last executing test programs: 36m11.85479704s ago: executing program 32 (id=55): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdc06, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'geneve1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x67f74ed0fa0e61e3}, 0x2004c000) 36m5.265521242s ago: executing program 33 (id=120): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x14a0, &(0x7f0000000700)=ANY=[], 0x1, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x60) getdents64(r0, 0x0, 0x0) syz_mount_image$cramfs(&(0x7f0000000100), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4000, &(0x7f0000000140)=ANY=[], 0xfa, 0x164, &(0x7f0000000440)="$eJzsz02LUlEcx/Hvufd4r5JikYEFpRCUJEEktIvwRpKQXShq0Uqo2wMohUK5S4l2LYS2LXpYFkGvQNNFNOhm5k3Mxt3AbAbucO7VceM7mP9ncRa/3zn/c86dm/OSYu32a+gE3W7wrPjAb9Qe7o5GVZM70PsT9e03nUumj/ePq/ASzVgDFph4moHnr7Z/Pj4b71lUwQW8EyZvBRbtLJAynZfTDDShCRYWlC7C5MxBGIYtKzo7WGXx2QqJaOY5DV42zq4B4Te47IB36ugr/T2zgFKOGyfnbT7Wy4XTCnpfyr9/bd2f/a9fvXIr+HS9NnTTebv8Hr7jqeS/6YsdezlnPmvc8xu+mXGjYh69LPpD9N30W3iiIFwy8xzyF/Qj+KDgc3TX4q/KAJOv+37bXT/wnV0EVUg9beYTP5q5k9bqypANdLQmN1VCCCGEEEIIIYQQQgghhBBCCCGOu8MAAAD//yI8VBo=") r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r1, 0x0, 0x0) getdents64(r0, &(0x7f0000000280)=""/185, 0xb9) 33m25.557352687s ago: executing program 34 (id=599): move_pages(0x0, 0x90249c01dd736e4b, &(0x7f0000000000)=[&(0x7f0000ffd000/0x3000)=nil], 0x0, &(0x7f0000000040), 0x0) syz_clone(0x2b00b100, 0x0, 0x0, 0x0, 0x0, 0x0) 31m53.625457586s ago: executing program 35 (id=896): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000012c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x1, 0x0, 0x9}, 0x8}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x67}, {}, {0x0, 0x0, 0xffffffff}, {0x0, 0x40000000}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffd}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {0x0, 0x0, 0x2, 0x0, 0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x81}, {}, {}, {}, {}, {0x0, 0xfffffffd}, {}, {0x0, 0x0, 0x0, 0x9}, {0x15d}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1000}, {0x0, 0x0, 0x4000000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffff, 0x8}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {0xffffffff}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x81, 0x0, 0x400}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff24}, {}, {0x0, 0x0, 0x2000000}, {0x0, 0x3}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {0x0, 0x280}, {}, {0x0, 0x0, 0xffffffff, 0x800}, {}, {}, {}, {0x0, 0x0, 0xd}, {0xfff}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x0, 0x0, 0x2, 0x0, 0x0, 0xa}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x20040804) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)) socket(0x10, 0x3, 0x0) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000280)=0xc9, 0x4) readv(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x80}}, 0x0) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000010500010007000000180007800c00018008000140fffffffe0500030008000000"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmsg(r4, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) write(r1, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/27, 0x1b) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000001680)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000006680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000001c80)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000340)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB='/\x00\x00', @ANYRES32, @ANYBLOB="73993be5a233705951fe64a2a9449236e2a1a1664a04d93f33e322b48a50c4ceec7e619a629b19cc36356a6a398a52ddd2d5fac63dd8d696a5bd3c6131e18d4f567eb44f27b8e22d2ca642d4276b6a491322d3eeb567e6df7a00"/102], 0x20) 31m43.15710281s ago: executing program 36 (id=921): write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000002180)={0xffffffffffffffff, 0xffffffffffffffff, 0xe, 0x0, @void}, 0x10) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$usbfs(0x0, 0x77, 0x1501) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 29m43.486415909s ago: executing program 37 (id=1087): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) syz_open_pts(r0, 0x0) getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x1, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x4000051) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @remote}, 0x10) sendto$inet(r2, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b2", 0x118, 0x805, 0x0, 0x0) 28m17.115058763s ago: executing program 38 (id=1156): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) pipe2$9p(0x0, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) bind$tipc(r0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, 0x0, 0x8) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, 0x0, 0x8004) 28m16.704037661s ago: executing program 39 (id=1160): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r3, 0x0) sendfile(r3, r3, 0x0, 0xffffffff) 28m15.581479476s ago: executing program 40 (id=1161): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="010000000300000004000000ff07"], 0x48) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000003c0)="057e30aae10df4f97559054b9a301ecfe91b645115e1421774006df60cb393573839b0078ce169ec2fde0afea66b5bbefa9d4f3cd8c2458336ceb1f0efe647d6d7b1cdbd12c9b8e3a822cbd51494bf79a1dbe5c22338ce37ed467a1d3d616564cbb81faa2e935b2697c12efb0ed141fa2eaad4747725c4bf20f8975e402b03eb77d1aa3f10f512397b5037b1b4cd4b7c08c03dc5e52a066e5982969fa044125ae251f46c26e2536cc8b77e8edb251378be4beedfb8dca0d449123f57677ca3da5bdebf91b195f1a5d49d7c292f20f58d490de36d8ee0e8a86bd04c3165549465cbee7891fc747d7def370ce644db894b56bd53af0d0e261bcfa6bf72a684dafc5bcafe07ece74cbd1d5fa32716dd03f7acd4f32d935438c91e033beaf49e3963e13d05e7a8334a858639636799f04a9033193e7d18a2a4b20bcc96811bb5efe476db70a76b7456ac4e71f3e89c00da0c7761c188570c7902bf2fee1be273be8a9f7a2d7508ef2188d3ba1db4fa9d1533d2f2a288cdfe3b0c50908d56ba69e81386e7e979e9d7ff78685ffb8de6baea2451762736a2bbafa11d541790b0564aef9b0b80fa24832090b84341a9fdf712d3296f911020f8021eda8130befaaab01cbe91dfc5768e6ff31ec50dd88596832a9f5fd4f558d367f40e454d3c97ad16a7f30b93629ee2def77b99f8a17c157529b0782fd847a4c75a2302ca96bbdcff660c2cca753e1a8c60dbcfb319a1594565a2e15bb6124316e196e3cafaf1a29eef84a0908d1dc80af7e333c65736699f1254addf2ab582f5c87c4f6ca234d7ca9673dc29444044b95abdaea958274e39aeb163ee2d05bc2ade5c33a0466e14fbdf8aa70ca2964c06ee5bc57b894b0143a7a503cc43574a07958940b029678df44d6c82fa2e6937ea6aeb5b8f33c21628e3b0d623c23c2e5a3546194fea742d90c1d61f343a005b9e58c3e8292b256fd0ecca81cda433f3bb0ed633607f0b635cdd8b4919bfa37c1e99df087d3f8f3ba5dec7930657eb3a4d8febb5234e048881fbfc499fe5eb6a0ce34546f7010ae2291e6731d0798ca451387a123998e68f6f577ba4e556bb9a119011a191a6bbcf55beb1fb0b8252deeed5721b271b964534a04462720c4c03e8ea7f120cfa1be630e7fc680d1f6e067075c72f642babcacf6b00cd3fdb9f3200e4ff8935b17ebe222053c78c3752666088017c2150dd014b9578af6adb15527a483eff5bb623710ca7b37ed49ff7cf1525f296af6f27846524e4aaea7476a2d08dceeca84a1ab11e2767abff12d10deaf63681dcabe9b1fb9ebe207d8e3793dba9a73a02ebea4e3a072397a88c47795d5e88b2040c9fe3f96f66f8f7d593547c8fc8f4e75a1c20962ecf2dd1e7bddf896f2a6c5f37a8784e2bc5b10cef2feab3b6eee7430908eeadd372248041a09b0c29385cd7a75754d2c429e72bf5fdac34097bbbbb3790f86399c60cb5054fbeb8eb1241608b506beb135091c18110c1d10d9a80f4adb11a6fd3001957cae0b4f8f730cc4fa4a7328e23f390caab014cfeec0ebfd0e14021f47fe330a68680678d23e7ca1ff18e7e242f4c1e3cca51dec73c58b596c2a92267ee76d3657c1e2b34102b09fa4c59c2619148440bf26802c6f858b8eee6d8c697bad2c4d5a0f76c6a4cdd3b8fdc21e447920491ef40578b68a7a5dfda04fa235fac01ad4e824b627137dc48807100e52ec5ae2f3a3fd84d68b824033b4f0ee28a9e72333b4e209ae905d0781e4fe8116e03b1ca5c3b1ea84974cabaa0214ed15bfe01e974491e8a20f9d03ed1b73799b083f3a65e809c3ff3cf126288fc1627409d46f78b5fe8b8ba0b3ddc3ac79aecd6eee2e0cc59826e5798f48f80f0c7f549b3a656e9acbc5e51bdc3becef93533166c1d9ffe4335ec973d3d27ce5987d150f554c4095650528578fe4858b670b0786f23c886612191f89ec57970dbc0e33cd62b57a08fa940b339577fd12d07dec2ac50e9e0b27f0716b3233803153389a95df956637af8d9778e27bce49ab0a832978712a074d3f7516ad512ed0d9b43049b5990c841a7b7146a24c62fb70645b8d85b6c8863d5c6aab03638ffa4e30c8de24383cf320eee735a4fd37262d473076f495da8b2f0f028b8f178c238010738d6afb1dc2e48089e80f6a7658ad3496f1a1f7f78abdcf934c733d22abb0671a0d41b9b33a5faf99d7b82166e27df0f97a7953dcc1fb364478200253757e8311ba61cb4c78a380cdd820553c7296816210f64b34619966f1540a407c8d6e8e30788909de19ede4116d09a14ce26ad59957add80b90602855c0134ba7fe8afd4493f7cd9ced61fda7d0ae02505c046acf68d68ecd9b1507a4d4eba4c2c834777b2c3c5a8b3c06677fe468072dcab48c1ac9deec30265c7f6c5864df89e25bba52715c82e9921db601b3935f5047b8cc07351b9965b1a1f6ef36c1fba89d9d96e332eacc1e8a78e09d7d6ba30845866449ed5264f763735d4e7cc133dba4b296b2dd9331efea01e5b3d05f38055e41c49993d679ef133b9b1af435fd0ac5fad33f571c76d02c40d4e301110b4442aa134364f0456da0cf362b2c27ebd667c0969ae09dad18becba9d6918fb1e741f685735cc7078f0e6328181a83da67516fac31522f9d9fc64a4b769e57e76bfff6f9867fa2fee1e7dddd11128322210e44eeef6db7269dfa1bfbd9099dd6f8219d585c22c20483251447772719a6115ccb690609de352989610a138110c884562b65de3cf63c3ebe9adfeb53c6e4ecc637c98b60161f71952b84c6fc4cea6af0ed533144bde4f8fbab2d3ffe0b2a5d0c55ec9979ea85a25045ad3a84becf0e891b89c1a83178d7368aea4bdfa0ebd46b8e110a2972c8ac96e10ac630e89f8d76bf35b03b5ecd393d1986fc61318e08ef02721e5f2cd2fe098ebcd1bd30a8f87b2a5650b51dd50d0d78ab7fe66490f5827372f1779d3d389e9fa66bd0296f0203af010d8f76783837cdde2555a90be577626a12de47d4da638efd0017750a230485f6ade34a27284d85dd87f9db8a832c571106d8296629418777b4d933fa049f0f4e5958c193e889305074091be14c66a4bf02cdfe1e8d26a5d21fa78c5628a7ee3d7a0c550296b2f0625e2dd18d45f2d45bee6746d4462c92bc3cf50503c7479bd121393821afe1cd7144ea37f4e8e5ee21f739024ad25af9430dee006b76617725556ff8a820b767fa821629819732f086a5fdf2ccb4edae0aceb3d6dea698e798ead905a2eef9065d633b007271e93101a71cbe385f56e32b3a8fb081c5c1ab09b729f89294a0007df3a3b8e93686020d993b812c6f85fe1618db897cd67be6cd5053dc8490bbebee133d140503c4aa51eea0c156523a1d81ae849dbe5a273bfc0de94836f8160ea9f146147fc02dd7b55dca6a2a43692268ee98f51fcd2d3faa76071d9716e877b2a3dcb51a51d5359a2ee705da52b43306f1f3caf33342fc281bc9c58d1ce05ecdeca371e3a788542f8fa999e4d8e10e66f0b6053d7d4cfc6acb815628bc2409b3dec01726121c267b3ee85fd61bbbdda68ae2c13026863e4a54b93d956fe692707a179411c841ca7d2f33a5223181b18b7ba2eebdd7c2a8dec3ac2a317b5fbd996e8598c394ee627308f0e887480a8dcd59b0256b636f4c62566501a733fa74232945ba1d9e2bae347391bf9ae2da4d3af2b262b772421fd3a5cab46862ea6049f5c9c76dd8549ce0e6c31c792b81b6b21f0bcca18bb2fa6a9d4d6e0a837bb119e2e002a69d6ca95a4b2acc463076c2e05731ef0cfaea84387a6baf6737cc14a25f5329ea924090311213344625a69ee382dd4bc72e00e63329956f3e021092585c9affa06a95bd0ef653ae9ff0abed5ee561ada4f83d8ef202d9c0b2225ebe8660cc408859d45e0332f4f78f6a339bce9d12ca2bc5116a8fd4007c485f5c1c41af96c41d96db35411842d7babc05c8b228066dccb9b67f348974363be521e41fa94d2034a0bc1e87360a80606e1e1bfa8e6399601b30bf93ac41129869158bc2b791b50e51519133ab58afd4023d4d721129b1307f054103a47c49e0524ac4df511c3409fa62d8b5c1a897794600f53efdcc987e06bffd77c9fc75fb7221ef29ed2f7e3e8abcb4a1875b85bd5176a6fba9a361d8684876508443bd50e630f4c684002b15930cf81d740b880eed25d22d8de8c00066790df084fea7c5021184a210a6d24f9bc862c4e3eafbb1782fa240ecfa5959d7a681bae84e8a96a5ff45dea4f9e16dd2cff2dccc6cf4042b44b7ad1f55dc1db5998ed40a409c0e67e1e64fab423d2c00fabb8976d9dacf0c82530e356a99f75082f3411adddfe4ab1ad3b55599fa15450dd5feee23591f1ce398e4c5ae8aad71ad26ea189c333c8467d1eaba9589bb8c41bbfe8c0c173e5446bc06b578c1db849fabe5fcd8fe0fca94bdc799b53b897249826037499e8b6213d640724fda1bcc9341ac61fbea02c8f39a53c496902d5c7922f678a273cdf5ffff38ea028ae19dc72f0b0688f2b9b7d5a9c04153c10ff4168cf9f243dea03b336be778f6c79d67a2d0ade82863eaf95d6fc7f745569864f369f4b39177c356c8c393bded485df28622f01251e58f3d39498520ff90e6c670f0dce5b494cb1d78dfad108406dc5857086d386bd42bd03fe716f049407e5e55caa0e73e96c1a4f6d5791ce7195b2ce72de52ed617ecefaeeabfa9350af49d1d91f9a4b97dc0808869b916f34ee242c40fe8c8aee57b6ddb69f9a10636e481dfa059ef001bad7020266f0d74b14edce6c18ffef854768a60885bad798658a6b9d0b438c483ba159346d5ce0771f53ff18e0bd47d8583bd56237f8da2747ac7eb2a87b6e26c4820d4fe18b76e06bb6e0c0cdf478b4aecd381c2a6ca9f10ec433f0aca63a66d04f70557baf9f2844005351a21664c2430fb0002cd03bcf0b2004068a2567f91a9fbee8c6d948fb35d48527b23e1398ce9f535e2b0b33c2bc31ab737ba4b980f46f5d424e33892c8093f3cd18510a3157afc023f63ad3ba999e950747c78c06ab141a26d74ffc049a6f76c465f9f9f03a8d339a8e61fef26a5239fbc11c01a87800c81efd7b9f28ee2ab2ed88a383f5013bfd6671ea3086121b235a0cc45ccb300c02588895f8d13ec7e00a3aaaa8b0e739f666fd1b13a90b23998704859c9c76108ed7ecdc63770e6ebaa0aeb9208b92ec4e948ac7fc81cc6f305f06c2f2d8c9267463af92e185ff627eed54313fa2ee0bff2cfa8be411982fd19fa88db5ec99f238f88782f8c7a957bef14f79351b63799a4cce160357c068987a5516b04c79644c140850cddc8bd5541fcca9e30826aad864240f434bd1fc67b58e3d664f782e9e46edcb34e2db98a39c23e334e51c71c9fa466470992cc1fbc36c3c8ff4340be67f9b85a74c9114cb9fe5ca4dcbb641ea17a54ba4658aeaa515109e117625a6196dd66d3584d293b468fce63b5a9c4b9461700c74ae955539bfbbe3eccfa7d9c9f737792a9d4b978baa2e92819e88340b73c88c2900b723248b18ae9414cb37a64ef8cb8ca85cda9677d9f1e71a6b70fe3ad17f2d13c1df48d93bfa50fd939a72ea26f9fbeaa6f8af2eec91b04a8fa7dc14fec0f54fcd1c5c848b4432f979f10e661cd2d7f8ff669ce99f9813fc5440fbbeb35f1a5e5115f5ca35dcc270bdbcae07a9ae8e22aabf8178379dee08874ec7840de27815890a88fc9a3bcfa88a33f9baef9af0ae01b2bd34a907f1151cb14bc8b396bc43a60f884f425e4a04348cc645aae68db49980139ddad0fed303e40b124fd654b36c961a56c44cc3686a7529b1f1ee47da3a0f1158542337df15780444790a2ff1b57e062f0db66730c9f98de395f939f44188225211c514447f67fcbf320a34c43ce09ed272bb992db3a35ae2c3c491c36f2de88984129fcea1ffd235aff7bef7fa95d65894db9a5f1b348efcb571a81b3d73ccd07cbef052389001e4d456800e05ca53bcf3485ce05791ff65a9f7913416ae26972f34f51a3270580b81307ce31c98eda06f3b35890ce317e79a16d728cd0bb6a3835667555c0c5138cfa5305a91db1f873b2a75b82ffcb27616ee67777708f7dc2ed9ddbeb38a60f446d3ac88ded25265c25ef38b0755a9d34bab5e669b6501d8c9787aae7eced9945cad3d4d1c32fa68b48a1d773750f814631db3e088c1b5e7ffa854ea1343d94ec1343918d7a1c5a095bb72b00eb3bff210aeec0b8a581a2a13429b83a193f4d447059265b63c4b8f8ea1b9494f65e79844d956c5d80780849dc086506e9eba002e682a1bae1543f8289588c574bb6ca9a2e57b908aaffed23ecf3536abaf96fe08291f3d70773288b4698e972b0187385dfff4cba59175814e75e7e5146205c7f2d2f749583b393f46c448c152d8be50d60ed8d8bdb30fc7925656a0f90b1de967c729980815e5f19ed453fbefcff67832cb90d753410a0b18eb7504600b11b0360c3d3594d48d832160d357afc1f17dc71dccabef7bbcf1fdd55b48cb02135c32650ab07b902f36b48be9376b2dd68343eacfe80d9dab3205a393a4c6ffd405f6db323dea11be4f22ce50df1e0cfec9e9b1e23acb94d66ea787d08f615a7c7288cdf1921a13a85d885e47cf1067d89ebad5b92ce5000000008d74bd2d5b78366f998cc35bf35e45d06128f1c5984fabee7542642bbf6d981b60759d3e7900e5b3d1d7310f90df0c88a600ff2f39932bf7411e61c692c9444dc9ae0dff28c0b94292c430ac4464e83ce8a29b886f45c98b8396667740c5be51e592eac0250d6e479505d36e930ca3a32cb671d58707d25b10e2660cd5e661b08e268c8bf1b3cbceb2d995a2a6fdfe5475cccc965f71baa7c84054e3bb6cbcb7167b06c708cd72ad4301e943dd1b2b2c325f682be3eaae730a8ed8bc3134b28d1ce04543bc66a529744561c42d25e65c7b5cc2a17875ebf35e53aa46e1edec29ff8d046a7e01459d9639c10d1df998cd9a12d7e50b2dc71ee7338cf71beb72d5020dc69eeafc354bf822d65ee0328eb07d04ac0d266fdb53227a158411da5ded254b3c359ee710e0278e1a06f06002538e108450fd6b11949fdc618a29baf34f232aa192230ddb318aa6d59d122257e50713fe73e6c0059399589c382dc901a8c3381139436f7331b69f457bbb38ed54daaa07a52cceb053c32690836c664b73d86261216b8610fc7b4d53dd3e5d9bcb3e25528e132911cac37e7f2618274c733b5ae02f9c27638d9e11988f1dfbb281ffd8cddf8558a481861cbe9d53a4ad8282d3587449cd51759ca397eda122d286e117d01539359870b94c98a3ce383ed1d280bcceb228acf73193e87fd3650e4dfd563cc55bfbc8626a41293cc90ef76e28e2dedaf968602d2997ae1c2752a0febe3a78f3756d40201ae13074091238324422caabe22c66b7866065264261fc2c3e0569493468d1c1c36259aedd5f078a231e72decd70f4de8532f6753287435296f33a096bc1c8b0ebb68c9f783881e45ac54159ec1c2f9e1f5cb48f96729a62d1b4fdaa89ef5de8741bca04e953534dc977e881a61281812af435206378eff173d7929ab4967e511bdc14e6d49cba517b0563c14fcd6ba38ef32bc48a00643416d7e34f7465b3e6240589d854db4d9714e998f2edf3a03986598a52aaf647d938f4a8e07c1c29615803af6cd403d261ad6da3c1c804034b4a4eef3ea1cc8db39d9e171b3f6dd074388577a4eb901c25c8031e4592cea80b6354850657f53b2acd910ec2c5a7db6abb0153e051dadfbcdf047e35591b96b5657ca55d99ef6fb48e07c34321cd20c40b30a646132f8afcb9426fe84a790567fb847076a8762ca29cfb037e0c948edc12122a1160a55d465f5c912406a10dc0d3c1156cd207e9ffe906d267c9c870521934e1c56af460c0ad0dea9c929acf85768e22bb65eca6e25e4ec8e6edb7a6215e8c7e5fdb56c7131b156ab6a78fc808f8f17a2708ff68b37778c00b3b546004fb2b2c588d8ca8276d281026bfe896698569814410422f27421b8fc5c09d47635f17ddf6b9f56a203c991514678c18a4afabe1eeca6fce1187fffcb6ebdacfc6cac9750766ed40c80e7eceb342a3fa6f86d014949f9d111bfd96e2a39d364f2e2722f2d9ab0577befe26055890161d780e52eff4022461c1d3b019b86af28c4f02fd1f7496d8c141344ad5756bcdc45158f3af7aac227c8853f607cae412db6fa924c039859fe455857bd5fde66cc1b773c12f516401a31c80d750079247c128a103361e7f0a392d21b4b1b594307ff6b37e5a242666209ec517561e04645b92e7cf3cff1a6c76c900d12d9556e2962c535401b1e61fa85e06551ed678703fb3bf8590f2608ae3c278b8d1ac286af38061afbbc3cb27ee7adc6ad299151cd00a84506e6a97648ff99f2a9d35d8421e71589437406fa8e6def8ce34c9abe5de3481c492887176d4485dac794b84567d5ebaf68d0007cb2256a0f1ce4318f6891f750fa9696fed3525059688cf973e70d688b1759cd0f3dfb0b2a7078174b978767cbdbfc3f7d5850e2f7772e2bd6e3ed69ef13cc141238b5ee04b6615e33c42fcd6cf979a0ac848458b713b9a988c1e3fc32f2a182fc0cab2e6933e9aa5c2d77db8c6a1802b43bd8220ff0ca92229fc26a44761d00eeebec834e5f7d382b4f58a2759c56e53b163dae034ffa1970acc57165746e575470e13c4044f392ae4bea93e7d666256436507bb987a247785301274d4f262f94989cdc94b209b7499bd0cb4437525b72be79c87c6076533e4a14799a60bd3563d46ee4767108bed7e637cfed6f3139637bb01f36385dc5873eed726fbec9a87da294cc11db8b49fe45b798ae74e1a8cb0f2907eb0178d2baf5f0f88f654baab9f147741945c496ddea1cfed65a82e913a131c4ac7bb6f0d8d5d28225dab8a33c6e60c0d2b2d5dbd8c35089f13f9a2ae81ec9addaefea9b8ddabc8cdeb6437381ce346db6e14d9d1e8bb4662b508d61da77fc8d9ebebceb1c23be5d0a7bba4a48c0591333ab7779bae78ff23c4bbf8a8cf30f3120a5b63a047064d7ed7d37191cf39b6d1e8ffe3b47379767bd691cb855a9c938e9a0235a5ec9c316a6dceca63fa5fe6df0b9f0d6b38add216aaf2726d3377ab827b00b4cbf490708a0f679b8cd7caadb3dee40cc98f778917d6a6263fcc0747bf75fd676d84abb7d10087da323f95c2571139fd4c9826ad5db6ee4c246b9da20592cae11f9264bd2945aa1a427b2acefb514a2daafbbae35ff761eb1e3b98b4a1dfca348b8c4ff96325a618d677180ceb7e916654ecc2deecb4e61d01080f44b98776b1b43aebeffe2c14006dd1d78c8babf1179f42fd20d87654d3246d41e9dc633eac1741be44f8d751d8c9fd57316fe06d60872939b7a2906bb27a299a3408a51d74e5d98417f05f85fc1b332e103e79203e9fe344dc1d1572de39d914c5270c839870d2b33da5a6efc08c4f0c8227cc35a7f77c6a55f80ceef90e217c80e5ecb4c236685f5219787b01612cfbac90794e8269c07fb7ca4f7dba4defb2aae2b37f7b1696e78de15dbb1b6d4ee0cc4c0fae274b2c2de9343862de1d9847515ad235b1837daa9b814f19e895ae3966ed262e3e7add9f19009e6b61462917b29502b67e124c43538a6bcab7296529e01bb26ab8b3ef094ed057383c4f92790b6f705ae9d943c4e8dad84f6ef82b54d062713c16960fb475d74d46a1b16062563da3391cc6ff5185162c31ff7339e4837e38adab8ab911abaaa006e313dd19a1f92b4f7bede4525b154e1b9f796136a85f3602da011ae2232be902347e08ce0bbf3d23d91c4aac11c8824caafa1d1ff0343ce655802c1915f3ae7c0c670b18e56e139be66a33613afcb3b1928613b3afba9d635070af678216d57023d1911f0eb7ebddefc96f0efd8e9dc10e8a87a68393e19733ef900c6264722940750ae16f664e445414e85e98570303c6d87d7f265cfae0a1e9314fc14674c2871c0d59bbe2eddaf9330a4e2a28673af73910d6cb90790f800e89d55a2930910a8430ade9551819d83d5ea6da4e58326b7ce555d01da86ea78200f0219ec92473da95cd5a632c525ca9fbcddebb8168881cdb2f5da787d0e31881e2b17d78184f3a0bed8662486d3937dab275d050b9dd5a2ce904208a91a467afc33e10fb6c1ca788a5ef30d6e8b615ec0ae1503fea7006569559b7b155c31b196b85881c5671173c06fc5373e9fd973e7111ed45874609bf3c88c6db732210a3ea04cb68662bbc2048bb55d811482af5c658e29bd18c57ffa25e88d7297cd20d4c2b13007cfae89f4dcd90177a0806a2ceb2095333b58f828c093b9bf63cd07e3d56a446fd12e755fd651211bc160948836939c17623b317b9e935307044bab2c11879a62288e7ecbbb97f10f52516f517b7b8e44cff5964fdfaf8044065056b48db13b1365004c336afa3535af1242c9b7271b8b1ba2213fcbb80926bcd394815cd7c27e3aeb2348dc45f5e06e32f5bd56d1c472f41b564ec0939cd012028412883cc098d086fd43858747b746be72b979d175f6a6447fc5908616dec7fc6c962e12e96e09bd068acd2fcf0ce1cc26d9f82b2b91bc9aafcbf8435011f73b6a8ea1bb2f3289b23236136b31656600762feff53e607df8cf3c9a7f257b212630c19f142e4cf5094250b629cabb145c77f1f14ad60ab7617078f810a766cfa341fb7c16086609bc0a768fb1cd782606f32b83a0a55d883269a05b80275612dc571cb993ea9e447b4d32570d412203ab4c8b050b63bb5ac0f8d6f4e9a1644e4b622587b2ae125c2093bd363493d58544d6303a0de17780fcd83e993aa83f4432274eee1e6333fcdc77bcfdea95b8b9ed787723e35b71f1dbe89ff1e3e6fde146c05b6fe9eae52b472624e412253a63e7fcf1b77dbff7509eec5a55501e222f66bd84d36663cd244fa1556bd34b4c9957a93a71e63961ffc7700c5545acdd3e79da41e1cfaca0956d4978222cda23a574d691dbb6c6bd083c70c2782c045bbbe0fcaa10efbc002af6832e3fa7dda0ec8ff6ded69302d55d5a62a7ec213f16ecc5e3304a83103d1c2b21e04e3f5f3730339a630a407e8cc6a5afd2f2ed78ff992035a3783a2708195a46e565a9113be8c228ccaae3510363b475732ad48fe8ff34801f4c35132359d4c5c5bff65141f4a8684d462cf5d97b44496440fff3f7a28d28bbaa8e6db2a6064cbe9fca4679afe8ca6dd27a25c56f3e58165040f19a0455199a0ece4583f060979427f2f3495f40a83bc6ee3eaadab18705d464662b8aba9c7aa2f29114f7acc247548a85bd44723064abeee18f7f558f6d0d74fa08103dd906124454745d23005c425b260b0034372123b642a0cbebbc1a0bcf0cfc3639876eceac5f9734057ff659cfd35b1a3eaa768b86d66244aabc23a45676a59d492614f1c0011c9253e53fc7bb3e20d303afdb5b6614dcc7bbf72a339e414672aac23c2e2983083f08dbc34e3452def00f402598b6aaa4f0d896d1648b1442621993b7d0c930560cb6152b9ce59f94356726816a224fca84da5dbde6675d20f546a3e4635e82ff9575cac9160e6819f", 0xfffffffffffffd8a, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000000c0), 0xce4, r3}, 0x38) bpf$MAP_UPDATE_BATCH(0x1b, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x401, r3, 0x0, 0x100000000000000}, 0x38) 26m47.71342015s ago: executing program 41 (id=1279): syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000180), 0x0) 25m30.916590873s ago: executing program 42 (id=1419): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x318}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x2}) 25m7.547923851s ago: executing program 43 (id=1439): fanotify_init(0x20, 0x101000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000c00)=ANY=[], 0x5, 