][ T9156] loop7: detected capacity change from 0 to 1024 [ 622.211566][ T9156] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 622.255741][ T9156] EXT4-fs (loop7): can't mount with data_err=abort, fs mounted w/o journal [ 623.977029][ T9164] loop7: detected capacity change from 0 to 40427 [ 624.020582][ T9164] F2FS-fs (loop7): invalid crc value [ 624.290760][ T9164] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 624.303074][ T9164] F2FS-fs (loop7): Start checkpoint disabled! [ 624.320196][ T9164] F2FS-fs (loop7): f2fs_disable_checkpoint() finish, err:0 [ 624.336255][ T9164] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6 [ 624.353758][ T29] audit: type=1800 audit(1780112507.056:18): pid=9164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.837" name="file1" dev="loop7" ino=10 res=0 errno=0 [ 625.252763][ T9181] syz.7.837: attempt to access beyond end of device [ 625.252763][ T9181] loop7: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 625.271166][ T9181] syz.7.837: attempt to access beyond end of device [ 625.271166][ T9181] loop7: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 625.289403][ T9181] syz.7.837: attempt to access beyond end of device [ 625.289403][ T9181] loop7: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 625.311757][ T9181] syz.7.837: attempt to access beyond end of device [ 625.311757][ T9181] loop7: rw=2049, sector=45120, nr_sectors = 8 limit=40427 [ 625.332552][ T9181] syz.7.837: attempt to access beyond end of device [ 625.332552][ T9181] loop7: rw=2049, sector=45128, nr_sectors = 8 limit=40427 [ 625.354648][ T9181] syz.7.837: attempt to access beyond end of device [ 625.354648][ T9181] loop7: rw=2049, sector=45136, nr_sectors = 16 limit=40427 [ 625.375344][ T9181] syz.7.837: attempt to access beyond end of device [ 625.375344][ T9181] loop7: rw=2049, sector=45152, nr_sectors = 8 limit=40427 [ 625.395816][ T9181] syz.7.837: attempt to access beyond end of device [ 625.395816][ T9181] loop7: rw=2049, sector=45160, nr_sectors = 8 limit=40427 [ 625.418445][ T9181] syz.7.837: attempt to access beyond end of device [ 625.418445][ T9181] loop7: rw=2049, sector=45168, nr_sectors = 8 limit=40427 [ 625.476847][ T9181] syz.7.837: attempt to access beyond end of device [ 625.476847][ T9181] loop7: rw=2049, sector=45176, nr_sectors = 8 limit=40427 [ 626.454770][ T9184] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 627.237155][ T5778] CPU: 0 UID: 0 PID: 5778 Comm: kworker/u8:10 Tainted: G L syzkaller #0 PREEMPT(lazy) [ 627.237328][ T5778] Tainted: [L]=SOFTLOCKUP [ 627.237376][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 627.237471][ T5778] Workqueue: writeback wb_workfn (flush-7:7) [ 627.237650][ T5778] Call Trace: [ 627.237694][ T5778] [ 627.237738][ T5778] __dump_stack+0x26/0x30 [ 627.237885][ T5778] dump_stack_lvl+0x14c/0x1c0 [ 627.238035][ T5778] dump_stack+0x1e/0x25 [ 627.238165][ T5778] f2fs_stop_checkpoint+0xac3/0xc70 [ 627.238329][ T5778] f2fs_write_end_io+0x1207/0x2200 [ 627.238549][ T5778] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 627.238690][ T5778] bio_endio+0xfcc/0x1120 [ 627.238854][ T5778] submit_bio_noacct+0x533/0x2920 [ 627.239076][ T5778] submit_bio+0x57a/0x620 [ 627.239246][ T5778] f2fs_submit_write_bio+0x115/0x310 [ 627.239443][ T5778] __submit_merged_bio+0x16b/0x700 [ 627.239620][ T5778] ? kmsan_get_metadata+0xf1/0x160 [ 627.239806][ T5778] __submit_merged_write_cond+0x4ba/0xae0 [ 627.240030][ T5778] f2fs_write_data_pages+0x4f4d/0x5c60 [ 627.240169][ T5778] ? sysvec_apic_timer_interrupt+0x52/0x90 [ 627.240451][ T5778] ? kmsan_get_metadata+0xf1/0x160 [ 627.240640][ T5778] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 627.240824][ T5778] ? __update_load_avg_cfs_rq+0xd80/0x1050 [ 627.241049][ T5778] ? kmsan_get_metadata+0xf1/0x160 [ 627.241215][ T5778] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 