last executing test programs: 9m49.240190065s ago: executing program 1 (id=531): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x5, &(0x7f0000000180)=0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0xffffffff, "421ae3753785251500e9e29b00"}) io_submit(r0, 0x0, 0x0) 9m46.635756767s ago: executing program 1 (id=536): r0 = socket$kcm(0x11, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x80, 0xa7) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) socket(0x10, 0x3, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000000}) creat(&(0x7f0000000e00)='./file0\x00', 0xc) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0x38}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000000)="27050200d40f00000600002f88", 0xd}], 0x1}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x2a}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r4}, 0x0, &(0x7f0000000a40)=r3}, 0x20) write$UHID_CREATE2(r2, &(0x7f0000000300)=ANY=[@ANYRES16=r3, @ANYRES8, @ANYRESDEC=r2, @ANYRESOCT], 0x118) 9m43.566691747s ago: executing program 1 (id=541): socket$packet(0x11, 0x3, 0x300) socket$kcm(0x21, 0x2, 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) socket(0x2, 0x2, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x803, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$inet_udp(0x2, 0x2, 0x0) socket$netlink(0x10, 0x3, 0xf) socket$packet(0x11, 0xa, 0x300) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r1, r3, 0x25, 0x2, @val=@netfilter={0x3, 0x1, 0x0, 0x1}}, 0x20) syz_emit_ethernet(0x66, &(0x7f0000000580)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @void, {@mpls_mc={0x8848, {[], @ipv4=@gre={{0x5, 0x4, 0x0, 0x8, 0x58, 0x64, 0x0, 0x86, 0x2f, 0x0, @broadcast, @multicast2}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x1}, {0x1}, {0x8, 0x88be, 0x1, {{0xd, 0x1, 0x7f, 0x0, 0x1, 0x1, 0x7, 0xc}, 0x1, {0x40}}}, {0x8, 0x22eb, 0x1, {{0x0, 0x2, 0x2, 0x0, 0x0, 0x2, 0x6, 0x1}, 0x2, {0x3, 0x3, 0x3, 0x5, 0x1, 0x1, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}}, 0x0) 9m36.988617752s ago: executing program 1 (id=553): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpgrp(0xffffffffffffffff) prlimit64(r0, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee2, 0x89831, 0xffffffffffffffff, 0x32ab8000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, 0x0, 0x0) connect$inet6(r4, 0x0, 0x0) sendmmsg$inet6(r4, &(0x7f0000000b80), 0x0, 0x8800) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x3a, 0x4, 0x2e8, 0xffffffff, 0x11f0, 0x110, 0x0, 0x90, 0xffffffff, 0x12e8, 0x12e8, 0x12e8, 0x110, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [], 0x5}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x98, 0x8001, 0xff, 0x8, 0x8, 0x1, 0x7, 0x9]}}}, {{@ip={@rand_addr=0x64010101, @private, 0x0, 0x0, 'vlan0\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x2]}, {0x0, [0x0, 0x0, 0x0, 0x4]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x348) syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="170000000700"], 0x50) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r6, 0x40505412, 0x0) write$binfmt_misc(r5, &(0x7f0000000000), 0xd) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) 9m36.056151347s ago: executing program 1 (id=556): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 9m35.14698378s ago: executing program 1 (id=559): socket(0x400000000010, 0x3, 0x0) socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fanotify_init(0xf00, 0x1) socket(0x10, 0x2, 0x0) syz_usb_connect$hid(0x4, 0x36, &(0x7f00000000c0)=ANY=[], 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}, 0x10040) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004) 9m19.678701575s ago: executing program 32 (id=559): socket(0x400000000010, 0x3, 0x0) socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fanotify_init(0xf00, 0x1) socket(0x10, 0x2, 0x0) syz_usb_connect$hid(0x4, 0x36, &(0x7f00000000c0)=ANY=[], 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}, 0x10040) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004) 7m39.560431026s ago: executing program 3 (id=805): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$vim2m(0x0, 0x7, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x1, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0) 7m37.836325016s ago: executing program 3 (id=808): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000006"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r4}, &(0x7f0000000280), &(0x7f0000000040)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 7m37.174126855s ago: executing program 3 (id=809): socket$inet(0x2b, 0x1, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOGETCMAP(r3, 0x4604, &(0x7f0000000100)={0x0, 0x1b, 0x0, 0xfffffffffffffffe, 0x0, 0x0}) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(&(0x7f0000000180)='9p\x00', 0x0) syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) clock_gettime(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0xc810) socket$kcm(0x10, 0x2, 0x0) readv(0xffffffffffffffff, &(0x7f0000000300), 0x0) r5 = syz_open_dev$video(&(0x7f0000000080), 0xfffffffffdfffffd, 0x2a943) ioctl$VIDIOC_QUERYCTRL(r5, 0xc0445624, &(0x7f00000000c0)={0x8000005, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d432546da16827000", 0x1, 0x349, 0x0, 0x4, 0x85}) write$evdev(0xffffffffffffffff, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 7m35.21388253s ago: executing program 3 (id=811): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x800000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./file0/../file0/../file0/../file0/file0\x00') open_tree(0xffffffffffffff9c, &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00', 0x89901) 7m29.356540793s ago: executing program 3 (id=823): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) 7m28.072451798s ago: executing program 3 (id=827): setresgid(0x0, 