0x6e7, &(0x7f0000002a00)="$eJzs3c1vHGcdB/DvrNeON1TBaRMaoSBMIhVEROLESiFcMAihHCpUlUPPVuI0VjZJlbgorRC4gOCExKF/QEHyjQNC4h4ULlzKrVcfKyFxiThEvSya2Vl7d71+jWMn8PlE43meeV7mt888M+NdZzUB/m9dPZfmwxS5eu6NB2V+dWW2vboye6Qubicp042k2V2luJMUj5K5srzoW9K33uCjxStvffp49bNurlkvVf2xrdqNMKLucr1kuu5vemTL8Z3uYrkOLy8luVavB03stK+BiuWgna3XcOg6gxrpLO+m+W7OW+A507s7Fd375gZTydEkk/XvAamvDo2Di3Bffa2X2NVVDgAAAF5Qn9w97AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxVM9/7+1lm10NyXTKXrP/5/obavTz6G5Hdd8+EzjAAAAAAAAAICD8dUneZIHOdbLd4rqb/5nqsyJfN5JvpD3cj8LuZfzeZD5LGUp93IxyVRfRxMP5peW7l1ca1ka3fLSyJaX9vwSvrnnlgAAAAAAAADwv+OXaa3//R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4HRTLWXVXLiXqdqTSaWS/LcvLPJBOHHe8uFKM2Pjz4OAAAAOCpTO6hzRef5Eke5Fgv3ymq9/xfqt4vT+a93MlSFrOUdhZyvX4PXb7rb6yuzLZXV2Zvl0uZH+z3+//eVRgTdQ9jVW7Unk9VNVq5kcVqy/lcq4K5nkZ332eTU714+uLq82EZU/G92g4ja9bDWu7s95t9irAvBj+KaGxRs7UeXLI2IjN1bGXL490RKKoPapLhkRg+Oht21hzITVVVxtf2dDGNtU9+TjyDMT9ar8vX85tnOuY70T8WayPRSDUSl3qzrzxnth6J5Ot//dPbN9t3bt28cf/c4b6kXRjbZPvwnJjtG4lXX+iRaO6y/kw1EifX8lfzo/wk5zKdN3Mvi/lp5rOUhXTq8vl6Ppc/p7YeqbmB3JvbRTJRH5fuMdtJTNP5YZWaz5mq7bEspsjdXM9CXq/+XcrFfDuXczlX+o7wyU3jrl5bddY3hs/63pH+28jgz36jTpRXt9+uX+XmtnrFm83O/dK99pfjerxvXLuz/vFareN958FM3yi93Bud8ZGd7+Xa2PxynSj38att7hMHa6oeifIE6t0letG90h2JZnUv2jjP/9Ap26V9p9O5Of/uJv0vD+Vfq9fltFr5yna1e0Yfiv1VzpeXM1lfSQZnR1n2ytpVpq+ssz6Xu2WDd9yy3cmqrCh6Z+qPc7eaABvP1In6d7iNPV2qyl4dKjtdX8PLslN9ZQO/b+Vu2rl+AOMHwF784+215FSOTrT+1fqk9XHr162brTcmf3DkO0dOT2T87+Pfbc6MvdY4XfwlH+fn6+//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvbv//ge35tvthXujE43NiwYSrQxv2a7noURRP9BnVJ1b9VMKdtXhIScmkwxsqZ5zdOBhtIbD2JDo/CI58PHpPURwdJ3flYnmjg733MCWP2/s8MPt4xnL0DzcwXnxDBONHOxOxzJ6AhzWFQk4KBeWbr974f77H3xr8fb8OwvvLNwZv3z5ysyVy6/PXrix2F6Y6f487CiBZ2H9pn/YkQAAAAAAAAAAAAA7NeqLAWde2u5LIxsSjSTD3/HwPwsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAfXH1XJoPU+TizPmZMr+6Mtsul156vWYzSaORFD9LikfJXLpLpvq6K/LHR+mM2M9Hi1fe+vTx6mfrfTW79ZNGvd7c1qVJlusl00nG6vVTGOjv2lP3V/yn9xrKAfu80+nMPV18sD/+GwAA//9kyu2N") ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1, 0x0, 0x1}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = socket(0xa, 0x1, 0x84) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) pipe2$9p(0x0, 0x84080) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000000c0)={0x15, 0x65, 0xffff, 0x8, 0x8, '9P2000.L'}, 0x15) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001f6c0)=""/102400, 0x19000) bind$rose(0xffffffffffffffff, 0x0, 0x0) pwrite64(r0, 0x0, 0x0, 0x8080c61) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) creat(0x0, 0x0) rename(0x0, 0x0) rename(&(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340), 0x2000011a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) 24m50.431088679s ago: executing program 44 (id=1465): socket$inet_udp(0x2, 0x2, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000580)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xbc3d, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1802020, &(0x7f0000000340)=ANY=[]) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000440)=""/76, 0x0) unshare(0xe060400) unshare(0x2c060000) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)) 23m29.528601453s ago: executing program 45 (id=1598): sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x95, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000200)=0x67f4, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) 21m24.597954744s ago: executing program 46 (id=1817): openat$ttynull(0xffffffffffffff9c, 0x0, 0x80080, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f0000000000)=@fragment={0x73, 0x0, 0x5, 0x1, 0x0, 0x1, 0x8000064}, 0x8) connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 19m43.548852706s ago: executing program 47 (id=1954): socket$inet6(0xa, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[@ANYBLOB="140000003a00010100000000000204000a"], 0x14}}, 0x0) recvmmsg(r1, &(0x7f0000003700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x140, 0x0) 18m37.941958073s ago: executing program 48 (id=2023): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7ffd, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = syz_open_dev$vim2m(&(0x7f00000003c0), 0xb, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f0000000100)={0x1, @pix_mp={0x8, 0x7f, 0x50565559, 0x8, 0x7, [{0x6, 0x2}, {0xdf34, 0x9}, {0x6, 0xfffffffb}, {0x31d, 0x2}, {0x5, 0x2}, {0x5, 0xffffffff}, {0x1, 0x3}, {0x18, 0x1}], 0x2, 0x7, 0x2, 0x2, 0x6}}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a45352, &(0x7f0000000040)={{0x0, 0xff}, 'port1\x00', 0x1c, 0x6042c, 0x1, 0x1, 0x6, 0x8, 0x9, 0x0, 0x3, 0x4}) quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f0000000180)) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$vnet(0xffffff9c, &(0x7f0000000200), 0x2, 0x0) write$vhost_msg_v2(r4, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0) mknod$loop(0x0, 0xfff, 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r6, &(0x7f0000000000)={0x1d, r7}, 0x10) setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, &(0x7f00000000c0), 0xf00) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) 15m42.343956238s ago: executing program 49 (id=2393): openat(0xffffffffffffff9c, 0x0, 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/fib_triestat\x00') pread64(r2, &(0x7f00000000c0)=""/144, 0x90, 0x2f) 15m25.84339836s ago: executing program 50 (id=2436): socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x2e, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4) connect$inet(r1, &(0x7f0000000000)={0x2, 0x2, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 14m16.678169247s ago: executing program 51 (id=2509): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r1, &(0x7f0000000340)={0x6, 0x0, 0x3, 0x0, 0x1}, 0x8) 14m13.764822909s ago: executing program 52 (id=2515): r0 = gettid() rt_sigqueueinfo(r0, 0x6, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000380)=""/131, 0x83}], 0x1, 0x80000001, 0x3) 13m31.724891897s ago: executing program 53 (id=2553): r0 = landlock_create_ruleset(&(0x7f0000000000)={0x10, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) open(0x0, 0x141080, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x8, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x6, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xb460}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)={0x3c, r5, 0x917, 0xa7, 0x1000000, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x3f}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e23}, @L2TP_ATTR_FD={0x8, 0x17, @udp6}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40810}, 0x20000000) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) io_uring_setup(0x3210, 0x0) dup(0xffffffffffffffff) 12m37.690266331s ago: executing program 54 (id=2611): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000180)='./bus\x00', 0x8, &(0x7f0000000280)={[{@errors_continue}, {@nocheckpoint_merge}, {@alloc_mode_def}, {@six_active_logs}, {@acl}, {@fault_injection={'fault_injection', 0x3d, 0x4ee}}, {@quota}, {@noacl}, {@compress_cache}, {@alloc_mode_def}, {@noheap}, {@two_active_logs}, {@extent_cache}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000111401000000cfcb0000000008000100000000000800030001ba"], 0x20}, 0x1, 0x0, 0x0, 0xd0}, 0x20000800) 12m18.790294855s ago: executing program 55 (id=2670): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0xfffffffffffffd0b, &(0x7f0000000480)={&(0x7f0000000140)=@updsa={0xf0, 0x10, 0x1, 0x0, 0x200000, {{@in6=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32}, {@in6=@private1, 0x0, 0x32}, @in=@multicast2, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffe2f1}, {}, {0x0, 0x5, 0xfbfffffe}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040e07050220"], 0xa) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) 10m45.466307376s ago: executing program 56 (id=2836): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 10m41.568534002s ago: executing program 57 (id=2847): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x40c0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 10m2.648808959s ago: executing program 58 (id=2891): r0 = syz_clone(0x8100, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000040)='io\x00') pread64(r1, &(0x7f0000000140)=""/15, 0xf, 0x4) 9m47.242575898s ago: executing program 59 (id=2910): ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect) ioctl$USBDEVFS_SETCONFIGURATION(0xffffffffffffffff, 0x80045505, &(0x7f0000000000)=0x1) 9m38.04864343s ago: executing program 60 (id=2921): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x180) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') syz_io_uring_setup(0x49e, 0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) fsopen(&(0x7f0000000180)='hfsplus\x00', 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 9m26.079706544s ago: executing program 61 (id=2931): sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x40010) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000100), 0x0) r1 = dup(r0) mmap(&(0x7f00004d7000/0x3000)=nil, 0x3000, 0x4, 0x28011, r1, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) accept4$packet(r2, 0x0, 0x0, 0x800) bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r1}, 0x8) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x162e02, 0x0) r4 = dup(r3) fallocate(r4, 0x10, 0x0, 0x72000) 8m38.845274123s ago: executing program 62 (id=2946): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) socket(0x840000000002, 0x3, 0xff) ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, &(0x7f0000000100)={0x0, 0x4, 0x9, 0x3, 0xf, 0xa, 0xfffffffc}) r2 = socket$netlink(0x10, 0x3, 0x6) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x25, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x6}, {0x0, 0xfff1}, {0x0, 0x9}}}, 0x24}}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r3 = fsopen(&(0x7f0000000300)='hpfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='source', 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) timer_create(0x7, &(0x7f0000001880)={0x0, 0x2b, 0x1, @thr={0x0, 0x0}}, 0x0) r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SG_IO(r5, 0x2285, &(0x7f0000000400)={0x0, 0xffffffffffffffff, 0x5f, 0x69, @buffer={0x0, 0x9, &(0x7f0000000140)=""/9}, &(0x7f0000000280)="99d3a24738682d0c1c1cd66fd35b568856fc3a45500836a494b5fd5fc07adfed31556cc6a593978da7f96e3891556ee93d06070912cf42085046e03a2e546dd83779aad39639307fb9b955470e5febf3b8588357c48644e2ce292d12dcee0f", &(0x7f0000000340)=""/166, 0x7, 0x1, 0xffffffffffffffff, &(0x7f0000000180)}) syz_mount_image$fuse(0x0, 0x0, 0x208402, 0x0, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x0) write$sysctl(r4, &(0x7f0000000580)='1\x00', 0x2) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12011900000000406a0563000000000000010902"], 0x0) 8m24.579396135s ago: executing program 63 (id=2964): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x8, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x6, 0x0, 0x5, 0x86c}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) 8m24.320060848s ago: executing program 64 (id=2952): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x1, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0xfffffffffffffffc}) getpeername$tipc(0xffffffffffffffff, &(0x7f0000000080)=@name, &(0x7f0000000180)=0x10) r3 = open(&(0x7f0000000040)='.\x00', 0x0, 0x6c) fcntl$notify(r3, 0x402, 0x5) ftruncate(0xffffffffffffffff, 0x6000000) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f00000012c0)={0x18}) socket$nl_route(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000000c80)={0x0, 0x0, {0x0, @struct}, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) fsopen(0x0, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x2e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000080046000020000000000011fe78ac1414ffac141416008903bc0000000000089078"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x1050) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0xe0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 8m14.464450052s ago: executing program 65 (id=2976): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000002000010000000000000000000a8040040000000600000000270002"], 0x44}, 0x1, 0x0, 0x0, 0xc011}, 0x40000) 7m33.494100676s ago: executing program 66 (id=2990): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x0, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x3) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x101101, 0x0) r1 = syz_io_uring_setup(0x8d2, &(0x7f00000001c0)={0x0, 0x54a5, 0x400, 0x1, 0x37a}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) io_uring_enter(r0, 0x6aed, 0x6ad3, 0x6, &(0x7f0000000280)={[0xd5]}, 0x8) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace(0x10, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x804, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c) shutdown(0xffffffffffffffff, 0x1) 7m14.006904417s ago: executing program 67 (id=3000): r0 = socket$inet6(0xa, 0x3, 0x26) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@remote, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x200000000002f1b, 0xfffffffffffffffe, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in6=@empty, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 7m7.115908305s ago: executing program 68 (id=3007): r0 = syz_usb_connect$lan78xx(0x3, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000700)={0x0, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x84, &(0x7f0000000400)={0x40, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 6m45.134475228s ago: executing program 69 (id=3021): r0 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback, 0x4a}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) 6m35.240605353s ago: executing program 70 (id=3030): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x28, r1, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x48040) 5m20.648607914s ago: executing program 71 (id=3145): socket$packet(0x11, 0x2, 0x300) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xfffffde0, 0x2}}, 0x0, 0x26}, 0x28) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1, 0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000100)=r2}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x1000, 0x0, 0xf2}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, 0x0, &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) r5 = openat2$dir(0xffffff9c, &(0x7f0000000380)='./file2\x00', &(0x7f00000004c0)={0x180, 0x29, 0x4}, 0x18) openat(r5, &(0x7f0000000500)='./file1\x00', 0x8c0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x414902, 0x80) mount(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ufs\x00', 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000540)=ANY=[@ANYRESOCT=r6, @ANYRES32=0x0, @ANYRESHEX=r3, @ANYRES32=r5], 0x68}}, 0x2f25d037314b026) 5m12.368702421s ago: executing program 72 (id=3163): socketpair$unix(0x1, 0x1, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001440), 0x0, 0x40002002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f00000009c0), 0x11, 0x56b, &(0x7f0000000440)="$eJzs3c1rHOUfAPDvbDbp6+/XFEpREQn0YKV20yS+VPBQj6LFgt7rkkxDyaZbspvSxILtwV68SBFELIgHb3r3WPwHvPgvFLRQpAQ9eInMZjbNy26ybTYv7X4+MOF5dmb3me/MfJ88s88uG0DPGsr+FCJejIivkogjEZHk64qRrxxa2m7h0Y3xbElicfHjv5LGdlm9+VrN5x3KKy9ExK9fRJwqrG+3Njc/Va5U0pm8Plyfvjpcm5s/fXm6PJlOpldGx8bOvjk2+s7bb3Ut1tcu/PPtR/feP/vliYVvfn5w9E4S5+Jwvm5lHFtwc2VlKIbyY9If59ZsONKFxvaSZLd3gKfSl+d5f2R9wJHoy7O+lR8P7OiuAdvs84hYBHpUIv+hRzXHAc17+y7dBz8zHr63dAO0Pv7i0nsjsb9xb3RwIVl1Z5Td7w52of2sjV/+vHsnW6J770MAbOrmrYg4Uyyu7/+SvP97emc62GZtG/o/2Dn3svHP6+vGPwOxnJv7G3/Xjn8Otcjdp7F5/hcedKGZtrLx37stx7/Lk1aDfXntf40xX39y6XIlzfq2/0fEyejfl9U3ms85u3B/sd26leO/bMnab44F8/14UNy3+jkT5Xp5KzGv9PBWxEstx7/J8vlPWpz/7Hhc6LCN4+ndV9qt2zz+7bX4Q8SrLc//4xmtZOP5yeHG9TDcvCrW+/v28d/atb/b8Wfn/+DG8Q8mK+dra0/exvf7/03brVsVf3R+/Q8knzTKA/lj18v1+sxIxEDy4frHRx8/t1lvbp/Ff/JE6/zf6Po/EBGfdhj/7WM/vdxR/Lt0/iee6Pw/eeH+B5991679zvq/Nxqlk/kjnfR/ne7gVo4dAAAAAAAA7DWFiDgcSaG0XC4USqWlz3cci4OFSrVWP3WpOntlIhrflR2M/kJzpvvIis9DjOSfh23WR9fUxyLiaER83XegUS+NVysTux08AAAAAAAAAAAAAAAAAAAA7BGH2nz/P/NH327vHbDt2v/kN/C82zT/u/FLT8Ce5P8/9C75D71L/kPvkv/Qu+Q/9C75D71L/kPvkv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQVRfOn8+WxYVHN8az+sS1udmp6rXTE2ltqjQ9O14ar85cLU1Wq5OVtDRend7s9SrV6tWR0Zi9PlxPa/Xh2tz8xenq7JX6xcvT5cn0Ytq/I1EBAAAAAAAAAAAAAAAAAADAs6U2Nz9VrlTSGYXns/D7djdR3OrrFCNiDxwohdWF3e6ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCx/wIAAP//sIc3PA==") io_uring_enter(0xffffffffffffffff, 0x47ba, 0xa25d, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aac020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbad362baa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c8d5ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f08000100627066000900010073797a30000000000900020073797a3200"], 0x2d4}}, 0x4048010) 5m11.94298601s ago: executing program 73 (id=3162): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10) read$alg(0xffffffffffffffff, &(0x7f0000000000)=""/35, 0x23) sendto$unix(0xffffffffffffffff, &(0x7f0000000940)="bb61d26a34936f8cc23086612b38d055", 0x10, 0x20004000, 0x0, 0x0) 4m26.744131035s ago: executing program 74 (id=3228): r0 = socket(0x10, 0x803, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000080)=@raw=[@map_fd={0x18, 0x9}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="400000001400b59500000000feffffff0a400000", @ANYRES32=r2, @ANYBLOB="140002000000000000000016"], 0x40}}, 0x0) 4m25.359776571s ago: executing program 75 (id=3231): syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008e88052086800095d89301020301090212000100000000090401"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000400)={&(0x7f0000000000)=[{0x0, 0x2000, 0x0, 0x0}], 0x1}) 4m15.277233302s ago: executing program 76 (id=3245): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") open(&(0x7f0000000040)='./bus\x00', 0x14927e, 0x0) ftruncate(0xffffffffffffffff, 0x2007ffc) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000009) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) 3m16.26890717s ago: executing program 77 (id=3305): socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001680)) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x200000000) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x2) preadv2(r2, &(0x7f0000003500)=[{0x0, 0x3e}, {&(0x7f00000002c0)=""/97, 0x61}], 0x2, 0x0, 0xb, 0x16) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x2) sched_setattr(0x0, &(0x7f0000000280)={0x88, 0x0, 0x2, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x1800, 0xfffffffb}, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) socket(0x29, 0x800, 0x7) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000440)={'wlan0\x00', &(0x7f00000007c0)=@ethtool_drvinfo={0x3, "712a47568b2c402e2c5792b5adbbb82e0c1f8ee15ff7a4373a68eb060d768899", "4a3eb3768515948dfab2e1f39f58465d11fafea228a4086797ceab4b73313c93", "2a9b70e21ec29d05eb89d11e2ed69c5ab4272fac74fcaab9925fabaa303bac61", "38e51009894cae17d2b361d9fedae469737f49b6a39d85a1ca87cbbb9b8e4809", "f16f995bdf5e1d0f32a39b81f061d8c510b4a16421b5cb56afda00", "87e20d1a690faf456b2d5369", 0x7afc, 0x3, 0x4, 0x3, 0x7ff}}) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, 0x0) eventfd(0xfffffff9) r5 = socket(0x2, 0x3, 0x67) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x52c) sendto$unix(r5, 0x0, 0x0, 0x4008000, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='nv', 0x2) fsopen(&(0x7f00000000c0)='bfs\x00', 0x1) getsockopt$inet_tcp_buf(r5, 0x6, 0x1c, 0x0, 0x0) 3m16.168960483s ago: executing program 1 (id=3307): syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002) poll(&(0x7f0000000080), 0x0, 0x7a0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) 3m15.972747189s ago: executing program 78 (id=3289): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) pivot_root(0x0, &(0x7f0000000400)='./file0\x00') recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r2, 0xc0cc5640, &(0x7f00000000c0)={0x2, @sdr={0x32314d54, 0x400ffff}}) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) socket(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4}) listen(0xffffffffffffffff, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000080)={0x4, 0xbde, 0x0, &(0x7f0000000180)="a1984ec3aec3fc2e025f90eda6dbc903939aac644fd36f1e65174cae030c42cbacc392851a695f247112e91f059460", 0x0, 0x2f}) ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000280)={0x3, r6, 0x1, 0xffff, 0xa, 0x1ff, 0x1}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2, 0x2}) socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x2, 0x0) 3m14.89423905s ago: executing program 1 (id=3311): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x220c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r7, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r1) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r8, 0x0) writev(r1, &(0x7f0000000540)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a066f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0effeffe809005300fff5dd0000001000010008", 0x4d}], 0x1) 3m13.843890349s ago: executing program 1 (id=3313): unshare(0x2a020400) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r0, 0x114, 0x3, 0x0, 0x0) 3m13.317718424s ago: executing program 1 (id=3314): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") open(&(0x7f0000000040)='./bus\x00', 0x14927e, 0x0) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9567, 0x3, 0x0, 0x0, 0x1f, 0x5, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220fffff2ff00000000000000000e00", [0x4, 0x100]}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) 3m12.281019455s ago: executing program 1 (id=3315): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/189}, {&(0x7f00000002c0)=""/182}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/198}, {&(0x7f0000001480)=""/169}, {&(0x7f0000001540)=""/4096}], 0x10, &(0x7f0000002540)=""/216}}], 0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000000180)="f102", 0x2}, {&(0x7f0000002640)="f5f2de5f96a1ca", 0x7}], 0x2}}], 0x1, 0x0) 3m11.173947653s ago: executing program 3 (id=3318): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2720, 0x0, &(0x7f0000000000)) 3m11.031008599s ago: executing program 1 (id=3319): socket(0x80000000000000a, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) 3m8.404891753s ago: executing program 79 (id=3319): socket(0x80000000000000a, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) 3m8.351419008s ago: executing program 3 (id=3321): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x220c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r7, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r1) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r8, 0x0) writev(r1, &(0x7f0000000540)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a066f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0effeffe809005300fff5dd0000001000010008", 0x4d}], 0x1) 3m7.989888997s ago: executing program 3 (id=3322): r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000540b4550182195f51584b3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000280)={0x3, 0x100, 0x0, 0xf5, 0x80000, 0x7ffd}) 3m6.819257847s ago: executing program 3 (id=3323): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") open(&(0x7f0000000040)='./bus\x00', 0x14927e, 0x0) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9567, 0x3, 0x0, 0x0, 0x1f, 