627.241395][ T5778] ? __rb_insert_augmented+0x80/0x11b0 [ 627.241572][ T5778] ? kmsan_get_metadata+0xf1/0x160 [ 627.241740][ T5778] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 627.241921][ T5778] ? kmsan_get_metadata+0xf1/0x160 [ 627.242106][ T5778] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 627.242288][ T5778] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 627.242432][ T5778] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 627.242567][ T5778] do_writepages+0x3f2/0x860 [ 627.242689][ T5778] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 627.242880][ T5778] ? queue_io+0x7a1/0x7b0 [ 627.243038][ T5778] ? kmsan_get_metadata+0xf1/0x160 [ 627.243229][ T5778] __writeback_single_inode+0x101/0x10a0 [ 627.243443][ T5778] writeback_sb_inodes+0xb1a/0x1d50 [ 627.243734][ T5778] ? kmsan_get_metadata+0xf1/0x160 [ 627.243909][ T5778] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 627.244107][ T5778] wb_writeback+0x4d3/0xc50 [ 627.244300][ T5778] ? queue_io+0x4a1/0x7b0 [ 627.244467][ T5778] wb_workfn+0x3a2/0x1970 [ 627.244618][ T5778] ? kmsan_get_metadata+0xf1/0x160 [ 627.244803][ T5778] ? __pfx_wb_workfn+0x10/0x10 [ 627.244948][ T5778] process_scheduled_works+0xb65/0x1e40 [ 627.245174][ T5778] worker_thread+0xee4/0x1590 [ 627.245412][ T5778] kthread+0x53a/0x5f0 [ 627.245626][ T5778] ? __pfx_worker_thread+0x10/0x10 [ 627.245813][ T5778] ? __pfx_kthread+0x10/0x10 [ 627.246020][ T5778] ret_from_fork+0x20f/0x8d0 [ 627.246193][ T5778] ? __switch_to+0x573/0x7a0 [ 627.246383][ T5778] ? __pfx_kthread+0x10/0x10 [ 627.246582][ T5778] ret_from_fork_asm+0x1a/0x30 [ 627.246838][ T5778] [ 628.212150][ T5778] F2FS-fs (loop7): Stopped filesystem due to reason: 3 [ 628.976157][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 628.987981][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.761561][ T9206] loop5: detected capacity change from 0 to 128 [ 630.294306][ T9206] loop5: detected capacity change from 128 to 0 [ 630.346496][ C1] I/O error, dev loop5, sector 33 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 630.358284][ T9209] FAT-fs (loop5): Directory bread(block 33) failed [ 630.437957][ T9209] FAT-fs (loop5): Directory bread(block 34) failed [ 630.504181][ T9209] FAT-fs (loop5): Directory bread(block 35) failed [ 630.538088][ T9209] FAT-fs (loop5): Directory bread(block 36) failed [ 630.560812][ T9209] FAT-fs (loop5): Directory bread(block 37) failed [ 630.569321][ T9209] FAT-fs (loop5): Directory bread(block 38) failed [ 630.602991][ T9209] FAT-fs (loop5): Directory bread(block 39) failed [ 630.632026][ T9209] FAT-fs (loop5): Directory bread(block 40) failed [ 630.668856][ T9209] FAT-fs (loop5): Directory bread(block 33) failed [ 630.723099][ T9209] FAT-fs (loop5): Directory bread(block 34) failed [ 630.904919][ T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 631.033548][ T9216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.854'. [ 631.143836][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 631.214892][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 631.272008][ T24] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.40 [ 631.281356][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 631.289631][ T24] usb 2-1: Product: syz [ 631.367738][ T24] usb 2-1: Manufacturer: syz [ 631.384075][ T24] usb 2-1: SerialNumber: syz [ 631.409323][ T56] FAT-fs (loop5): bread failed in fat_clusters_flush [ 631.471789][ T7789] FAT-fs (loop5): unable to read boot sector to mark fs as dirty [ 631.504735][ T24] usb 2-1: 0:1 : does not exist [ 631.534252][ T24] usb 2-1: unit 0 not found! [ 631.695598][ T7893] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 631.722907][ T9213] loop1: detected capacity change from 0 to 128 [ 631.786328][ T7893] hid-generic 0000:0000:0000.000F: hidraw0: HID v0.00 Device [syz0] on