0x5, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220fffff2ff00000000000000000e00", [0x4, 0x100]}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) 3m5.723086213s ago: executing program 3 (id=3324): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) 3m4.188893738s ago: executing program 3 (id=3327): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/189}, {&(0x7f00000002c0)=""/182}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/198}, {&(0x7f0000001480)=""/169}, {&(0x7f0000001540)=""/4096}], 0x10, &(0x7f0000002540)=""/216}}], 0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000000180)="f102", 0x2}, {&(0x7f0000002640)="f5f2de5f96a1ca", 0x7}], 0x2}}], 0x1, 0x0) 3m2.678803928s ago: executing program 80 (id=3327): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/189}, {&(0x7f00000002c0)=""/182}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/198}, {&(0x7f0000001480)=""/169}, {&(0x7f0000001540)=""/4096}], 0x10, &(0x7f0000002540)=""/216}}], 0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000000180)="f102", 0x2}, {&(0x7f0000002640)="f5f2de5f96a1ca", 0x7}], 0x2}}], 0x1, 0x0) 2m31.049224093s ago: executing program 8 (id=3320): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1003d1, 0x3, 0x20000000, 0x6, 0x6}, 0x69}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2) close(r1) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000740)=@xdp={0x2c, 0x0, r6, 0x42}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000002c0)="27030200dc0f14000e00003c0ff000000000ff880000000200000003125ce882cbf490", 0x23}], 0x1}, 0x8bb3a321efc09a) 2m28.804845577s ago: executing program 8 (id=3349): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000340)={0xb, 0x4, 0xa000200000a959, 0x5, 0x2ef, 0x7ff, 0x101, 0x1, 0x104ffe}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) 2m27.741292599s ago: executing program 8 (id=3351): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x0) ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000100)={0xffffffffffffffff, 0x2, &(0x7f0000000040)="25b6"}) syz_mount_image$fuse(0x0, &(0x7f0000000440)='./file0/../file0\x00', 0x40088, 0x0, 0xfe, 0x0, 0x0) chown(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x2) ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000240)={0x4, 0x11, &(0x7f00000001c0)="7ec345fb101e7359aaa4088bb9046aca95"}) setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000180)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18) syz_emit_ethernet(0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa32000045000028006400000402907800000000e000000211009078e0000002000100010000010000000000f31658fa761f012ddbd0731e9b796656392ebe66f96b4a5de1bd6ae70ee819abbd3a93b19c0ca72769f6f06cdce2f0e2498100916eee87dc579a961a41b70d24bc4f504ea4b1d5401c6dcfee9dd548dfd55a503ac73c67f8f6e69a52b272f72b94c59c91af84616b95b4a0dadb0115901c531bc51e0dedc44f5eff7a055ceb40ae513314606d"], 0x0) r4 = io_uring_setup(0x37f0, &(0x7f00000004c0)={0x0, 0x100decd, 0x2}) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) r6 = openat$cgroup_root(0xffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000480)={0xffffffffffffffff, r6, 0x1c, 0x0, @void}, 0x10) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r7, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x1000, 0x101c, 0x10, 0x4, 0x401, 0x100, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r7, r8], 0x2, 0x0, 0x0, 0xffffffffffffffff}) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) ioctl$DRM_IOCTL_MODE_SETCRTC(r9, 0xc06864a2, &(0x7f0000000340)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, "b1eddb851ba62b00d8730000000000000000000800"}}) close_range(r4, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f00000000c0), 0x80, &(0x7f00000001c0)=ANY=[]) 2m25.980759821s ago: executing program 8 (id=3354): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") open(&(0x7f0000000040)='./bus\x00', 0x14927e, 0x0) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9567, 0x3, 0x0, 0x0, 0x1f, 0x5, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220fffff2ff00000000000000000e00", [0x4, 0x100]}) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1ff) 2m25.718105029s ago: executing program 7 (id=3355): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r0, 0xffffffffffffffff, 0x3f00000000000000) 2m24.559852139s ago: executing program 7 (id=3357): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="200000006800e97802000000000000000a0000000000000008000500", @ANYRES32=r1], 0x20}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) 2m23.586825084s ago: executing program 8 (id=3359): futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) 2m23.426690423s ago: executing program 7 (id=3360): socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0003230c1100"}) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) personality(0xb) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) mremap(&(0x7f00005d7000/0x2000)=nil, 0x2000, 0x2000, 0x0, &(0x7f00008d9000/0x2000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) rt_sigprocmask(0x2, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8) r2 = gettid() r3 = getpid() rt_tgsigqueueinfo(r3, r2, 0x15, &(0x7f0000000840)={0x22, 0x7, 0xfffff7ff}) 2m20.580511834s ago: executing program 8 (id=3361): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000340)={0xb, 0x4, 0xa000200000a959, 0x5, 0x2ef, 0x7ff, 0x101, 0x1, 0x104ffe}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) 2m16.6942413s ago: executing program 81 (id=3361): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000340)={0xb, 0x4, 0xa000200000a959, 0x5, 0x2ef, 0x7ff, 0x101, 0x1, 0x104ffe}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) 2m16.025547827s ago: executing program 6 (id=3367): write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xa, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) r4 = dup3(r1, r0, 0x80000) r5 = syz_io_uring_setup(0x497, &(0x7f0000000340)={0x0, 0x293e, 0x100, 0x1, 0x80000124}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r5, 0x351a, 0x100, 0x0, 0x0, 0x0) symlink(0x0, 0x0) 2m13.388525667s ago: executing program 7 (id=3369): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") open(&(0x7f0000000040)='./bus\x00', 0x14927e, 0x0) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9567, 0x3, 0x0, 0x0, 0x1f, 0x5, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220fffff2ff00000000000000000e00", [0x4, 0x100]}) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1ff) 2m11.26276044s ago: executing program 7 (id=3370): migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) 2m9.059134752s ago: executing program 7 (id=3371): futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) 2m5.732241108s ago: executing program 82 (id=3371): futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) 2m5.65466565s ago: executing program 6 (id=3375): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0xa7e, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x2000, 0x3, 0x4, 0x0, 0xd, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, "a730ba01"}, 0x0, 0x1, {0x0}}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) 2m4.317562488s ago: executing program 6 (id=3377): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000340)={0xb, 0x4, 0xa000200000a959, 0x5, 0x2ef, 0x7ff, 0x101, 0x1, 0x104ffe}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 2m3.064366638s ago: executing program 6 (id=3379): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") open(&(0x7f0000000040)='./bus\x00', 0x14927e, 0x0) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9567, 0x3, 0x0, 0x0, 0x1f, 0x5, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220fffff2ff00000000000000000e00", [0x4, 0x100]}) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1ff) 2m1.35338249s ago: executing program 6 (id=3381): r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002) poll(&(0x7f0000000080)=[{r0, 0x7002}], 0x1, 0x7a0) syz_open_dev$usbfs(0x0, 0x77, 0x101301) 1m58.251939601s ago: executing program 6 (id=3382): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, 0x0, 0x0) add_key$keyring(&(0x7f0000000400), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="d80000001b0001000000000000000000fc000000000000", @ANYRES32=0x0, @ANYBLOB], 0xd8}, 0x1, 0x0, 0x0, 0x4044001}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r6 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TCSETS(r6, 0x5402, &(0x7f00000000c0)={0x2, 0xc35ee47, 0x10001, 0xc, 0x7, "a10cbd909ed69671d0ec3b1ec08a5bfa8c391c"}) syz_open_dev$video4linux(&(0x7f0000000080), 0x8000000003fe, 0x10002) 1m56.318995014s ago: executing program 83 (id=3382): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, 0x0, 0x0) add_key$keyring(&(0x7f0000000400), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="d80000001b0001000000000000000000fc000000000000", @ANYRES32=0x0, @ANYBLOB], 0xd8}, 0x1, 0x0, 0x0, 0x4044001}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r6 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TCSETS(r6, 0x5402, &(0x7f00000000c0)={0x2, 0xc35ee47, 0x10001, 0xc, 0x7, "a10cbd909ed69671d0ec3b1ec08a5bfa8c391c"}) syz_open_dev$video4linux(&(0x7f0000000080), 0x8000000003fe, 0x10002) 24.799970878s ago: executing program 2 (id=3514): syz_usb_connect(0x2, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000009be1a08560833acf800010203010902120001000000000904"], 0x0) 22.683907821s ago: executing program 2 (id=3520): ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(0xffffffffffffffff, 0xc0106441, &(0x7f0000001000)={0x0, 0x0, 0x8}) socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x3, 'lblcr\x00', 0x1, 0x80005, 0x5}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) 17.40128043s ago: executing program 0 (id=3531): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 16.648378056s ago: executing program 0 (id=3532): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f0009"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000540b4550182195f51584b3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000280)={0x3, 0x100, 0x0, 0xf5, 0x80000, 0x7ffd}) 12.960982355s ago: executing program 0 (id=3536): r0 = dup(0xffffffffffffffff) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40000) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000179000/0x2000)=nil) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0x2660, 0x800, 0x1, 0x136, 0x0, r0}) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000574000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000100)="66ba6100ecc4c3857b81a65b00000c44defac4c253f72a66470f3808cfc42391cf6000e16544812f00000000460fc7b47dd2000000430f01b5c04f000066b803008ed8", 0x43}], 0x1, 0x30, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000980)={"463905a9ed689001bf501f5d06c9bb650ad25e54664908571e4b865252982a7d66d45edaa9069c47ba8a09bbc555499a414202604223a18db9aec38ebb268f6ea2cd8702671daf9c58e5435cfa35ba1cd9ec9dd57a348ddf8dd75371ddba039ce06a12a15f91987cbb0f448ae1e43b1c2f70725135bad6dca096fe40607528bd95dcb884872230c61a72fe00c52255b53c00b983971b030bc7df9dec9efb9b6e9e0552916f288e1e60a6a5d208779d5d6243ede99e9db1faebbee758fb2114839f1c62c503ef34944c75e3fe4c509d7dbf9f66d6a39db8bb3eb0fa0fe1864baf1636e8b9060eb0e1a2f55bbde8871c2abfb3d459877bc94cec2f873205ece3c63e71014786801ac0654159b75730fbd9383f64507e2c887190e05b664822b796179acd5c160ccb210bda8f52ebbe3b84977d26fbff35f1d664aa2c01acabb40ed18bc684a8d9a73ff1fa3cd3e9fd914abb5b4032bb5f28eb41ecffa233e18c40b84f2d9b3e7ed95a1f6199141f51369ff2f00d37b6fc94c5792f136e6c6668a7c7606e67f4715c49b2f34a456a617c759a4a07fc66e9843c716f9f851cdc3f36127b2adc4fc1e642ec7d003618c34bd485864d5103f503d8007ca70d8c2e209f329d5693b3fff6cab97a43f276eb5ab5ab12b2fd39af2e67298cd1c5f7cef01806b82af1ed270a4e346c948ba965a2e092d040af8242ff609e6d3768db0301e66eb234e591371da21298dc4c8efe908a2470ba4542be772a8d6cccc878205256dd4f26bd987e8a7914f690e29b0b03e5e18b4340e611ecabe62868d25a04a6e13fa0b946e773d1a25af0851077dac26c18d690cf2bd715368c9b7bef624346d783c1052d9a4c61e73c604a066cee47971316a393e546d6f8a5a6b4ecac49ce9d7450cbb63d53434e5083ebd9c4b501aae9c9c1b18b95ff15f87581066cfad01f42214d6e191586dd22b5cb99bad7f91923af51a410dca073193fefddf01c5f2c3e9728ace39b72bee7450788f2c74b4f10a5ef8c4e8adc9761b7baa3689ea9f09264963a206a7548d9288d97e84d842d19bf3cc10cf033d12ed159328744d340e6e561afd811606006433f3fdf796163295b9bd38242320960f9f0d76ea2822fa68736bd357652c49f716a1919159e11f64425c95a5139c8290f067269e7bb191bca44494f97f28fa141e6515a762f659413f941c1b1c0bdd2e1228afd5ba100dd1a1d164f46987b78e652d2205d1d7e17e811845a23bdf2c897c7932923855e31e172b9a0b068e1d335f89fabe8ce661a9b4ccaec2e29a8f97c84978478c4d235b04e6a8a32d5f10f35486b03fd458b7b825408ce4201c8ca2258fe7b4618b168504b8f23ea37bfd5b3530e2f27bc521c4ccfdfa97761ebedfbb373ee5b6e12b07e0ce3feaad48e8aacfd2505e513433b9960fc24a5a6e7b778adaa73278396"}) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x1, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x10) 12.306662878s ago: executing program 2 (id=3537): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000008a00)=""/4097, 0x1001) 10.803346081s ago: executing program 2 (id=3540): r0 = socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58) r3 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r3, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000004c0)="62c99e05d98775ed1beb5d67431ead896f7060f03e5b8671b283168d0df1573bef271f3a22b9cac06e27c7e87b34a19188d3e10e670bc070f0d3eb88d2f891d242747e0deec4a10609b12d4058b0fbff28bb01e6e49b533b03b11288ff4da1ab3226a2e3ba5fc47969142f1a1a0ca9ba4cece2ac9a5fcd89343de7e57dfcbb6216499555bd04f2fcb91c3c6c72868a3797ec63f8138ab74b5034878812df8b0445704cb33f81bffed93c3e645a206db134f626a59f4fac53fbf23489cf2f45d05d735e64033376671da045df97bcb989bda1d17ba14afbfd19e32a8222ebf934c17fed237b86aef2e830", 0xea}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac4824362864", 0x1f}], 0x3}}], 0x1, 0x0) 9.970627386s ago: executing program 4 (id=3542): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2) read(r3, &(0x7f0000000080)=""/77, 0xffffff0f) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f00000001c0)={[], 0xf000}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x1009, 0x3, 0x0, 0xfffffffa}) 8.972611593s ago: executing program 2 (id=3543): syz_usb_connect(0x2, 0x24, 0x0, 0x0) 8.050033758s ago: executing program 4 (id=3546): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f0009"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000540b4550182195f51584b3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000280)={0x3, 0x100, 0x0, 0xf5, 0x80000, 0x7ffd}) 7.794948516s ago: executing program 2 (id=3547): ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(0xffffffffffffffff, 0xc0106441, &(0x7f0000001000)={0x0, 0x0, 0x8}) socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x3, 'lblcr\x00', 0x1, 0x80005, 0x5}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) 6.035311725s ago: executing program 5 (id=3548): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000c40)={0x24, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x180c}}, 0x0, 0x0}, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000100)={0x1, 0x6d, 0x2, &(0x7f0000000240)={0xa1, "1a9c66bf2f615e427b2644e953449f6c12f206b2855cd8c82b1b9951cf5a1dee93"}}) 5.752573385s ago: executing program 9 (id=3549): socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) fsopen(&(0x7f0000000080)='gfs2\x00', 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10) 4.951174938s ago: executing program 9 (id=3550): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000008a00)=""/4097, 0x1001) 4.108718464s ago: executing program 9 (id=3551): r0 = gettid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x15, 0x0) 3.994101337s ago: executing program 4 (id=3552): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000340)={0xb, 0x4, 0xa000200000a959, 0x5, 0x2ef, 0x7ff, 0x101, 0x1, 0x104ffe}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 3.552987421s ago: executing program 0 (id=3553): r0 = socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58) r3 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r3, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac482436286448", 0x20}], 0x2}}], 0x1, 0x0) 3.289732817s ago: executing program 9 (id=3554): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 3.273106445s ago: executing program 5 (id=3555): r0 = openat$sw_sync(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000001c0)={0xbf48ce7, "1803c80300000000000000ffff94d4ff000000000000d63175a60600", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x2, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r1, 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000440)={0x84000001, "340000dce3000080000007000000000009000000e8ffffff1100", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000240)={"0e337b42cc00d331ff0007000000000000001a00", r4}) 3.260294767s ago: executing program 4 (id=3556): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14}}, 0xb8}}, 0x0) socket$netlink(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.6756376s ago: executing program 9 (id=3557): syz_usb_connect(0x2, 0x24, 0x0, 0x0) 2.616527298s ago: executing program 5 (id=3558): poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 2.471800342s ago: executing program 4 (id=3559): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)={0x28f6c81d26a0207, 0x11, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f00000000c0)={&(0x7f0000000440)=[{0x1000, 0x2000, 0x0, 0x0}], 0x1}) 2.228071437s ago: executing program 0 (id=3560): socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) fsopen(&(0x7f0000000080)='gfs2\x00', 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10) 1.921056819s ago: executing program 5 (id=3561): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000008a00)=""/4097, 0x1001) 1.605654928s ago: executing program 9 (id=3562): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000540b4550182195f51584b3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000280)={0x3, 0x100, 0x0, 0xf5, 0x80000, 0x7ffd}) 1.600483925s ago: executing program 0 (id=3563): r0 = dup(0xffffffffffffffff) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40000) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000179000/0x2000)=nil) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0x2660, 0x800, 0x1, 0x136, 0x0, r0}) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000574000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000100)="66ba6100ecc4c3857b81a65b00000c44defac4c253f72a66470f3808cfc42391cf6000e16544812f00000000460fc7b47dd2000000430f01b5c04f000066b803008ed8", 0x43}], 0x1, 0x30, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x1, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x10) 1.304585949s ago: executing program 5 (id=3564): r0 = gettid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x15, 0x0) 558.973364ms ago: executing program 5 (id=3565): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb100109"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000c40)={0x24, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x180c}}, 0x0, 0x0}, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000100)={0x1, 0x6d, 0x2, &(0x7f0000000240)={0xa1, "1a9c66bf2f615e427b2644e953449f6c12f206b2855cd8c82b1b9951cf5a1dee93"}}) 0s ago: executing program 4 (id=3566): socket$nl_route(0x10, 0x3, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup/pids.max\x00', 0xc8442, 0x93) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) r1 = socket$kcm(0x2, 0x5, 0x84) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) r3 = creat(0x0, 0xecf86c37d53049cc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(0x0, 0x4, 0x0, 0x0, 0x0, 0xb201fffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = socket(0x10, 0x3, 0x0) write(r6, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14) ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc040565e, 0x0) recvmmsg(r6, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) vmsplice(r6, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000480)}], 0x2, 0x2) write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000140)={0x0, 0xd28b}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000480)={r9, 0xfffffffb}, 0x8) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8c1}, 0x0) write$sndseq(r8, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @time={0x7ffffffe, 0x4}, {}, {}, @result={0x1f00}}], 0x1c) syz_open_dev$tty1(0xc, 0x4, 0x4) io_cancel(0x0, 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x84, 0x7c, &(0x7f0000000000)=r2, 0x62) write$cgroup_int(r0, &(0x7f0000000300)=0x4000000000, 0x12) kernel console output (not intermixed with test programs): rt 6081 - 0 [ 2119.093064][T21366] bridge_slave_1: left allmulticast mode [ 2119.108899][T21366] bridge_slave_1: left promiscuous mode [ 2119.115747][T21366] bridge0: port 2(bridge_slave_1) entered disabled state [ 2119.165204][T21366] bridge_slave_0: left allmulticast mode [ 2119.173435][T21366] bridge_slave_0: left promiscuous mode [ 2119.185999][T21366] bridge0: port 1(bridge_slave_0) entered disabled state [ 2120.056962][T21366] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2120.090904][T21366] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2120.142108][T21366] bond0 (unregistering): Released all slaves [ 2120.564222][T21764] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2120.581934][T21764] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2120.591368][T21764] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2120.617103][T21764] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2120.645219][T21764] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2120.961169][T21366] hsr_slave_0: left promiscuous mode [ 2120.990717][T21366] hsr_slave_1: left promiscuous mode [ 2120.999265][T21366] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2121.007008][T21366] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2121.049589][T21366] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2121.057336][T21366] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2121.161809][T21366] veth1_macvtap: left promiscuous mode [ 2121.167825][T21366] veth0_macvtap: left promiscuous mode [ 2121.209039][T21366] veth1_vlan: left promiscuous mode [ 2121.214773][T21366] veth0_vlan: left promiscuous mode [ 2121.630331][ T9360] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 2121.920263][ T9360] usb 5-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2121.977319][ T9360] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2122.051684][ T9360] usb 5-1: Product: syz [ 2122.089107][ T9360] usb 5-1: Manufacturer: syz [ 2122.106806][ T9360] usb 5-1: SerialNumber: syz [ 2122.219384][ T9360] usb 5-1: config 0 descriptor?? [ 2122.321444][ T9360] hub 5-1:0.0: bad descriptor, ignoring hub [ 2122.348853][ T9360] hub 5-1:0.0: probe with driver hub failed with error -5 [ 2122.404663][ T9360] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 2122.463051][ T9360] usb 5-1: Detected SIO [ 2122.567177][ T9360] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2122.622637][T21786] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3235'. [ 2122.637622][ T9930] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2122.647063][ T9930] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2122.656751][ T9930] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2122.683755][ T9930] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2122.697314][ T9930] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2122.710042][ T9930] Bluetooth: hci1: command tx timeout [ 2122.722685][ T9360] usb 5-1: USB disconnect, device number 20 [ 2122.804457][ T9360] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2122.856754][ T9360] ftdi_sio 5-1:0.0: device disconnected [ 2123.270841][T21793] netlink: 76 bytes leftover after parsing attributes in process `syz.9.3246'. [ 2124.446290][T21366] team0 (unregistering): Port device team_slave_1 removed [ 2124.604440][T21366] team0 (unregistering): Port device team_slave_0 removed [ 2124.806373][T21789] Bluetooth: hci3: command tx timeout [ 2124.812562][ T9930] Bluetooth: hci1: command tx timeout [ 2124.953138][T21806] loop9: detected capacity change from 0 to 2048 [ 2125.002166][T21806] EXT4-fs: Ignoring removed mblk_io_submit option [ 2125.066373][T21806] EXT4-fs: Ignoring removed i_version option [ 2125.306753][T21806] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2125.551409][T21806] loop9: detected capacity change from 2048 to 0 [ 2125.577344][T21812] EXT4-fs error (device loop9): ext4_read_inode_bitmap:203: comm syz.9.3239: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3 [ 2125.757650][T21812] Buffer I/O error on dev loop9, logical block 0, lost sync page write [ 2125.849032][T21812] EXT4-fs (loop9): I/O error while writing superblock [ 2126.160202][T20245] EXT4-fs error (device loop9): ext4_get_inode_loc:4920: inode #2: block 4: comm syz-executor: unable to read itable block [ 2126.194332][T20245] Buffer I/O error on dev loop9, logical block 0, lost sync page write [ 2126.266653][T20245] EXT4-fs (loop9): I/O error while writing superblock [ 2126.309258][T20245] EXT4-fs error (device loop9) in ext4_reserve_inode_write:6246: IO failure [ 2126.345286][T20245] Buffer I/O error on dev loop9, logical block 0, lost sync page write [ 2126.371629][T20245] EXT4-fs (loop9): I/O error while writing superblock [ 2126.408939][T20245] EXT4-fs error (device loop9): ext4_dirty_inode:6450: inode #2: comm syz-executor: mark_inode_dirty error [ 2126.461563][T20245] Buffer I/O error on dev loop9, logical block 0, lost sync page write [ 2126.479970][T20245] EXT4-fs (loop9): I/O error while writing superblock [ 2126.732841][ T7990] EXT4-fs error (device loop9): __ext4_get_inode_loc_noinmem:4905: inode #2: block 4: comm kworker/u8:13: unable to read itable block [ 2126.804734][ T7990] Buffer I/O error on dev loop9, logical block 0, lost sync page write [ 2126.838983][ T7990] EXT4-fs (loop9): I/O error while writing superblock [ 2126.879374][T21789] Bluetooth: hci1: command tx timeout [ 2126.885498][T21789] Bluetooth: hci3: command tx timeout [ 2126.906035][T20245] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2127.044130][T20245] Buffer I/O error on dev loop9, logical block 0, lost sync page write [ 2127.080257][T20245] EXT4-fs (loop9): I/O error while writing superblock [ 2127.121022][T21809] Buffer I/O error on dev loop9, logical block 64, lost sync page write [ 2127.236891][T21366] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2127.529279][ T9360] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 2127.597801][T21366] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2127.723006][ T9360] usb 5-1: Using ep0 maxpacket: 32 [ 2127.778097][T21366] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2127.780632][ T9360] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 2127.907659][ T9360] usb 5-1: config 0 has no interface number 0 [ 2127.973069][ T9360] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 2128.015655][ T9360] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2128.036099][ T9360] usb 5-1: Product: syz [ 2128.049769][ T9360] usb 5-1: Manufacturer: syz [ 2128.054878][ T9360] usb 5-1: SerialNumber: syz [ 2128.086134][ T9360] usb 5-1: config 0 descriptor?? [ 2128.142374][ T9360] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 2128.163382][T21366] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2128.189085][ T9360] usb 5-1: selecting invalid altsetting 1 [ 2128.195202][ T9360] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 2128.286573][ T9360] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2128.307559][T21762] chnl_net:caif_netlink_parms(): no params data found [ 2128.380082][ T9360] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 2128.414280][ T9360] usb 5-1: media controller created [ 2128.681400][ T9360] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2128.952386][T21789] Bluetooth: hci3: command tx timeout [ 2128.952386][ T9930] Bluetooth: hci1: command tx timeout [ 2129.436704][T21827] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 2129.512053][ T9360] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 2129.568792][ T9360] zl10353_read_register: readreg error (reg=127, ret==-71) [ 2129.639001][ T9360] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 2129.817854][T21366] bridge_slave_1: left allmulticast mode [ 2129.858886][T21366] bridge_slave_1: left promiscuous mode [ 2129.865695][T21366] bridge0: port 2(bridge_slave_1) entered disabled state [ 2129.969350][T21366] bridge_slave_0: left allmulticast mode [ 2130.029391][T21366] bridge_slave_0: left promiscuous mode [ 2130.036675][T21366] bridge0: port 1(bridge_slave_0) entered disabled state [ 2130.270535][ T9360] usb 5-1: USB disconnect, device number 21 [ 2131.030908][T21789] Bluetooth: hci3: command tx timeout [ 2131.313808][T21366] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2131.372709][T21366] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2131.448753][T21366] bond0 (unregistering): Released all slaves [ 2131.502639][T21784] chnl_net:caif_netlink_parms(): no params data found [ 2132.061538][ T9930] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2132.097766][ T9930] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2132.110590][ T9930] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2132.137754][ T9930] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2132.158280][ T9930] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2132.299167][ T5094] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 2132.495113][ T5094] usb 5-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2132.533100][ T5094] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2132.551781][ T5094] usb 5-1: Product: syz [ 2132.583380][ T5094] usb 5-1: Manufacturer: syz [ 2132.614624][ T5094] usb 5-1: SerialNumber: syz [ 2132.686693][ T5094] usb 5-1: config 0 descriptor?? [ 2132.758355][ T5094] hub 5-1:0.0: bad descriptor, ignoring hub [ 2132.790659][T21762] bridge0: port 1(bridge_slave_0) entered blocking state [ 2132.800896][ T5094] hub 5-1:0.0: probe with driver hub failed with error -5 [ 2132.821926][T21762] bridge0: port 1(bridge_slave_0) entered disabled state [ 2132.838162][ T5094] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 2132.845069][T21762] bridge_slave_0: entered allmulticast mode [ 2132.908186][T21762] bridge_slave_0: entered promiscuous mode [ 2132.915576][ T5094] usb 5-1: Detected SIO [ 2132.943841][ T5094] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2133.104783][T21762] bridge0: port 2(bridge_slave_1) entered blocking state [ 2133.158217][T21762] bridge0: port 2(bridge_slave_1) entered disabled state [ 2133.188169][T21762] bridge_slave_1: entered allmulticast mode [ 2133.231347][T21762] bridge_slave_1: entered promiscuous mode [ 2133.506282][T21366] hsr_slave_0: left promiscuous mode [ 2133.510031][ T5094] usb 5-1: USB disconnect, device number 22 [ 2133.543784][ T5094] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2133.568218][T21366] hsr_slave_1: left promiscuous mode [ 2133.585010][ T5094] ftdi_sio 5-1:0.0: device disconnected [ 2133.595824][T21366] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2133.634559][T21366] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2133.656067][T21366] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2133.667714][T21366] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2133.736679][T21366] veth1_macvtap: left promiscuous mode [ 2133.754465][T21366] veth0_macvtap: left promiscuous mode [ 2133.779359][T21366] veth1_vlan: left promiscuous mode [ 2133.809095][T21366] veth0_vlan: left promiscuous mode [ 2134.228873][T21789] Bluetooth: hci2: command tx timeout [ 2134.567150][T21366] team0 (unregistering): Port device team_slave_1 removed [ 2134.601495][T21366] team0 (unregistering): Port device team_slave_0 removed [ 2135.135335][T21762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2135.328931][T21784] bridge0: port 1(bridge_slave_0) entered blocking state [ 2135.336679][T21784] bridge0: port 1(bridge_slave_0) entered disabled state [ 2135.367010][T21784] bridge_slave_0: entered allmulticast mode [ 2135.385852][T21784] bridge_slave_0: entered promiscuous mode [ 2135.427367][T21762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2135.577250][T21784] bridge0: port 2(bridge_slave_1) entered blocking state [ 2136.142228][T21784] bridge0: port 2(bridge_slave_1) entered disabled state [ 2136.159268][T21784] bridge_slave_1: entered allmulticast mode [ 2136.173800][T21886] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3257'. [ 2136.175450][T21784] bridge_slave_1: entered promiscuous mode [ 2136.356891][T21762] team0: Port device team_slave_0 added [ 2136.364080][T21789] Bluetooth: hci2: command tx timeout [ 2136.419196][T21762] team0: Port device team_slave_1 added [ 2136.842241][T21784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2136.932696][T21762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2136.979154][T21762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2137.020686][T21762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2137.101593][T21762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2137.120557][T21762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2137.155960][T21762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2137.204805][T21784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2137.480541][T21366] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2137.545927][T21784] team0: Port device team_slave_0 added [ 2137.701534][T21784] team0: Port device team_slave_1 added [ 2138.040527][ T5094] IPVS: starting estimator thread 0... [ 2138.138949][T21899] IPVS: using max 240 ests per chain, 12000 per kthread [ 2138.150499][T21366] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2138.392059][T21789] Bluetooth: hci2: command tx timeout [ 2138.450200][T21762] hsr_slave_0: entered promiscuous mode [ 2138.478280][T21762] hsr_slave_1: entered promiscuous mode [ 2138.498429][T21762] debugfs: 'hsr0' already exists in 'hsr' [ 2138.514904][T21762] Cannot create hsr debugfs directory [ 2138.833872][T21366] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2138.923443][T21784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2138.948901][T21784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2139.038912][T21784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2139.074204][T21784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2139.108856][T21784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2139.169451][T21784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2139.342076][T21366] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2139.841566][T21865] chnl_net:caif_netlink_parms(): no params data found [ 2140.340586][ T5094] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 2140.469131][T21789] Bluetooth: hci2: command tx timeout [ 2140.595975][ T5094] usb 5-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2140.632129][ T5094] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2140.651420][ T5094] usb 5-1: Product: syz [ 2140.659664][ T5094] usb 5-1: Manufacturer: syz [ 2140.670143][ T5094] usb 5-1: SerialNumber: syz [ 2140.684316][T21784] hsr_slave_0: entered promiscuous mode [ 2140.697163][ T5094] usb 5-1: config 0 descriptor?? [ 2140.727766][T21784] hsr_slave_1: entered promiscuous mode [ 2140.731357][ T5094] hub 5-1:0.0: bad descriptor, ignoring hub [ 2140.768683][ T5094] hub 5-1:0.0: probe with driver hub failed with error -5 [ 2140.771641][T21784] debugfs: 'hsr0' already exists in 'hsr' [ 2140.785666][ T5094] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 2140.813326][T21784] Cannot create hsr debugfs directory [ 2140.837331][ T5094] usb 5-1: Detected SIO [ 2140.887413][ T5094] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2141.004766][ T5094] usb 5-1: USB disconnect, device number 23 [ 2141.114466][ T5094] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2141.181000][ T5094] ftdi_sio 5-1:0.0: device disconnected [ 2142.594062][T21366] bridge_slave_1: left allmulticast mode [ 2142.600641][T21366] bridge_slave_1: left promiscuous mode [ 2142.607565][T21366] bridge0: port 2(bridge_slave_1) entered disabled state [ 2142.647090][T21366] bridge_slave_0: left allmulticast mode [ 2142.653679][T21366] bridge_slave_0: left promiscuous mode [ 2142.669515][T21366] bridge0: port 1(bridge_slave_0) entered disabled state [ 2143.311544][T21366] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2143.421376][T21366] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2143.455522][T21366] bond0 (unregistering): Released all slaves [ 2143.499771][T21865] bridge0: port 1(bridge_slave_0) entered blocking state [ 2143.519583][T21865] bridge0: port 1(bridge_slave_0) entered disabled state [ 2143.550804][T21865] bridge_slave_0: entered allmulticast mode [ 2143.567810][T21865] bridge_slave_0: entered promiscuous mode [ 2143.629114][T21865] bridge0: port 2(bridge_slave_1) entered blocking state [ 2143.637111][T21865] bridge0: port 2(bridge_slave_1) entered disabled state [ 2143.645572][T21865] bridge_slave_1: entered allmulticast mode [ 2143.667130][T21865] bridge_slave_1: entered promiscuous mode [ 2144.329830][T14875] IPVS: starting estimator thread 0... [ 2144.365849][T21865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2144.419663][T21939] IPVS: using max 240 ests per chain, 12000 per kthread [ 2144.753578][T21865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2145.310991][T21865] team0: Port device team_slave_0 added [ 2145.370271][T21865] team0: Port device team_slave_1 added [ 2145.553070][T21366] hsr_slave_0: left promiscuous mode [ 2145.565094][T21366] hsr_slave_1: left promiscuous mode [ 2145.619680][T21366] veth1_macvtap: left promiscuous mode [ 2145.625408][T21366] veth0_macvtap: left promiscuous mode [ 2145.643768][T21366] veth1_vlan: left promiscuous mode [ 2145.659046][T21366] veth0_vlan: left promiscuous mode [ 2147.026066][T21366] team0 (unregistering): Port device team_slave_1 removed [ 2147.106365][T21366] team0 (unregistering): Port device team_slave_0 removed [ 2147.877130][T21865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2147.889048][T21865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2148.029240][T21865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2148.079046][T21865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2148.086473][T21865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2148.179063][T21865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2148.523079][T21366] IPVS: stop unused estimator thread 0... [ 2148.739717][T21762] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2149.015148][T21865] hsr_slave_0: entered promiscuous mode [ 2149.027047][T21865] hsr_slave_1: entered promiscuous mode [ 2149.062076][T21865] debugfs: 'hsr0' already exists in 'hsr' [ 2149.068085][T21865] Cannot create hsr debugfs directory [ 2149.160680][T21762] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2149.195807][T21762] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2149.535786][T21762] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2149.761505][T21947] syzkaller0: entered promiscuous mode [ 2149.767897][T21947] syzkaller0: entered allmulticast mode [ 2150.893051][T21962] loop4: detected capacity change from 0 to 2048 [ 2150.942041][T21962] EXT4-fs: Ignoring removed mblk_io_submit option [ 2150.989189][T21962] EXT4-fs: Ignoring removed i_version option [ 2151.108214][T21962] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2151.282109][T21784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2151.288780][ T29] audit: type=1800 audit(1773393234.257:125): pid=21969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3269" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 2151.345979][T21784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2151.421217][ T29] audit: type=1804 audit(1773393234.297:126): pid=21962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3269" name="/newroot/17/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 2151.499618][ T29] audit: type=1800 audit(1773393234.337:127): pid=21962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3269" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 2151.554163][T21784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2151.599839][T21320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2151.627559][T21784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2151.672198][T21973] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3270'. [ 2152.771399][T21762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2152.944778][T21865] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2153.015711][T21865] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2153.099011][T21865] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2153.292810][T21865] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2153.364650][T21762] 8021q: adding VLAN 0 to HW filter on device team0 [ 2153.435301][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 2153.443580][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2153.546416][T21784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2153.717482][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 2153.725308][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2153.874123][T14875] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 2154.168102][T14875] usb 5-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2154.212708][T14875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2154.271331][T14875] usb 5-1: Product: syz [ 2154.300541][T14875] usb 5-1: Manufacturer: syz [ 2154.305503][T14875] usb 5-1: SerialNumber: syz [ 2154.335409][T21784] 8021q: adding VLAN 0 to HW filter on device team0 [ 2154.433789][T14875] usb 5-1: config 0 descriptor?? [ 2154.488588][ T73] bridge0: port 1(bridge_slave_0) entered blocking state [ 2154.496473][ T73] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2154.536589][T14875] hub 5-1:0.0: bad descriptor, ignoring hub [ 2154.559693][T14875] hub 5-1:0.0: probe with driver hub failed with error -5 [ 2154.611363][T14875] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 2154.660678][T14875] usb 5-1: Detected SIO [ 2154.698184][T14875] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2154.861029][ T73] bridge0: port 2(bridge_slave_1) entered blocking state [ 2154.868752][ T73] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2154.896220][T14875] usb 5-1: USB disconnect, device number 24 [ 2154.952919][T14875] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2155.008438][T14875] ftdi_sio 5-1:0.0: device disconnected [ 2156.160682][T21784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2156.523429][T21865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2156.792854][T21865] 8021q: adding VLAN 0 to HW filter on device team0 [ 2156.983982][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 2156.991459][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2157.125405][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 2157.133254][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2157.724596][T22030] syzkaller0: entered promiscuous mode [ 2157.730753][T22030] syzkaller0: entered allmulticast mode [ 2157.840651][T21762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2158.631067][T21784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2159.051361][T21762] veth0_vlan: entered promiscuous mode [ 2159.173654][T22047] loop4: detected capacity change from 0 to 2048 [ 2159.208395][T21762] veth1_vlan: entered promiscuous mode [ 2159.233814][T22047] EXT4-fs: Ignoring removed mblk_io_submit option [ 2159.296945][T22047] EXT4-fs: Ignoring removed i_version option [ 2159.461623][T22047] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2159.711937][ T29] audit: type=1800 audit(1773393242.687:128): pid=22047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3278" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 2159.799347][T21784] veth0_vlan: entered promiscuous mode [ 2159.869204][ T29] audit: type=1804 audit(1773393242.727:129): pid=22047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3278" name="/newroot/21/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 2159.971712][ T29] audit: type=1800 audit(1773393242.737:130): pid=22047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3278" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 2160.006460][T21762] veth0_macvtap: entered promiscuous mode [ 2160.045102][T21320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2160.066775][T21784] veth1_vlan: entered promiscuous mode [ 2160.171918][T21762] veth1_macvtap: entered promiscuous mode [ 2160.616051][T21865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2160.659867][T22059] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3279'. [ 2160.700653][T21762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2160.837910][T21762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2161.053804][ T7991] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2161.122720][ T7991] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2161.324742][ T7991] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2161.393078][ T7991] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2161.419973][T21784] veth0_macvtap: entered promiscuous mode [ 2161.671367][T21784] veth1_macvtap: entered promiscuous mode [ 2162.032489][T21865] veth0_vlan: entered promiscuous mode [ 