syz0 [ 631.827379][ C1] ===================================================== [ 631.834590][ C1] BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x343/0x1810 [ 631.843381][ C1] __flush_smp_call_function_queue+0x343/0x1810 [ 631.849797][ C1] generic_smp_call_function_single_interrupt+0x1c/0x30 [ 631.856910][ C1] __sysvec_call_function_single+0x48/0x350 [ 631.862956][ C1] sysvec_call_function_single+0x7c/0x90 [ 631.868753][ C1] asm_sysvec_call_function_single+0x1f/0x30 [ 631.874865][ C1] finish_task_switch+0x37e/0xbc0 [ 631.880010][ C1] __schedule+0x2930/0x8750 [ 631.884643][ C1] preempt_schedule_common+0x33/0x80 [ 631.890079][ C1] preempt_schedule+0x30/0x40 [ 631.894890][ C1] preempt_schedule_thunk+0x16/0x30 [ 631.900258][ C1] _raw_spin_unlock+0x46/0x50 [ 631.905066][ C1] copy_page_range+0xd01f/0xeaf0 [ 631.910119][ C1] dup_mmap+0x1ca0/0x3090 [ 631.914576][ C1] copy_mm+0x232/0x9b0 [ 631.918745][ C1] copy_process+0x32bb/0x6ad0 [ 631.923664][ C1] kernel_clone+0x567/0x11c0 [ 631.928381][ C1] __x64_sys_clone+0x253/0x360 [ 631.933261][ C1] x64_sys_call+0x157e/0x3ea0 [ 631.938076][ C1] do_syscall_64+0x15d/0x3c0 [ 631.942967][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.949021][ C1] [ 631.951412][ C1] Local variable reuse.i created at: [ 631.956765][ C1] mas_wr_store_entry+0xcf4/0x12a90 [ 631.962133][ C1] mas_store_prealloc+0xb66/0x10c0 [ 631.967408][ C1] [ 631.969813][ C1] CPU: 1 UID: 0 PID: 5581 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(lazy) [ 631.980980][ C1] Tainted: [L]=SOFTLOCKUP [ 631.985368][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 631.995513][ C1] ===================================================== [ 632.002499][ C1] Disabling lock debugging due to kernel taint [ 632.008720][ C1] Kernel panic - not syncing: kmsan.panic set ... [ 632.015226][ C1] CPU: 1 UID: 0 PID: 5581 Comm: syz-executor Tainted: G B L syzkaller #0 PREEMPT(lazy) [ 632.026404][ C1] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP [ 632.032011][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 632.042157][ C1] Call Trace: [ 632.045504][ C1] [ 632.048431][ C1] __dump_stack+0x26/0x30 [ 632.052898][ C1] dump_stack_lvl+0x50/0x1c0 [ 632.057631][ C1] ? dump_stack+0x12/0x25 [ 632.062093][ C1] dump_stack+0x1e/0x25 [ 632.066374][ C1] vpanic+0x7b4/0x1430 [ 632.070609][ C1] panic+0x15d/0x160 [ 632.074687][ C1] kmsan_report+0x31a/0x320 [ 632.079441][ C1] ? __msan_warning+0x1b/0x30 [ 632.084263][ C1] ? __flush_smp_call_function_queue+0x343/0x1810 [ 632.090851][ C1] ? generic_smp_call_function_single_interrupt+0x1c/0x30 [ 632.098124][ C1] ? __sysvec_call_function_single+0x48/0x350 [ 632.104338][ C1] ? sysvec_call_function_single+0x7c/0x90 [ 632.110321][ C1] ? asm_sysvec_call_function_single+0x1f/0x30 [ 632.116614][ C1] ? finish_task_switch+0x37e/0xbc0 [ 632.121940][ C1] ? __schedule+0x2930/0x8750 [ 632.126758][ C1] ? preempt_schedule_common+0x33/0x80 [ 632.132366][ C1] ? preempt_schedule+0x30/0x40 [ 632.137362][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 632.142908][ C1] ? _raw_spin_unlock+0x46/0x50 [ 632.147896][ C1] ? copy_page_range+0xd01f/0xeaf0 [ 632.153135][ C1] ? dup_mmap+0x1ca0/0x3090 [ 632.157793][ C1] ? copy_mm+0x232/0x9b0 [ 632.162150][ C1] ? copy_process+0x32bb/0x6ad0 [ 632.167173][ C1] ? kernel_clone+0x567/0x11c0 [ 632.172051][ C1] ? __x64_sys_clone+0x253/0x360 [ 632.177109][ C1] ? x64_sys_call+0x157e/0x3ea0 [ 632.182103][ C1] ? do_syscall_64+0x15d/0x3c0 [ 632.187027][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.193230][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 632.199226][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.204507][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 632.211005][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.216279][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.221556][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 