2162.227485][T21784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2162.311537][T22076] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3281'. [ 2162.353652][T21865] veth1_vlan: entered promiscuous mode [ 2162.369295][T22076] libceph: resolve '0..' (ret=-3): failed [ 2162.421620][T22075] team0: entered allmulticast mode [ 2162.450897][T22075] team_slave_0: entered allmulticast mode [ 2162.457298][T22075] team_slave_1: entered allmulticast mode [ 2162.587392][T22075] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 2162.687563][T21784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2162.959193][ T73] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2163.043110][ T73] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2163.083102][ T73] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2163.152446][ T73] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2163.453555][T21865] veth0_macvtap: entered promiscuous mode [ 2163.546881][T21865] veth1_macvtap: entered promiscuous mode [ 2163.859162][T21865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2163.954199][T21865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2164.175856][ T73] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2164.227775][ T73] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2164.272987][ T73] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2164.317643][ T73] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2165.330212][T22109] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3283'. [ 2168.230538][ T8514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2168.292757][ T8514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2168.388959][T22141] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3284'. [ 2168.489124][T21366] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2168.497656][T21366] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2170.270490][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 2171.038879][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2171.095627][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2171.637517][T21063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2171.674561][T21063] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2172.894426][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2172.952374][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2173.336927][ T7991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2173.408947][ T7991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2173.560862][T22191] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3287'. [ 2175.181082][T22210] raw_sendmsg: syz.1.3247 forgot to set AF_INET. Fix it! [ 2175.856936][T22219] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3292'. [ 2177.155566][T22224] syzkaller0: entered promiscuous mode [ 2177.207698][T22224] syzkaller0: entered allmulticast mode [ 2178.132814][T22237] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3296'. [ 2180.162058][T22256] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3298'. [ 2180.699001][ T8514] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 2185.277082][T22272] loop2: detected capacity change from 0 to 2048 [ 2185.420728][T22272] EXT4-fs: Ignoring removed mblk_io_submit option [ 2185.521157][T22272] EXT4-fs: Ignoring removed i_version option [ 2185.780828][T22272] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2185.895915][ T29] audit: type=1800 audit(1773393268.867:131): pid=22272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3303" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 2186.079064][ T29] audit: type=1800 audit(1773393268.947:132): pid=22272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3303" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 2186.318382][T21784] EXT4-fs error (device loop2): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 2186.459255][T21784] EXT4-fs error (device loop2): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 2187.465453][T21784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2187.543690][ T7991] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2187.882867][ T7991] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2188.123243][ T7991] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2188.593507][ T7991] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2189.283975][ T7991] bridge_slave_1: left allmulticast mode [ 2189.304582][ T7991] bridge_slave_1: left promiscuous mode [ 2189.318015][ T7991] bridge0: port 2(bridge_slave_1) entered disabled state [ 2189.353989][ T7991] bridge_slave_0: left allmulticast mode [ 2189.374452][ T7991] bridge_slave_0: left promiscuous mode [ 2189.386497][ T7991] bridge0: port 1(bridge_slave_0) entered disabled state [ 2189.995157][ T7991] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2190.022220][ T7991] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2190.043954][ T7991] bond0 (unregistering): Released all slaves [ 2191.132956][T22305] syzkaller0: entered promiscuous mode [ 2191.139318][T22305] syzkaller0: entered allmulticast mode [ 2191.474239][T17102] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2191.493353][T17102] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2191.503178][T17102] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2191.525057][T17102] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2191.559269][T17102] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2192.053415][ T7991] hsr_slave_0: left promiscuous mode [ 2192.085933][ T9930] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2192.094869][ T7991] hsr_slave_1: left promiscuous mode [ 2192.107455][ T9930] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2192.121593][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2192.130200][ T7991] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2192.141077][ T9930] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2192.152393][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2192.164738][ T7991] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2192.173078][ T9930] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2192.184740][ T9930] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2192.217869][ T7991] veth1_macvtap: left promiscuous mode [ 2192.224980][ T7991] veth0_macvtap: left promiscuous mode [ 2192.250448][ T7991] veth1_vlan: left promiscuous mode [ 2192.256352][ T7991] veth0_vlan: left promiscuous mode [ 2192.799036][T17102] Bluetooth: hci0: command 0x0406 tx timeout [ 2193.592657][T21789] Bluetooth: hci3: command tx timeout [ 2193.669386][T22331] loop1: detected capacity change from 0 to 2048 [ 2193.701644][T22331] EXT4-fs: Ignoring removed mblk_io_submit option [ 2193.717652][T22331] EXT4-fs: Ignoring removed i_version option [ 2193.842531][T22331] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2193.977783][ T29] audit: type=1800 audit(1773393276.947:133): pid=22331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3314" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 2194.002207][ T29] audit: type=1800 audit(1773393276.947:134): pid=22331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3314" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 2194.101144][ T7991] team0 (unregistering): Port device team_slave_1 removed [ 2194.128137][T21865] EXT4-fs error (device loop1): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 2194.190031][T21865] EXT4-fs error (device loop1): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 2194.229206][ T7991] team0 (unregistering): Port device team_slave_0 removed [ 2194.308858][T21789] Bluetooth: hci5: command tx timeout [ 2195.063789][T21865] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2195.340063][T22344] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3317'. [ 2195.669380][T21789] Bluetooth: hci3: command tx timeout [ 2196.083376][ T7991] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2196.291826][ T7991] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2196.388868][T21789] Bluetooth: hci5: command tx timeout [ 2196.585662][ T7991] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2196.752061][ T7991] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2197.748949][T21789] Bluetooth: hci3: command tx timeout [ 2197.767265][ T7991] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2197.892003][T22312] chnl_net:caif_netlink_parms(): no params data found [ 2197.987194][ T7991] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2198.031298][T22318] chnl_net:caif_netlink_parms(): no params data found [ 2198.314214][ T7991] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2198.475812][T21789] Bluetooth: hci5: command tx timeout [ 2198.804454][ T7991] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2198.933324][T17102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2198.950292][T17102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2198.964275][T17102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2198.985179][T17102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2198.996306][T17102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2199.830517][T21789] Bluetooth: hci3: command tx timeout [ 2199.971430][ T7991] bridge_slave_1: left allmulticast mode [ 2199.977677][ T7991] bridge_slave_1: left promiscuous mode [ 2200.025547][ T7991] bridge0: port 2(bridge_slave_1) entered disabled state [ 2200.054871][T22384] loop3: detected capacity change from 0 to 2048 [ 2200.083161][T22384] EXT4-fs: Ignoring removed mblk_io_submit option [ 2200.132166][ T7991] bridge_slave_0: left allmulticast mode [ 2200.138226][ T7991] bridge_slave_0: left promiscuous mode [ 2200.158847][T22384] EXT4-fs: Ignoring removed i_version option [ 2200.193170][ T7991] bridge0: port 1(bridge_slave_0) entered disabled state [ 2200.241127][ T7991] bridge_slave_1: left allmulticast mode [ 2200.247001][ T7991] bridge_slave_1: left promiscuous mode [ 2200.297888][ T7991] bridge0: port 2(bridge_slave_1) entered disabled state [ 2200.330471][T22384] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2200.370479][ T7991] bridge_slave_0: left allmulticast mode [ 2200.415165][ T29] audit: type=1800 audit(1773393283.387:135): pid=22392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3323" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 2200.439613][ T7991] bridge_slave_0: left promiscuous mode [ 2200.446279][ T7991] bridge0: port 1(bridge_slave_0) entered disabled state [ 2200.511135][ T29] audit: type=1800 audit(1773393283.487:136): pid=22384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3323" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 2200.559281][T21789] Bluetooth: hci5: command tx timeout [ 2200.717590][T21762] EXT4-fs error (device loop3): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 2200.745560][T21762] EXT4-fs error (device loop3): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 2201.112152][T21789] Bluetooth: hci0: command tx timeout [ 2201.560596][ T7991] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2201.576330][ T7991] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2201.597013][ T7991] bond0 (unregistering): Released all slaves [ 2201.793087][ T7991] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2201.808776][ T7991] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2201.822277][ T7991] bond0 (unregistering): Released all slaves [ 2202.131826][T21762] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2202.193771][T22318] bridge0: port 1(bridge_slave_0) entered blocking state [ 2202.216185][T22318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2202.245422][T22318] bridge_slave_0: entered allmulticast mode [ 2202.270950][T22318] bridge_slave_0: entered promiscuous mode [ 2202.519128][T22318] bridge0: port 2(bridge_slave_1) entered blocking state [ 2202.546639][T22318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2202.569217][T22318] bridge_slave_1: entered allmulticast mode [ 2202.597530][T22318] bridge_slave_1: entered promiscuous mode [ 2202.726214][T22312] bridge0: port 1(bridge_slave_0) entered blocking state [ 2202.769357][T22312] bridge0: port 1(bridge_slave_0) entered disabled state [ 2202.777276][T22312] bridge_slave_0: entered allmulticast mode [ 2202.808211][T22312] bridge_slave_0: entered promiscuous mode [ 2202.918400][T22318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2203.040550][T22312] bridge0: port 2(bridge_slave_1) entered blocking state [ 2203.071440][T22312] bridge0: port 2(bridge_slave_1) entered disabled state [ 2203.095944][T22312] bridge_slave_1: entered allmulticast mode [ 2203.122971][T22312] bridge_slave_1: entered promiscuous mode [ 2203.148397][T22318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2203.189245][T21789] Bluetooth: hci0: command tx timeout [ 2203.515858][T22312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2203.557855][T22312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2203.617941][T22318] team0: Port device team_slave_0 added [ 2203.659297][T22318] team0: Port device team_slave_1 added [ 2204.148240][T22312] team0: Port device team_slave_0 added [ 2204.203756][T22312] team0: Port device team_slave_1 added [ 2204.230002][T22318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2204.237478][T22318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2204.309019][T22318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2204.343378][T22318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2204.364435][T22318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2204.402963][T22318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2204.403823][T17102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2204.425619][T17102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2204.434949][T17102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2204.447852][T17102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2204.466306][T17102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2204.496214][T19779] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 2204.528851][ T7991] hsr_slave_0: left promiscuous mode [ 2204.537445][ T7991] hsr_slave_1: left promiscuous mode [ 2204.547928][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2204.557013][ T7991] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2204.569665][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2204.577269][ T7991] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2204.609078][ T7991] hsr_slave_0: left promiscuous mode [ 2204.617542][ T7991] hsr_slave_1: left promiscuous mode [ 2204.632222][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2204.640677][ T7991] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2204.649041][T19779] usb 1-1: device descriptor read/64, error -71 [ 2204.657930][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2204.665856][ T7991] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2204.716593][ T7991] veth1_macvtap: left promiscuous mode [ 2204.727996][ T7991] veth0_macvtap: left promiscuous mode [ 2204.735559][ T7991] veth1_vlan: left promiscuous mode [ 2204.762905][ T7991] veth0_vlan: left promiscuous mode [ 2204.771152][ T7991] veth1_macvtap: left promiscuous mode [ 2204.777043][ T7991] veth0_macvtap: left promiscuous mode [ 2204.784788][ T7991] veth1_vlan: left promiscuous mode [ 2204.792568][ T7991] veth0_vlan: left promiscuous mode [ 2204.899950][T19779] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 2205.038686][T19779] usb 1-1: device descriptor read/64, error -71 [ 2205.169425][T19779] usb usb1-port1: attempt power cycle [ 2205.268677][T17102] Bluetooth: hci0: command tx timeout [ 2205.519159][T19779] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 2205.570138][T19779] usb 1-1: device descriptor read/8, error -71 [ 2205.770135][ T7991] team0 (unregistering): Port device team_slave_1 removed [ 2205.796041][ T7991] team0 (unregistering): Port device team_slave_0 removed [ 2205.808803][T19779] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 2205.850933][T19779] usb 1-1: device descriptor read/8, error -71 [ 2205.970881][T19779] usb usb1-port1: unable to enumerate USB device [ 2206.233725][ T7991] team_slave_1 (unregistering): left allmulticast mode [ 2206.244537][ T7991] team0 (unregistering): Port device team_slave_1 removed [ 2206.281821][ T7991] team_slave_0 (unregistering): left allmulticast mode [ 2206.291656][ T7991] team0 (unregistering): Port device team_slave_0 removed [ 2206.548770][T17102] Bluetooth: hci1: command tx timeout [ 2206.629440][T22312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2206.637550][T22312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2206.673830][T22312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2206.860277][T22312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2206.867564][T22312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2206.990845][T22312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2207.046499][T22318] hsr_slave_0: entered promiscuous mode [ 2207.066009][T22318] hsr_slave_1: entered promiscuous mode [ 2207.278336][T22374] chnl_net:caif_netlink_parms(): no params data found [ 2207.368723][T17102] Bluetooth: hci0: command tx timeout [ 2207.754936][ T7991] IPVS: stop unused estimator thread 0... [ 2207.891302][T22312] hsr_slave_0: entered promiscuous mode [ 2207.913938][T22312] hsr_slave_1: entered promiscuous mode [ 2207.925347][T22312] debugfs: 'hsr0' already exists in 'hsr' [ 2207.945079][T22312] Cannot create hsr debugfs directory [ 2208.420841][ T7991] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2208.629177][T17102] Bluetooth: hci1: command tx timeout [ 2208.694521][T22467] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3332'. [ 2208.776253][ T7991] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2209.101477][ T7991] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2209.194583][T22374] bridge0: port 1(bridge_slave_0) entered blocking state [ 2209.207820][T22374] bridge0: port 1(bridge_slave_0) entered disabled state [ 2209.216601][T22374] bridge_slave_0: entered allmulticast mode [ 2209.259473][T22374] bridge_slave_0: entered promiscuous mode [ 2209.436236][T22374] bridge0: port 2(bridge_slave_1) entered blocking state [ 2209.460643][T22374] bridge0: port 2(bridge_slave_1) entered disabled state [ 2209.488947][T22374] bridge_slave_1: entered allmulticast mode [ 2209.519610][T22374] bridge_slave_1: entered promiscuous mode [ 2209.700893][ T7991] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2210.215852][T22374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2210.291606][T22374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2210.333611][T22428] chnl_net:caif_netlink_parms(): no params data found [ 2210.714922][T17102] Bluetooth: hci1: command tx timeout [ 2210.774987][T22374] team0: Port device team_slave_0 added [ 2210.799471][T22374] team0: Port device team_slave_1 added [ 2211.420466][T22374] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2211.456413][T22374] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2211.526336][T22374] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2211.570960][T22374] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2211.608690][T22374] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2211.650994][T22374] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2211.741215][ T7991] bridge_slave_1: left allmulticast mode [ 2211.747163][ T7991] bridge_slave_1: left promiscuous mode [ 2211.779591][ T7991] bridge0: port 2(bridge_slave_1) entered disabled state [ 2211.834033][ T7991] bridge_slave_0: left allmulticast mode [ 2211.862969][ T7991] bridge_slave_0: left promiscuous mode [ 2211.883371][ T7991] bridge0: port 1(bridge_slave_0) entered disabled state [ 2212.656236][ T7991] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2212.708233][ T7991] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2212.756860][ T7991] bond0 (unregistering): Released all slaves [ 2212.789455][T17102] Bluetooth: hci1: command tx timeout [ 2213.096348][T22428] bridge0: port 1(bridge_slave_0) entered blocking state [ 2213.129577][T22428] bridge0: port 1(bridge_slave_0) entered disabled state [ 2213.137783][T22428] bridge_slave_0: entered allmulticast mode [ 2213.149523][T22428] bridge_slave_0: entered promiscuous mode [ 2213.274829][T22428] bridge0: port 2(bridge_slave_1) entered blocking state [ 2213.292658][T22428] bridge0: port 2(bridge_slave_1) entered disabled state [ 2213.320114][T22428] bridge_slave_1: entered allmulticast mode [ 2213.340219][T22428] bridge_slave_1: entered promiscuous mode [ 2213.426649][T22374] hsr_slave_0: entered promiscuous mode [ 2213.453482][T22374] hsr_slave_1: entered promiscuous mode [ 2213.471685][T22374] debugfs: 'hsr0' already exists in 'hsr' [ 2213.477751][T22374] Cannot create hsr debugfs directory [ 2213.604723][T22318] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 2213.800832][T22428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2213.812185][T22318] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 2213.838338][T22318] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 2213.902738][T22428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2213.948741][T22318] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 2214.015780][ T7991] hsr_slave_0: left promiscuous mode [ 2214.025248][ T7991] hsr_slave_1: left promiscuous mode [ 2214.036017][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2214.056021][ T7991] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2214.076075][ T7991] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2214.084961][ T7991] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2214.106331][ T7991] veth1_macvtap: left promiscuous mode [ 2214.117567][ T7991] veth0_macvtap: left promiscuous mode [ 2214.125197][ T7991] veth1_vlan: left promiscuous mode [ 2214.132007][ T7991] veth0_vlan: left promiscuous mode [ 2214.689868][ T7991] team0 (unregistering): Port device team_slave_1 removed [ 2214.753874][ T7991] team0 (unregistering): Port device team_slave_0 removed [ 2215.150480][T22428] team0: Port device team_slave_0 added [ 2215.225067][T22428] team0: Port device team_slave_1 added [ 2215.464306][T22428] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2215.472186][T22428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2215.510534][T22428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2215.576500][T22428] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2215.587049][T22428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2215.623288][T22428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2215.803137][T22428] hsr_slave_0: entered promiscuous mode [ 2215.813887][T22428] hsr_slave_1: entered promiscuous mode [ 2215.823938][T22428] debugfs: 'hsr0' already exists in 'hsr' [ 2215.831657][T22428] Cannot create hsr debugfs directory [ 2216.048802][T20230] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 2216.104818][T22312] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2216.184002][T22312] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2216.198885][T20230] usb 1-1: device descriptor read/64, error -71 [ 2216.247169][T22312] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2216.280477][T22312] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2216.448776][T20230] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 2216.609105][T20230] usb 1-1: device descriptor read/64, error -71 [ 2216.640013][T22318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2216.719588][T20230] usb usb1-port1: attempt power cycle [ 2216.846119][T22318] 8021q: adding VLAN 0 to HW filter on device team0 [ 2216.925911][T22374] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 2216.948274][T22374] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 2216.975462][T22374] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 2217.034867][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 2217.042846][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2217.063631][T22374] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 2217.090027][T20230] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 2217.142731][T20230] usb 1-1: device descriptor read/8, error -71 [ 2217.176253][T21366] bridge0: port 2(bridge_slave_1) entered blocking state [ 2217.183919][T21366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2217.398884][T20230] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 2217.449964][T20230] usb 1-1: device descriptor read/8, error -71 [ 2217.534471][T22312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2217.569945][T20230] usb usb1-port1: unable to enumerate USB device [ 2217.778110][T22312] 8021q: adding VLAN 0 to HW filter on device team0 [ 2217.804898][T22428] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 2217.836711][T22428] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 2217.894597][T22428] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 2217.947671][ T73] bridge0: port 1(bridge_slave_0) entered blocking state [ 2217.955327][ T73] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2217.974848][T22428] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 2218.084300][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 2218.091919][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2218.607463][T22318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2218.743800][T22374] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2219.092248][T22374] 8021q: adding VLAN 0 to HW filter on device team0 [ 2219.213118][T21366] bridge0: port 1(bridge_slave_0) entered blocking state [ 2219.220736][T21366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2219.339128][T21366] bridge0: port 2(bridge_slave_1) entered blocking state [ 2219.346864][T21366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2219.596661][T22428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2219.741415][T22312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2220.002068][T22428] 8021q: adding VLAN 0 to HW filter on device team0 [ 2220.196015][ T7990] bridge0: port 1(bridge_slave_0) entered blocking state [ 2220.204402][ T7990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2220.266049][T22545] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3339'. [ 2220.381658][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 2220.389304][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2221.390920][T22318] veth0_vlan: entered promiscuous mode [ 2221.621409][T22318] veth1_vlan: entered promiscuous mode [ 2222.098549][T22312] veth0_vlan: entered promiscuous mode [ 2222.367653][T22374] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2222.414992][T22312] veth1_vlan: entered promiscuous mode [ 2222.564257][T22318] veth0_macvtap: entered promiscuous mode [ 2222.639519][T22318] veth1_macvtap: entered promiscuous mode [ 2222.917699][T22318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2223.077077][T22318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2223.156744][T22312] veth0_macvtap: entered promiscuous mode [ 2223.315737][T22312] veth1_macvtap: entered promiscuous mode [ 2223.442078][T22428] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2223.464084][ T8514] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2223.480954][ T8514] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2223.593120][ T8514] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2223.630376][ T8514] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2223.769930][T22312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2223.952582][T22312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2224.077337][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2224.172065][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2224.209108][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2224.258677][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2225.046336][T22374] veth0_vlan: entered promiscuous mode [ 2225.393478][T22374] veth1_vlan: entered promiscuous mode [ 2226.062108][T22374] veth0_macvtap: entered promiscuous mode [ 2226.166501][T22374] veth1_macvtap: entered promiscuous mode [ 2226.399178][T22428] veth0_vlan: entered promiscuous mode [ 2226.476590][T22374] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2226.616960][T22374] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2226.731897][ T8514] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2226.769784][ T8514] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2226.796020][ T8514] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2226.823950][T22428] veth1_vlan: entered promiscuous mode [ 2226.860803][ T8514] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2227.344278][T22428] veth0_macvtap: entered promiscuous mode [ 2227.432974][T22428] veth1_macvtap: entered promiscuous mode [ 2227.756489][T22428] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2227.898270][T22428] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2228.060552][T21063] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2228.127397][T21063] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2228.166679][T21063] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2228.205652][T21063] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2229.498867][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2229.554832][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2229.814911][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2229.844576][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2230.616034][ T8514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2230.685543][ T8514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2230.942308][ T7990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2230.983436][ T7990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2231.701113][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 2233.650255][T22682] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3346'. [ 2234.267193][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2234.343129][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2234.667550][T21063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2234.725192][T21063] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2236.555276][T22702] syzkaller0: entered promiscuous mode [ 2236.561803][T22702] syzkaller0: entered allmulticast mode [ 2237.297110][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2237.351897][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2237.684430][T21366] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2237.722990][T21366] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2238.221873][T22714] overlayfs: workdir and upperdir must reside under the same mount [ 2240.094484][T22732] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 2241.286039][T22738] loop8: detected capacity change from 0 to 2048 [ 2241.409921][T22738] EXT4-fs: Ignoring removed mblk_io_submit option [ 2241.447230][T22738] EXT4-fs: Ignoring removed i_version option [ 2241.630994][T22738] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2241.925747][ T29] audit: type=1800 audit(1773393324.877:137): pid=22747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.3354" name="file1" dev="loop8" ino=15 res=0 errno=0 [ 2242.129009][T22738] loop8: detected capacity change from 2048 to 0 [ 2242.806465][T22374] EXT4-fs error (device loop8): ext4_get_inode_loc:4920: inode #2: block 4: comm syz-executor: unable to read itable block [ 2242.879405][T22374] Buffer I/O error on dev loop8, logical block 0, lost sync page write [ 2242.965004][T22374] EXT4-fs (loop8): I/O error while writing superblock [ 2243.000734][T22374] EXT4-fs error (device loop8) in ext4_reserve_inode_write:6246: IO failure [ 2243.059648][T22374] Buffer I/O error on dev loop8, logical block 0, lost sync page write [ 2243.088860][T22374] EXT4-fs (loop8): I/O error while writing superblock [ 2243.142770][T22374] EXT4-fs error (device loop8): ext4_dirty_inode:6450: inode #2: comm syz-executor: mark_inode_dirty error [ 2243.225304][T22374] Buffer I/O error on dev loop8, logical block 0, lost sync page write [ 2243.273595][T22374] EXT4-fs (loop8): I/O error while writing superblock [ 2243.786593][ T35] EXT4-fs error (device loop8): __ext4_get_inode_loc_noinmem:4905: inode #2: block 4: comm kworker/u8:2: unable to read itable block [ 2243.947404][ T35] Buffer I/O error on dev loop8, logical block 0, lost sync page write [ 2243.998316][ T35] EXT4-fs (loop8): I/O error while writing superblock [ 2244.028655][ T29] audit: type=1326 audit(1773393326.997:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2244.146683][ T29] audit: type=1326 audit(1773393327.057:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2244.246964][T22761] syzkaller0: entered promiscuous mode [ 2244.257023][T22374] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2244.307471][T22761] syzkaller0: entered allmulticast mode [ 2244.384853][T22374] Buffer I/O error on dev loop8, logical block 0, lost sync page write [ 2244.426340][ T29] audit: type=1326 audit(1773393327.167:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2244.562551][T22374] EXT4-fs (loop8): I/O error while writing superblock [ 2244.602611][ T29] audit: type=1326 audit(1773393327.167:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2244.782929][T22743] Buffer I/O error on dev loop8, logical block 64, lost sync page write [ 2244.870637][ T29] audit: type=1326 audit(1773393327.167:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2245.338770][ T29] audit: type=1326 audit(1773393327.167:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=228 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2245.561590][ T29] audit: type=1326 audit(1773393327.167:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2245.761284][ T29] audit: type=1326 audit(1773393327.167:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2245.864107][ T35] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2246.031650][ T29] audit: type=1326 audit(1773393327.167:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22762 comm="syz.7.3360" exe="/root/syz-executor" sig=0 arch=40000003 syscall=163 compat=1 ip=0xf7fa8f6c code=0x7ffc0000 [ 2246.292766][ T35] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2246.553483][ T35] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2246.857786][ T35] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2247.583006][ T35] bridge_slave_1: left allmulticast mode [ 2247.628965][ T35] bridge_slave_1: left promiscuous mode [ 2247.663314][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 2247.733714][ T35] bridge_slave_0: left allmulticast mode [ 2247.770819][ T35] bridge_slave_0: left promiscuous mode [ 2247.777338][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 2249.196212][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2249.270323][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2249.316290][ T35] bond0 (unregistering): Released all slaves [ 2250.130738][ T35] hsr_slave_0: left promiscuous mode [ 2250.235332][ T35] hsr_slave_1: left promiscuous mode [ 2250.257982][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2250.399067][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2250.476286][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2250.509008][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2250.655321][ T35] veth1_macvtap: left promiscuous mode [ 2250.689245][ T35] veth0_macvtap: left promiscuous mode [ 2250.711471][ T35] veth1_vlan: left promiscuous mode [ 2250.717282][ T35] veth0_vlan: left promiscuous mode [ 2251.197965][T21789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2251.208254][T21789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2251.229213][T21789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2251.244675][T21789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2251.261085][T21789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2251.862509][T22808] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3368'. [ 2253.349293][T21789] Bluetooth: hci0: command tx timeout [ 2253.560914][ T35] team0 (unregistering): Port device team_slave_1 removed [ 2253.638807][ T35] team0 (unregistering): Port device team_slave_0 removed [ 2253.935203][T22811] loop7: detected capacity change from 0 to 2048 [ 2254.008043][T22811] EXT4-fs: Ignoring removed mblk_io_submit option [ 2254.083982][T22811] EXT4-fs: Ignoring removed i_version option [ 2254.311640][T22811] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2254.524115][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 2254.524187][ T29] audit: type=1800 audit(1773393337.497:150): pid=22811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.3369" name="file1" dev="loop7" ino=15 res=0 errno=0 [ 2254.681440][T22811] loop7: detected capacity change from 2048 to 0 [ 2255.128090][T22318] EXT4-fs error (device loop7): ext4_get_inode_loc:4920: inode #2: block 4: comm syz-executor: unable to read itable block [ 2255.274308][T22318] Buffer I/O error on dev loop7, logical block 0, lost sync page write [ 2255.375739][T22318] EXT4-fs (loop7): I/O error while writing superblock [ 2255.438856][T21789] Bluetooth: hci0: command tx timeout [ 2255.478228][T22318] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6246: IO failure [ 2255.554865][T22318] Buffer I/O error on dev loop7, logical block 0, lost sync page write [ 2255.639732][T22318] EXT4-fs (loop7): I/O error while writing superblock [ 2255.647249][T22318] EXT4-fs error (device loop7): ext4_dirty_inode:6450: inode #2: comm syz-executor: mark_inode_dirty error [ 2255.733859][T22318] Buffer I/O error on dev loop7, logical block 0, lost sync page write [ 2255.874221][T22318] EXT4-fs (loop7): I/O error while writing superblock [ 2256.076454][ T7991] EXT4-fs error (device loop7): __ext4_get_inode_loc_noinmem:4905: inode #2: block 4: comm kworker/u8:14: unable to read itable block [ 2256.188916][ T7991] Buffer I/O error on dev loop7, logical block 0, lost sync page write [ 2256.197841][ T7991] EXT4-fs (loop7): I/O error while writing superblock [ 2256.298344][T22318] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2256.452203][T22318] Buffer I/O error on dev loop7, logical block 0, lost sync page write [ 2256.519013][T22318] EXT4-fs (loop7): I/O error while writing superblock [ 2256.564100][T22812] Buffer I/O error on dev loop7, logical block 64, lost sync page write [ 2257.059625][T22801] chnl_net:caif_netlink_parms(): no params data found [ 2257.382659][ T35] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2257.528862][T21789] Bluetooth: hci0: command tx timeout [ 2257.657285][ T35] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2258.023820][ T35] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2258.403882][ T35] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2259.183740][ T35] bridge_slave_1: left allmulticast mode [ 2259.238734][ T35] bridge_slave_1: left promiscuous mode [ 2259.245518][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 2259.419753][ T35] bridge_slave_0: left allmulticast mode [ 2259.425970][ T35] bridge_slave_0: left promiscuous mode [ 2259.563783][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 2259.589144][T21789] Bluetooth: hci0: command tx timeout [ 2260.655724][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2260.683673][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2260.722763][ T35] bond0 (unregistering): Released all slaves [ 2260.952711][T22840] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 2261.059825][T22801] bridge0: port 1(bridge_slave_0) entered blocking state [ 2261.103010][T22801] bridge0: port 1(bridge_slave_0) entered disabled state [ 2261.144411][T22801] bridge_slave_0: entered allmulticast mode [ 2261.235198][T22801] bridge_slave_0: entered promiscuous mode [ 2261.346706][T22801] bridge0: port 2(bridge_slave_1) entered blocking state [ 2261.452804][T22801] bridge0: port 2(bridge_slave_1) entered disabled state [ 2261.491137][T22801] bridge_slave_1: entered allmulticast mode [ 2261.596608][T22801] bridge_slave_1: entered promiscuous mode [ 2262.162685][T17102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2262.196386][T17102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2262.230261][T17102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2262.263752][T17102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2262.276446][T17102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2262.570488][T22801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2262.714052][T22801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2262.861769][T22859] overlayfs: workdir and upperdir must reside under the same mount [ 2262.950985][ T35] hsr_slave_0: left promiscuous mode [ 2263.013086][ T35] hsr_slave_1: left promiscuous mode [ 2263.044065][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2263.077389][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2263.154920][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2263.169486][ T29] audit: type=1326 audit(1773393346.107:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2263.241582][ T29] audit: type=1326 audit(1773393346.177:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2263.316971][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2263.338687][ T29] audit: type=1326 audit(1773393346.307:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=175 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2263.767487][ T29] audit: type=1326 audit(1773393346.317:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2263.772974][ T35] veth1_macvtap: left promiscuous mode [ 2263.871123][ T29] audit: type=1326 audit(1773393346.347:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2263.948950][ T35] veth0_macvtap: left promiscuous mode [ 2263.969542][ T35] veth1_vlan: left promiscuous mode [ 2263.984152][ T29] audit: type=1326 audit(1773393346.347:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2264.040578][ T35] veth0_vlan: left promiscuous mode [ 2264.093790][ T29] audit: type=1326 audit(1773393346.347:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2264.194590][ T29] audit: type=1326 audit(1773393346.347:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2264.240431][T22868] loop6: detected capacity change from 0 to 2048 [ 2264.254846][T22868] EXT4-fs: Ignoring removed mblk_io_submit option [ 2264.309138][T17102] Bluetooth: hci2: command tx timeout [ 2264.361832][T22868] EXT4-fs: Ignoring removed i_version option [ 2264.369476][ T29] audit: type=1326 audit(1773393346.357:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=335 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2264.458733][ T29] audit: type=1326 audit(1773393346.357:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22856 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000 [ 2264.544718][T22868] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2264.769624][T22868] loop6: detected capacity change from 2048 to 0 [ 2264.911223][T22872] EXT4-fs error (device loop6): ext4_wait_block_bitmap:584: comm ext4lazyinit: Cannot read block bitmap - block_group = 0, block_bitmap = 2 [ 2264.967830][T22872] Buffer I/O error on dev loop6, logical block 0, lost sync page write [ 2265.003206][T22872] EXT4-fs (loop6): I/O error while writing superblock [ 2265.070908][T22428] EXT4-fs error (device loop6): ext4_get_inode_loc:4920: inode #2: block 4: comm syz-executor: unable to read itable block [ 2265.249384][T22428] Buffer I/O error on dev loop6, logical block 0, lost sync page write [ 2265.277473][T22428] EXT4-fs (loop6): I/O error while writing superblock [ 2265.308386][T22428] EXT4-fs error (device loop6) in ext4_reserve_inode_write:6246: IO failure [ 2265.339495][T22428] Buffer I/O error on dev loop6, logical block 0, lost sync page write [ 2265.397824][T22428] EXT4-fs (loop6): I/O error while writing superblock [ 2265.515977][T22880] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3394018074 (6788036148 ns) > initial count (6222627426 ns). Using initial count to start timer. [ 2265.545404][T22428] EXT4-fs error (device loop6): ext4_dirty_inode:6450: inode #2: comm syz-executor: mark_inode_dirty error [ 2265.563982][T22428] Buffer I/O error on dev loop6, logical block 0, lost sync page write [ 2265.574730][T22428] EXT4-fs (loop6): I/O error while writing superblock [ 2265.842147][T21366] EXT4-fs error (device loop6): __ext4_get_inode_loc_noinmem:4905: inode #2: block 4: comm kworker/u8:6: unable to read itable block [ 2265.926219][T21366] Buffer I/O error on dev loop6, logical block 0, lost sync page write [ 2266.080056][T21366] EXT4-fs (loop6): I/O error while writing superblock [ 2266.137996][T22428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2266.246706][T22428] Buffer I/O error on dev loop6, logical block 0, lost sync page write [ 2266.278822][T22428] EXT4-fs (loop6): I/O error while writing superblock [ 2266.353572][T22870] Buffer I/O error on dev loop6, logical block 64, lost sync page write [ 2266.389206][T17102] Bluetooth: hci2: command tx timeout [ 2266.874942][ T35] team0 (unregistering): Port device team_slave_1 removed [ 2266.922352][ T35] team0 (unregistering): Port device team_slave_0 removed [ 2267.892515][T22801] team0: Port device team_slave_0 added [ 2268.044278][T22801] team0: Port device team_slave_1 added [ 2268.469264][T17102] Bluetooth: hci2: command tx timeout [ 