632.228047][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.233326][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 632.239312][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.244597][ C1] __msan_warning+0x1b/0x30 [ 632.249244][ C1] __flush_smp_call_function_queue+0x343/0x1810 [ 632.255660][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.260969][ C1] generic_smp_call_function_single_interrupt+0x1c/0x30 [ 632.268086][ C1] __sysvec_call_function_single+0x48/0x350 [ 632.274140][ C1] sysvec_call_function_single+0x7c/0x90 [ 632.279953][ C1] [ 632.282947][ C1] [ 632.285942][ C1] asm_sysvec_call_function_single+0x1f/0x30 [ 632.292078][ C1] RIP: 0010:finish_task_switch+0x37e/0xbc0 [ 632.298032][ C1] Code: 48 89 df e8 34 35 fd 00 c7 00 00 00 00 00 c7 03 00 00 00 00 0f 1f 44 00 00 49 83 c7 48 4c 89 ff e8 17 b9 49 0f fb 48 8b 45 c8 <48> 8d 98 98 1b 00 00 41 bf ff ff ff bf 44 23 b8 98 1b 00 00 48 89 [ 632.318201][ C1] RSP: 0018:ffff88812b3b3188 EFLAGS: 00000282 [ 632.324393][ C1] RAX: ffff88811aa78000 RBX: ffff88813fda3ea0 RCX: 0000000000000001 [ 632.332478][ C1] RDX: 0000000015607028 RSI: 0000000000000001 RDI: ffffffff95607028 [ 632.340551][ C1] RBP: ffff88812b3b3200 R08: ffffea000000000f R09: 0000000000000000 [ 632.348625][ C1] R10: ffff888237cb2028 R11: ffffffff818eb840 R12: 0000000000000000 [ 632.356695][ C1] R13: 0000000000000000 R14: 0000000000000008 R15: ffff88813fda3188 [ 632.364770][ C1] ? __pfx_lapic_next_event+0x10/0x10 [ 632.370339][ C1] ? finish_task_switch+0x379/0xbc0 [ 632.375700][ C1] __schedule+0x2930/0x8750 [ 632.380348][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 632.386873][ C1] ? sysvec_apic_timer_interrupt+0x52/0x90 [ 632.392874][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.398152][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 632.404187][ C1] preempt_schedule_common+0x33/0x80 [ 632.409676][ C1] preempt_schedule+0x30/0x40 [ 632.414536][ C1] preempt_schedule_thunk+0x16/0x30 [ 632.419935][ C1] _raw_spin_unlock+0x46/0x50 [ 632.424758][ C1] copy_page_range+0xd01f/0xeaf0 [ 632.429824][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 632.435954][ C1] ? __rb_insert_augmented+0x80/0x11b0 [ 632.441580][ C1] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 632.448529][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 632.455048][ C1] dup_mmap+0x1ca0/0x3090 [ 632.459525][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 632.466025][ C1] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 632.472368][ C1] copy_mm+0x232/0x9b0 [ 632.476595][ C1] copy_process+0x32bb/0x6ad0 [ 632.481488][ C1] ? stack_depot_save_flags+0x35/0x790 [ 632.487130][ C1] kernel_clone+0x567/0x11c0 [ 632.491847][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.497128][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 632.502438][ C1] __x64_sys_clone+0x253/0x360 [ 632.507395][ C1] x64_sys_call+0x157e/0x3ea0 [ 632.512223][ C1] do_syscall_64+0x15d/0x3c0 [ 632.516985][ C1] ? clear_bhb_loop+0x50/0xa0 [ 632.521801][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.527826][ C1] RIP: 0033:0x7f7cda7c58d2 [ 632.532357][ C1] Code: 89 e7 e8 71 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00 [ 632.552099][ C1] RSP: 002b:00007ffccb69b590 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 632.560651][ C1] RAX: ffffffffffffffda RBX: 00007ffccb69b590 RCX: 00007f7cda7c58d2 [ 632.568729][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 632.576799][ C1] RBP: 00007ffccb69b71c R08: 0000000000000000 R09: 0000000000000001 [ 632.584872][ C1] R10: 000055556b0337d0 R11: 0000000000000246 R12: 0000000000000001 [ 632.592941][ C1] R13: 00000000000927c0 R14: 000000000009a234 R15: 00007ffccb69b770 [ 632.601057][ C1] [ 632.604553][ C1] Kernel Offset: disabled [ 632.608933][ C1] Rebooting in 86400 seconds..