2268.598827][T22801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2268.606475][T22801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2268.678828][T22801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2268.779236][T22801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2268.786497][T22801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2268.889093][T22801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2269.245631][ T35] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2269.567665][ T35] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2269.852919][ T35] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2270.055694][T22801] hsr_slave_0: entered promiscuous mode [ 2270.119793][T22801] hsr_slave_1: entered promiscuous mode [ 2270.232023][ T35] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2270.559116][T17102] Bluetooth: hci2: command tx timeout [ 2270.965890][T21789] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2270.982171][T21789] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2270.991633][T21789] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2271.003206][T21789] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2271.016366][T21789] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2271.933397][ T35] bridge_slave_1: left allmulticast mode [ 2271.946782][ T35] bridge_slave_1: left promiscuous mode [ 2271.976973][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 2272.001095][ T35] bridge_slave_0: left allmulticast mode [ 2272.006933][ T35] bridge_slave_0: left promiscuous mode [ 2272.039445][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 2272.187701][T22911] overlayfs: workdir and upperdir must reside under the same mount [ 2272.519152][T20108] usb 6-1: new full-speed USB device number 16 using dummy_hcd [ 2272.746568][T20108] usb 6-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2272.775427][T20108] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2272.786558][T20108] usb 6-1: Product: syz [ 2272.801766][T20108] usb 6-1: Manufacturer: syz [ 2272.811688][T20108] usb 6-1: SerialNumber: syz [ 2272.865171][T20108] usb 6-1: config 0 descriptor?? [ 2272.894806][T20108] hub 6-1:0.0: bad descriptor, ignoring hub [ 2272.939167][T20108] hub 6-1:0.0: probe with driver hub failed with error -5 [ 2272.972686][T20108] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 2273.037506][T20108] usb 6-1: Detected SIO [ 2273.065055][T20108] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2273.109088][T21789] Bluetooth: hci1: command tx timeout [ 2273.270490][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2273.357997][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2273.420527][ T35] bond0 (unregistering): Released all slaves [ 2273.604494][T19827] usb 6-1: USB disconnect, device number 16 [ 2273.673355][T19827] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2273.757589][T19827] ftdi_sio 6-1:0.0: device disconnected [ 2273.770262][T22852] chnl_net:caif_netlink_parms(): no params data found [ 2274.992143][ T35] hsr_slave_0: left promiscuous mode [ 2275.003356][ T35] hsr_slave_1: left promiscuous mode [ 2275.013431][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2275.033345][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2275.047918][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2275.058288][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2275.097434][ T35] veth1_macvtap: left promiscuous mode [ 2275.104831][ T35] veth0_macvtap: left promiscuous mode [ 2275.116570][ T35] veth1_vlan: left promiscuous mode [ 2275.125179][ T35] veth0_vlan: left promiscuous mode [ 2275.201415][T21789] Bluetooth: hci1: command tx timeout [ 2276.393622][ T35] team0 (unregistering): Port device team_slave_1 removed [ 2276.582321][ T35] team0 (unregistering): Port device team_slave_0 removed [ 2276.772231][T22939] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3395'. [ 2277.088796][T19827] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 2277.268798][T17102] Bluetooth: hci1: command tx timeout [ 2277.300569][T19827] usb 6-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x36, changing to 0x6 [ 2277.387622][T19827] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x6 has an invalid bInterval 130, changing to 11 [ 2277.464830][T19827] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x6 has invalid maxpacket 16589, setting to 1024 [ 2277.518639][T19827] usb 6-1: config 0 interface 0 has no altsetting 0 [ 2277.578762][T19827] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 2277.598189][T19827] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 2277.612099][T19827] usb 6-1: Product: syz [ 2277.616562][T19827] usb 6-1: Manufacturer: syz [ 2277.647184][T19827] usb 6-1: SerialNumber: syz [ 2277.690210][T19827] usb 6-1: config 0 descriptor?? [ 2277.743298][T19827] usb 6-1: selecting invalid altsetting 0 [ 2278.187739][T22801] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 2278.261421][T22852] bridge0: port 1(bridge_slave_0) entered blocking state [ 2278.289498][T22852] bridge0: port 1(bridge_slave_0) entered disabled state [ 2278.309452][T22852] bridge_slave_0: entered allmulticast mode [ 2278.333102][T22852] bridge_slave_0: entered promiscuous mode [ 2278.411143][T22801] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 2278.520323][T22801] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 2278.652445][T22852] bridge0: port 2(bridge_slave_1) entered blocking state [ 2278.679161][T22852] bridge0: port 2(bridge_slave_1) entered disabled state [ 2278.704258][T22852] bridge_slave_1: entered allmulticast mode [ 2278.749699][T22852] bridge_slave_1: entered promiscuous mode [ 2278.841857][T22801] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 2279.063993][T22900] chnl_net:caif_netlink_parms(): no params data found [ 2279.184943][T22852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2279.310803][T19827] usb 6-1: USB disconnect, device number 17 [ 2279.338224][T22852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2279.356580][T17102] Bluetooth: hci1: command tx timeout [ 2279.772967][T22952] overlayfs: workdir and upperdir must reside under the same mount [ 2280.120108][T22852] team0: Port device team_slave_0 added [ 2280.255029][T22852] team0: Port device team_slave_1 added [ 2280.526445][T22852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2280.554658][T22852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2280.676200][T22852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2280.763330][T22852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2280.809034][T22852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2280.888579][T22852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2281.169390][T14875] usb 1-1: new low-speed USB device number 27 using dummy_hcd [ 2281.331622][T22900] bridge0: port 1(bridge_slave_0) entered blocking state [ 2281.334847][T14875] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 2281.345476][T22900] bridge0: port 1(bridge_slave_0) entered disabled state [ 2281.361540][T22900] bridge_slave_0: entered allmulticast mode [ 2281.372305][T22900] bridge_slave_0: entered promiscuous mode [ 2281.378633][T14875] usb 1-1: config 0 has no interface number 0 [ 2281.385361][T14875] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2281.414735][T14875] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 2281.453602][T14875] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 2281.480642][T22852] hsr_slave_0: entered promiscuous mode [ 2281.489298][T14875] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 2281.512753][T22852] hsr_slave_1: entered promiscuous mode [ 2281.514254][T14875] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 2281.551235][T22852] debugfs: 'hsr0' already exists in 'hsr' [ 2281.557190][T22852] Cannot create hsr debugfs directory [ 2281.586552][T14875] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 2281.613537][T22900] bridge0: port 2(bridge_slave_1) entered blocking state [ 2281.619956][T14875] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 2281.624246][T22900] bridge0: port 2(bridge_slave_1) entered disabled state [ 2281.651435][T14875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2281.660492][T22900] bridge_slave_1: entered allmulticast mode [ 2281.691425][T14875] usb 1-1: config 0 descriptor?? [ 2281.702674][T22900] bridge_slave_1: entered promiscuous mode [ 2281.713631][T22967] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2281.724164][T22967] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 2281.765548][T14875] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 2281.946933][T22900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2281.996749][T22967] ldusb 1-1:0.55: Write buffer overflow, 162 bytes dropped [ 2282.379949][T22900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2282.658372][T22980] geneve2: entered promiscuous mode [ 2282.770735][T20109] usb 1-1: USB disconnect, device number 27 [ 2282.809816][T20109] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 2282.912555][T22979] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3394018074 (6788036148 ns) > initial count (6222627426 ns). Using initial count to start timer. [ 2283.102079][T22900] team0: Port device team_slave_0 added [ 2283.170912][T22900] team0: Port device team_slave_1 added [ 2283.341081][T22801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2283.564153][T22900] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2283.607636][T22900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2283.850187][T22900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2284.060963][T22900] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2284.123969][T22900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2284.270151][T22900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2284.358824][T20109] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 2284.562440][T20109] usb 1-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2284.604802][T20109] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2284.657365][T20109] usb 1-1: Product: syz [ 2284.665724][T20109] usb 1-1: Manufacturer: syz [ 2284.687223][T20109] usb 1-1: SerialNumber: syz [ 2284.758329][T20109] usb 1-1: config 0 descriptor?? [ 2284.826299][T20109] hub 1-1:0.0: bad descriptor, ignoring hub [ 2284.875659][T20109] hub 1-1:0.0: probe with driver hub failed with error -5 [ 2284.942129][T20109] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 2285.177186][T20109] usb 1-1: Detected SIO [ 2285.200822][T20109] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2285.320380][T20109] usb 1-1: USB disconnect, device number 28 [ 2285.323319][T22801] 8021q: adding VLAN 0 to HW filter on device team0 [ 2285.367806][T20109] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2285.454161][T20109] ftdi_sio 1-1:0.0: device disconnected [ 2286.107029][T22900] hsr_slave_0: entered promiscuous mode [ 2286.151433][T22900] hsr_slave_1: entered promiscuous mode [ 2286.184727][T22900] debugfs: 'hsr0' already exists in 'hsr' [ 2286.209250][T22900] Cannot create hsr debugfs directory [ 2286.246146][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 2286.254253][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2286.425085][ T7991] bridge0: port 2(bridge_slave_1) entered blocking state [ 2286.433737][ T7991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2287.595867][T22852] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2287.662055][T22852] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2287.835030][T22852] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2287.906309][T22852] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2288.836101][T23005] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3394018074 (6788036148 ns) > initial count (6222627426 ns). Using initial count to start timer. [ 2289.837690][T22900] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2290.115518][T22900] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2290.187876][T22900] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2290.272714][T22900] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2290.540127][T22852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2290.699515][T22801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2290.891784][T22852] 8021q: adding VLAN 0 to HW filter on device team0 [ 2291.061658][T21366] bridge0: port 1(bridge_slave_0) entered blocking state [ 2291.069121][T21366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2291.273270][ T73] bridge0: port 2(bridge_slave_1) entered blocking state [ 2291.280959][ T73] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2292.567443][T22900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2292.786013][T22900] 8021q: adding VLAN 0 to HW filter on device team0 [ 2292.911768][ T7991] bridge0: port 1(bridge_slave_0) entered blocking state [ 2292.919441][ T7991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2293.096413][ T73] bridge0: port 2(bridge_slave_1) entered blocking state [ 2293.104456][ T73] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2293.124496][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 2294.092369][T22801] veth0_vlan: entered promiscuous mode [ 2294.237345][T22801] veth1_vlan: entered promiscuous mode [ 2294.384330][T22852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2295.072766][T22801] veth0_macvtap: entered promiscuous mode [ 2295.192508][T22801] veth1_macvtap: entered promiscuous mode [ 2295.327861][T20108] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 2295.640759][T20108] usb 6-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2295.687380][T20108] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2295.724755][T20108] usb 6-1: Product: syz [ 2295.743380][T20108] usb 6-1: Manufacturer: syz [ 2295.748381][T20108] usb 6-1: SerialNumber: syz [ 2295.818551][T22852] veth0_vlan: entered promiscuous mode [ 2295.835703][T20108] usb 6-1: config 0 descriptor?? [ 2295.967342][T20108] hub 6-1:0.0: bad descriptor, ignoring hub [ 2296.015482][T20108] hub 6-1:0.0: probe with driver hub failed with error -5 [ 2296.062959][T20108] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 2296.085184][T22801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2296.116855][T20108] usb 6-1: Detected SIO [ 2296.166830][T20108] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2296.272486][T22852] veth1_vlan: entered promiscuous mode [ 2296.461858][T22801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2296.559739][T19556] usb 6-1: USB disconnect, device number 18 [ 2296.705147][T19556] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2296.781298][T19556] ftdi_sio 6-1:0.0: device disconnected [ 2296.866639][T22900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2296.975419][ T73] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2297.102558][ T73] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2297.145018][ T73] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2297.351421][ T73] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2297.714284][T22852] veth0_macvtap: entered promiscuous mode [ 2297.926521][T22852] veth1_macvtap: entered promiscuous mode [ 2298.287408][T22852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2298.440654][T22852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2298.619938][ T73] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2298.659288][ T73] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2298.668376][ T73] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2298.778954][ T73] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2300.459425][T22900] veth0_vlan: entered promiscuous mode [ 2300.593309][T22900] veth1_vlan: entered promiscuous mode [ 2301.036399][T22900] veth0_macvtap: entered promiscuous mode [ 2301.193918][T22900] veth1_macvtap: entered promiscuous mode [ 2301.560445][T22900] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2301.672963][T23132] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3415'. [ 2301.699583][T22900] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2301.856935][ T8514] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2301.944460][T21366] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2302.011414][T21366] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2302.064357][T21366] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2304.104604][T23155] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3394018074 (6788036148 ns) > initial count (6222627426 ns). Using initial count to start timer. [ 2305.646564][T21366] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2305.697155][T21366] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2306.002103][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2306.107256][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2306.481056][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2306.545520][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2306.881660][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2306.928690][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2308.495347][T23215] syzkaller0: entered promiscuous mode [ 2308.519210][T23215] syzkaller0: entered allmulticast mode [ 2308.803031][T23217] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3423'. [ 2310.010383][ T8514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2310.037119][ T8514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2310.048783][T19556] usb 3-1: new low-speed USB device number 22 using dummy_hcd [ 2310.300960][T19556] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 2310.329234][T19556] usb 3-1: config 0 has no interface number 0 [ 2310.392450][T19556] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2310.437890][ T8514] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2310.461319][T19556] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 2310.467199][ T8514] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2310.548995][T19556] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 2310.638711][T19556] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 2310.698641][T19556] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 2310.749812][T19556] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 2310.828785][T19556] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 2310.859606][T19556] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2310.908235][T19556] usb 3-1: config 0 descriptor?? [ 2310.964555][T23226] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 2310.999248][T23226] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 2311.157986][T19556] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 2311.482993][T23226] geneve2: entered promiscuous mode [ 2311.742608][T19556] usb 3-1: USB disconnect, device number 22 [ 2311.797747][T19556] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 2313.735538][T23274] netlink: 76 bytes leftover after parsing attributes in process `syz.9.3435'. [ 2314.634020][T23276] syzkaller0: entered promiscuous mode [ 2314.640209][T23276] syzkaller0: entered allmulticast mode [ 2315.670881][T21789] Bluetooth: hci3: command 0x0406 tx timeout [ 2316.562853][T23299] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3394018074 (6788036148 ns) > initial count (6222627426 ns). Using initial count to start timer. [ 2320.321030][T23327] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3446'. [ 2325.366934][T23358] netlink: 76 bytes leftover after parsing attributes in process `syz.9.3453'. [ 2326.129165][T15844] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 2326.289809][T23373] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3457'. [ 2326.402415][T15844] usb 3-1: Using ep0 maxpacket: 32 [ 2326.438851][T15844] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 2326.497528][T15844] usb 3-1: config 0 has no interface number 0 [ 2326.564501][T15844] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 2326.626269][T15844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2326.708666][T15844] usb 3-1: Product: syz [ 2326.724797][T15844] usb 3-1: Manufacturer: syz [ 2326.758625][T15844] usb 3-1: SerialNumber: syz [ 2326.805098][T15844] usb 3-1: config 0 descriptor?? [ 2326.934279][T15844] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 2326.968691][T15844] usb 3-1: selecting invalid altsetting 1 [ 2326.974750][T15844] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 2327.103125][T15844] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2327.210633][T15844] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 2327.289191][T15844] usb 3-1: media controller created [ 2327.602991][T15844] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2328.028303][T20109] IPVS: starting estimator thread 0... [ 2328.229837][T23366] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 2328.266200][T15844] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 2328.277695][T23392] IPVS: using max 288 ests per chain, 14400 per kthread [ 2328.365369][T15844] zl10353_read_register: readreg error (reg=127, ret==-32) [ 2328.439369][T15844] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 2329.374048][T15844] usb 3-1: USB disconnect, device number 23 [ 2329.728756][T19556] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 2329.945480][T19556] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2329.979021][T19556] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 2330.095690][T19556] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2330.168690][T19556] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2330.249875][T19556] usb 10-1: config 0 descriptor?? [ 2330.376731][T19556] usbhid 10-1:0.0: couldn't find an input interrupt endpoint [ 2332.370393][T15844] usb 10-1: USB disconnect, device number 5 [ 2333.029726][T23426] netlink: 76 bytes leftover after parsing attributes in process `syz.9.3467'. [ 2335.333575][T23445] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3471'. [ 2338.168960][T15844] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 2338.369306][T15844] usb 6-1: Using ep0 maxpacket: 16 [ 2338.466910][T15844] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2338.505734][T15844] usb 6-1: config 0 has no interfaces? [ 2338.545752][T15844] usb 6-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 2338.578683][T15844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2338.630719][T15844] usb 6-1: Product: syz [ 2338.671081][T15844] usb 6-1: Manufacturer: syz [ 2338.676374][T15844] usb 6-1: SerialNumber: syz [ 2338.724810][T15844] usb 6-1: config 0 descriptor?? [ 2340.997436][T19556] usb 6-1: USB disconnect, device number 19 [ 2341.209028][T15844] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 2341.482893][T15844] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2341.513038][T23483] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3479'. [ 2341.525211][T15844] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 2341.631570][T15844] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2341.665381][T15844] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2341.786589][T15844] usb 3-1: config 0 descriptor?? [ 2341.861400][T15844] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 2343.946885][T23504] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3482'. [ 2344.324674][T15844] usb 3-1: USB disconnect, device number 24 [ 2344.888850][T19556] usb 5-1: new full-speed USB device number 25 using dummy_hcd [ 2345.307322][T19556] usb 5-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2345.345372][T19556] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2345.432829][T19556] usb 5-1: Product: syz [ 2345.437184][T19556] usb 5-1: Manufacturer: syz [ 2345.489269][T19556] usb 5-1: SerialNumber: syz [ 2345.534153][T19556] usb 5-1: config 0 descriptor?? [ 2345.651365][T19556] hub 5-1:0.0: bad descriptor, ignoring hub [ 2345.657860][T19556] hub 5-1:0.0: probe with driver hub failed with error -5 [ 2345.779311][T19556] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 2345.875668][T19556] usb 5-1: Detected SIO [ 2346.139062][T19556] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2346.328997][T15844] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 2346.338021][T19556] usb 5-1: USB disconnect, device number 25 [ 2346.484116][T19556] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2346.568720][T15844] usb 10-1: Using ep0 maxpacket: 16 [ 2346.581312][T19556] ftdi_sio 5-1:0.0: device disconnected [ 2346.625707][T15844] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2346.700749][T15844] usb 10-1: config 0 has no interfaces? [ 2346.745184][T15844] usb 10-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 2346.767643][T15844] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2346.836835][T15844] usb 10-1: Product: syz [ 2346.867533][T15844] usb 10-1: Manufacturer: syz [ 2346.942309][T15844] usb 10-1: SerialNumber: syz [ 2347.013922][T15844] usb 10-1: config 0 descriptor?? [ 2347.629846][T23533] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3490'. [ 2348.759140][T15844] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 2348.856720][T23545] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3491'. [ 2348.980126][T15844] usb 5-1: Using ep0 maxpacket: 32 [ 2349.037684][T15844] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 2349.084214][T15844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2349.147107][T15844] usb 5-1: config 0 descriptor?? [ 2349.525395][T15844] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 2349.578288][T15844] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 2349.639039][T19556] usb 10-1: USB disconnect, device number 6 [ 2349.669280][T20109] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 2349.699696][T15844] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 2349.779841][T15844] usb 5-1: media controller created [ 2349.892897][T20109] usb 3-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x36, changing to 0x6 [ 2349.969103][T20109] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x6 has an invalid bInterval 130, changing to 11 [ 2350.066703][T20109] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x6 has invalid maxpacket 16589, setting to 1024 [ 2350.119322][T15844] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2350.152870][T20109] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2350.251289][T20109] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 2350.331978][T20109] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 2350.415191][T20109] usb 3-1: Product: syz [ 2350.429912][T20109] usb 3-1: Manufacturer: syz [ 2350.435089][T20109] usb 3-1: SerialNumber: syz [ 2350.558582][T15844] az6027: usb out operation failed. (-71) [ 2350.579409][T15844] az6027: usb out operation failed. (-71) [ 2350.586187][T15844] stb0899_attach: Driver disabled by Kconfig [ 2350.606205][T20109] usb 3-1: config 0 descriptor?? [ 2350.736684][T15844] az6027: no front-end attached [ 2350.736684][T15844] [ 2350.757751][T20109] usb 3-1: selecting invalid altsetting 0 [ 2350.823011][T15844] az6027: usb out operation failed. (-71) [ 2350.836638][T15844] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 2350.928998][T15844] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input20 [ 2351.092442][T15844] dvb-usb: schedule remote query interval to 400 msecs. [ 2351.168733][T15844] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 2351.300639][T15844] usb 5-1: USB disconnect, device number 26 [ 2351.723456][ T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 2351.822263][T20109] usb 3-1: USB disconnect, device number 25 [ 2352.009564][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2352.125358][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 2352.245062][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2352.290352][T15844] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 2352.296393][T22643] udevd[22643]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 2352.409517][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2352.494466][ T9] usb 1-1: config 0 descriptor?? [ 2352.617323][ T9] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 2352.667184][T23570] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3497'. [ 2354.452734][ T9] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 2354.581127][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 2354.696214][ T9] usb 3-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2354.756360][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2354.791496][ T9] usb 3-1: Product: syz [ 2354.824488][ T9] usb 3-1: Manufacturer: syz [ 2354.851557][ T9] usb 3-1: SerialNumber: syz [ 2354.900980][ T9] usb 3-1: config 0 descriptor?? [ 2354.975469][ T9] hub 3-1:0.0: bad descriptor, ignoring hub [ 2355.013733][ T9] hub 3-1:0.0: probe with driver hub failed with error -5 [ 2355.050813][ T9] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2355.112341][ T9] usb 3-1: Detected SIO [ 2355.137132][T15844] usb 1-1: USB disconnect, device number 29 [ 2355.204347][ T9] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2355.473459][ T9] usb 3-1: USB disconnect, device number 26 [ 2355.560833][ T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2355.638131][ T9] ftdi_sio 3-1:0.0: device disconnected [ 2356.389676][ T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 2356.631119][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 2356.642371][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2356.681109][ T9] usb 5-1: config 0 has no interfaces? [ 2356.714449][ T9] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 2356.748974][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2356.806252][ T9] usb 5-1: Product: syz [ 2356.833213][ T9] usb 5-1: Manufacturer: syz [ 2356.838037][ T9] usb 5-1: SerialNumber: syz [ 2356.936616][ T9] usb 5-1: config 0 descriptor?? [ 2359.109538][ T9] usb 5-1: USB disconnect, device number 27 [ 2360.969180][T23639] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3510'. [ 2361.528642][ T9] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 2361.783962][ T9] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 2361.862105][ T9] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2361.914417][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2362.062782][ T9] usb 10-1: config 0 descriptor?? [ 2362.132528][ T9] usbhid 10-1:0.0: couldn't find an input interrupt endpoint [ 2362.235360][T19556] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 2362.530681][T19556] usb 3-1: New USB device found, idVendor=0856, idProduct=ac33, bcdDevice= 0.f8 [ 2362.565239][T19556] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2362.621880][T19556] usb 3-1: Product: syz [ 2362.637761][T19556] usb 3-1: Manufacturer: syz [ 2362.671003][T19556] usb 3-1: SerialNumber: syz [ 2362.690818][T19556] usb 3-1: config 0 descriptor?? [ 2362.736983][T19556] hub 3-1:0.0: bad descriptor, ignoring hub [ 2362.788354][T19556] hub 3-1:0.0: probe with driver hub failed with error -5 [ 2362.830725][T19556] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2362.881559][T19556] usb 3-1: Detected SIO [ 2362.911053][T19556] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2363.013286][T19556] usb 3-1: USB disconnect, device number 27 [ 2363.055962][T19556] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2363.079230][T19556] ftdi_sio 3-1:0.0: device disconnected [ 2364.048875][T19556] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 2364.259972][T19556] usb 1-1: Using ep0 maxpacket: 16 [ 2364.323664][T19556] usb 1-1: config 157 has an invalid descriptor of length 0, skipping remainder of the config [ 2364.568317][ T9] usb 10-1: USB disconnect, device number 7 [ 2364.691219][T19556] usb 1-1: config 157 has 0 interfaces, different from the descriptor's value: 1 [ 2364.761466][T19556] usb 1-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 2364.843039][T19556] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2364.934615][T19556] usb 1-1: Product: syz [ 2364.943790][T19556] usb 1-1: Manufacturer: syz [ 2365.016844][T19556] usb 1-1: SerialNumber: syz [ 2365.185952][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.247613][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.310317][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.355952][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.421886][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.479454][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.511870][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.536592][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.571195][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.593003][T15844] usb 1-1: USB disconnect, device number 30 [ 2365.642766][ T9] hid-generic 0006:0004:0009.0011: unknown main item tag 0x0 [ 2365.719922][ T9] hid-generic 0006:0004:0009.0011: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 2366.912559][T23684] fido_id[23684]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 2367.180331][T23695] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3525'. [ 2370.418699][T19779] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 2370.654337][T19779] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 2370.731920][T19779] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2370.797453][T19779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2370.855580][T19779] usb 1-1: config 0 descriptor?? [ 2371.044104][T19779] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 2372.412001][T23728] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 2372.612643][T23728] usb 10-1: Using ep0 maxpacket: 16 [ 2372.648906][T23728] usb 10-1: config 157 has an invalid descriptor of length 0, skipping remainder of the config [ 2372.682761][T23728] usb 10-1: config 157 has 0 interfaces, different from the descriptor's value: 1 [ 2372.751846][T23728] usb 10-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 2372.785173][T23728] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2372.816240][T23728] usb 10-1: Product: syz [ 2372.858871][T23728] usb 10-1: Manufacturer: syz [ 2372.879029][T23728] usb 10-1: SerialNumber: syz [ 2373.402000][T23728] usb 10-1: USB disconnect, device number 8 [ 2373.446890][T23723] usb 1-1: USB disconnect, device number 31 [ 2375.027170][T23758] kAFS: No cell specified [ 2377.108825][T21789] Bluetooth: hci0: command 0x0406 tx timeout [ 2378.818829][T23723] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 2379.053089][T23723] usb 10-1: Using ep0 maxpacket: 32 [ 2379.077285][T23723] usb 10-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 2379.126401][T23723] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2379.180196][ T9] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 2379.196540][T23723] usb 10-1: config 0 descriptor?? [ 2379.499949][T20107] IPVS: starting estimator thread 0... [ 2379.619034][T23797] IPVS: using max 336 ests per chain, 16800 per kthread [ 2379.628211][T23723] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 2379.674725][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 2379.703113][T23723] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 2379.762261][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2379.773041][T23723] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 2379.829040][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2379.881634][T23723] usb 10-1: media controller created [ 2379.941324][ T9] usb 5-1: config 0 descriptor?? [ 2379.977274][ T9] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 2380.137329][T23723] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2380.471593][T23723] az6027: usb out operation failed. (-71) [ 2380.539392][T23723] az6027: usb out operation failed. (-71) [ 2380.545296][T23723] stb0899_attach: Driver disabled by Kconfig [ 2380.628895][T23723] az6027: no front-end attached [ 2380.628895][T23723] [ 2380.665916][T23723] az6027: usb out operation failed. (-71) [ 2380.704688][T23723] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 2380.745612][T23723] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.9/usb10/10-1/input/input21 [ 2380.870423][T23723] dvb-usb: schedule remote query interval to 400 msecs. [ 2380.913399][T23723] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 2380.989185][T23723] usb 10-1: USB disconnect, device number 9 [ 2381.079590][ T9] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 2381.308876][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 2381.360314][ T9] usb 6-1: config 157 has an invalid descriptor of length 0, skipping remainder of the config [ 2381.422170][ T9] usb 6-1: config 157 has 0 interfaces, different from the descriptor's value: 1 [ 2381.534925][ T9] usb 6-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 2381.584741][T23723] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 2381.586741][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2381.693132][ T9] usb 6-1: Product: syz [ 2381.715180][ T9] usb 6-1: Manufacturer: syz [ 2381.746629][ T9] usb 6-1: SerialNumber: syz [ 2381.969537][T23810] kAFS: No cell specified [ 2382.296567][T23723] usb 5-1: USB disconnect, device number 28 [ 2382.323246][ T9] usb 6-1: USB disconnect, device number 20 [ 2384.662497][T23723] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 2384.753710][T23844] kAFS: No cell specified [ 2384.859229][T23723] usb 5-1: Using ep0 maxpacket: 32 [ 2384.911923][T23723] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 2384.958622][T23723] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2385.010059][T23723] usb 5-1: config 0 descriptor?? [ 2385.316586][T23723] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 2385.371952][T23723] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 2385.468632][ T9] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 2385.524299][T23723] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 2385.585103][T23723] usb 5-1: media controller created [ 2385.716366][ T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2385.751554][ T9] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2385.803589][ T9] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2385.859409][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2385.922596][ T9] usb 10-1: config 0 descriptor?? [ 2385.992469][ T9] usbhid 10-1:0.0: couldn't find an input interrupt endpoint [ 2386.035585][T23723] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2386.500755][T23723] az6027: usb out operation failed. (-71) [ 2386.599050][T23723] az6027: usb out operation failed. (-71) [ 2386.648793][T23728] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 2386.709073][T23723] stb0899_attach: Driver disabled by Kconfig [ 2386.715470][T23723] az6027: no front-end attached [ 2386.715470][T23723] [ 2386.941766][T23723] az6027: usb out operation failed. (-71) [ 2386.947867][T23723] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 2386.958856][T23728] usb 6-1: Using ep0 maxpacket: 16 [ 2387.003801][T23728] usb 6-1: config 157 has 0 interfaces, different from the descriptor's value: 1 [ 2387.039707][T23723] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input22 [ 2387.093782][T23728] usb 6-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 2387.133115][T23723] dvb-usb: schedule remote query interval to 400 msecs. [ 2387.145318][T23728] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2387.178641][T23723] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 2387.190615][T23728] usb 6-1: Product: syz [ 2387.215147][T23728] usb 6-1: Manufacturer: syz [ 2387.244369][T23723] usb 5-1: USB disconnect, device number 29 [ 2387.252993][T23728] usb 6-1: SerialNumber: syz [ 2387.349197][T21789] Bluetooth: hci2: command 0x0406 tx timeout [ 2387.757521][T23857] ===================================================== [ 2387.766370][T23857] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 [ 2387.773960][T23857] _copy_to_user+0xcc/0x120 [ 2387.778985][T23857] i2cdev_ioctl_smbus+0x586/0x660 [ 2387.789029][T23857] compat_i2cdev_ioctl+0x48f/0xb40 [ 2387.794554][T23857] __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 2387.802044][T23857] ia32_sys_call+0x2854/0x4360 [ 2387.807458][T23857] __do_fast_syscall_32+0x17f/0x3f0 [ 2387.813676][T23857] do_fast_syscall_32+0x37/0x80 [ 2387.818907][T23857] do_SYSENTER_32+0x1f/0x30 [ 2387.823854][T23857] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2387.832466][T23857] [ 2387.835347][T23857] Uninit was stored to memory at: [ 2387.841582][T23857] __i2c_smbus_xfer+0x25b3/0x3120 [ 2387.847015][T23857] i2c_smbus_xfer+0x2d8/0x480 [ 2387.852235][T23857] i2cdev_ioctl_smbus+0x4a1/0x660 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2387.857532][T23857] compat_i2cdev_ioctl+0x48f/0xb40 [ 2387.863057][T23857] __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 2387.869175][T23857] ia32_sys_call+0x2854/0x4360 [ 2387.874232][T23857] __do_fast_syscall_32+0x17f/0x3f0 [ 2387.879969][T23857] do_fast_syscall_32+0x37/0x80 [ 2387.890299][T23857] do_SYSENTER_32+0x1f/0x30 [ 2387.895095][T23857] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2387.903391][T23857] [ 2387.906037][T23857] Local variable msgbuf1.i created at: [ 2387.911780][T23857] __i2c_smbus_xfer+0x853/0x3120 [ 2387.916997][T23857] i2c_smbus_xfer+0x2d8/0x480 [ 2387.922288][T23857] [ 2387.924700][T23857] Byte 0 of 1 is uninitialized [ 2387.929814][T23857] Memory access of size 1 starts at ffff88812b10fc76 [ 2387.936778][T23857] Data copied to user address 0000000080000240 [ 2387.943516][T23857] [ 2387.945983][T23857] CPU: 0 UID: 0 PID: 23857 Comm: syz.5.3565 Tainted: G L syzkaller #0 PREEMPT(full) [ 2387.957365][T23857] Tainted: [L]=SOFTLOCKUP [ 2387.962053][T23857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 2387.972650][T23857] ===================================================== [ 2387.979805][T23857] Disabling lock debugging due to kernel taint [ 2388.132781][T23857] Kernel panic - not syncing: kmsan.panic set ... [ 2388.139709][T23857] CPU: 1 UID: 0 PID: 23857 Comm: syz.5.3565 Tainted: G B L syzkaller #0 PREEMPT(full) [ 2388.151404][T23857] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP [ 2388.157175][T23857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 2388.167667][T23857] Call Trace: [ 2388.171194][T23857] [ 2388.174342][T23857] __dump_stack+0x26/0x30 [ 2388.178983][T23857] dump_stack_lvl+0x50/0x1c0 [ 2388.183817][T23857] ? dump_stack+0x12/0x25 [ 2388.188280][T23857] dump_stack+0x1e/0x25 [ 2388.192601][T23857] vpanic+0x7b4/0x1430 [ 2388.197083][T23857] panic+0x15d/0x160 [ 2388.201309][T23857] kmsan_report+0x31a/0x320 [ 2388.206030][T23857] ? kmsan_internal_check_memory+0x1e8/0x240 [ 2388.212291][T23857] ? kmsan_copy_to_user+0xef/0x190 [ 2388.218133][T23857] ? _copy_to_user+0xcc/0x120 [ 2388.222958][T23857] ? i2cdev_ioctl_smbus+0x586/0x660 [ 2388.228341][T23857] ? compat_i2cdev_ioctl+0x48f/0xb40 [ 2388.233811][T23857] ? __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 2388.239981][T23857] ? ia32_sys_call+0x2854/0x4360 [ 2388.245574][T23857] ? __do_fast_syscall_32+0x17f/0x3f0 [ 2388.251113][T23857] ? do_fast_syscall_32+0x37/0x80 [ 2388.256468][T23857] ? do_SYSENTER_32+0x1f/0x30 [ 2388.261390][T23857] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2388.268072][T23857] ? __pfx_az6027_i2c_xfer+0x10/0x10 [ 2388.273758][T23857] ? __pfx_az6027_i2c_xfer+0x10/0x10 [ 2388.279209][T23857] ? __i2c_transfer+0x1179/0x3280 [ 2388.284393][T23857] ? kmsan_get_metadata+0xf1/0x160 [ 2388.289710][T23857] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 2388.296262][T23857] ? kmsan_get_metadata+0xf1/0x160 [ 2388.301588][T23857] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 2388.307818][T23857] ? __i2c_smbus_xfer+0x1f6c/0x3120 [ 2388.313447][T23857] ? kmsan_get_metadata+0xf1/0x160 [ 2388.318851][T23857] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 2388.325052][T23857] kmsan_internal_check_memory+0x1e8/0x240 [ 2388.331104][T23857] kmsan_copy_to_user+0xef/0x190 [ 2388.336253][T23857] _copy_to_user+0xcc/0x120 [ 2388.340942][T23857] i2cdev_ioctl_smbus+0x586/0x660 [ 2388.346255][T23857] compat_i2cdev_ioctl+0x48f/0xb40 [ 2388.351648][T23857] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 2388.357617][T23857] __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 2388.363442][T23857] ? fpregs_restore_userregs+0x213/0x3e0 [ 2388.369664][T23857] ? kmsan_get_metadata+0xf1/0x160 [ 2388.375272][T23857] ? kmsan_get_metadata+0xf1/0x160 [ 2388.380962][T23857] ia32_sys_call+0x2854/0x4360 [ 2388.386124][T23857] __do_fast_syscall_32+0x17f/0x3f0 [ 2388.391521][T23857] do_fast_syscall_32+0x37/0x80 [ 2388.396727][T23857] do_SYSENTER_32+0x1f/0x30 [ 2388.401421][T23857] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2388.408139][T23857] RIP: 0023:0xf7f72f6c [ 2388.412432][T23857] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 2388.432818][T23857] RSP: 002b:00000000f543650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 2388.441518][T23857] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000720 [ 2388.449952][T23857] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 2388.458180][T23857] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2388.466378][T23857] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2388.474480][T23857] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2388.482736][T23857] [ 2388.486207][T23857] Kernel Offset: disabled [ 2388.490848][T23857] Rebooting in 86400 seconds..