0xee01, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$netrom(0xffffffffffffffff, &(0x7f0000000380)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48) bind$netrom(0xffffffffffffffff, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) accept$netrom(0xffffffffffffffff, &(0x7f0000000400)={{}, [@netrom, @netrom, @remote, @bcast, @remote, @bcast, @netrom, @bcast]}, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) 7m26.737997136s ago: executing program 33 (id=827): setresgid(0x0, 0xee01, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$netrom(0xffffffffffffffff, &(0x7f0000000380)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48) bind$netrom(0xffffffffffffffff, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) accept$netrom(0xffffffffffffffff, &(0x7f0000000400)={{}, [@netrom, @netrom, @remote, @bcast, @remote, @bcast, @netrom, @bcast]}, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) 1m7.526046755s ago: executing program 4 (id=1804): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000680)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8000) 1m6.480700076s ago: executing program 4 (id=1807): open(0x0, 0x108242, 0x78e22799f4a46eab) io_submit(0x0, 0x1, &(0x7f0000002840)=[0x0]) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000df100bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000002040)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xe, 0x0, &(0x7f0000000280)="1d5ff8317ca952a2ba4bfee0f003", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6}, 0x50) 1m6.086699759s ago: executing program 4 (id=1810): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14"], 0x18}, 0xc800) r2 = getpgrp(0x0) prlimit64(r2, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x560e, 0x0) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0) 1m3.212744238s ago: executing program 4 (id=1817): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 1m1.335923388s ago: executing program 4 (id=1819): socket$inet(0x2b, 0x1, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOGETCMAP(r3, 0x4604, &(0x7f0000000100)={0x0, 0x1b, 0x0, 0xfffffffffffffffe, 0x0, 0x0}) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, 0x0, 0x0) ptrace$getenv(0x4201, 0x0, 0x6, &(0x7f0000000440)) fsopen(&(0x7f0000000180)='9p\x00', 0x0) r5 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205647, &(0x7f0000000200)={0xf020000, 0x6, 0x800, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x675653d35eb1ac7a, 0xfffffffb, '\x00', @value=0x80000001}}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, 0x0, 0xc810) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000001c0)="2e00000010008188040f46ecdb4cb9cca7480ef40f000000e3bd6efb010509000b000a", 0x23}], 0x1, 0x0, 0x0, 0xc9e}, 0x8600) readv(0xffffffffffffffff, &(0x7f0000000300), 0x0) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000200)=@multiplanar_mmap={0x9, 0xa, 0x4, 0x2, 0xfc, {}, {0x1, 0x2, 0x8, 0x6a, 0x2, 0x4, "3b7a1286"}, 0x8, 0x1, {&(0x7f00000000c0)=[{0x400, 0x6, {0x4}, 0x8}, {0xc000, 0x39, {0x4}, 0xfff}]}, 0x7}) r8 = syz_open_dev$video(&(0x7f0000000080), 0xfffffffffdfffffd, 0x2a943) ioctl$VIDIOC_QUERYCTRL(r8, 0xc0445624, &(0x7f00000000c0)={0x8000005, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d432546da16827000", 0x1, 0x349, 0x0, 0x4, 0x85}) 1m0.073477512s ago: executing program 4 (id=1822): bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2090) syz_clone(0x1804080, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x449) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r1 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0e, &(0x7f0000000040)) ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0e, &(0x7f0000000000)) 43.780083759s ago: executing program 34 (id=1822): bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2090) syz_clone(0x1804080, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x449) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r1 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0e, &(0x7f0000000040)) ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0e, &(0x7f0000000000)) 14.625029971s ago: executing program 5 (id=1913): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r3 = fanotify_init(0x200, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e40), 0x40080, 0x0) ioctl$TIOCPKT(r4, 0x5420, &(0x7f00000000c0)=0x1) ioctl$TCSETS(r4, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "fe94b89fc43c3328eae0cae1f5eba329e6f216"}) readv(r3, &(0x7f00000001c0), 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000e, 0x12, r5, 0x1cd1e000) ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000001440)={'bridge0\x00', 0x0}) 12.653737547s ago: executing program 5 (id=1916): setxattr$security_ima(0x0, &(0x7f0000000140), 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_vhci(0x0, 0x7) r3 = socket(0x2, 0x80805, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in={{0x2, 0x4e24, @remote}}}, &(0x7f0000000040)=0x84) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup, 0x20, 0x1, 0x5, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f0000000440)}, 0x40) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000180)={r6, 0xb}, &(0x7f0000000280)=0x8) 8.478590352s ago: executing program 5 (id=1928): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$inet(r0, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000640)="98", 0x1}], 0x1}}], 0x1, 0x2090) 6.632219421s ago: executing program 2 (id=1935): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x4c, &(0x7f0000000680)=[{&(0x7f00000000c0)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r1, &(0x7f0000000040), 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 5.045454684s ago: executing program 2 (id=1940): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e28}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wg2\x00'}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f00000005c0)="0f018581c0b852000f00d8666765f36f0f33f010026c6c0f3a0cb9000000752066b9800000c00f3a32c632c6004000a50f01d7062f86b1cf01", 0x39}], 0x1, 0x54, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000600)={[0x8000000000000000, 0x900000011, 0x0, 0x45b, 0x4, 0x80000, 0x6, 0x5, 0x0, 0xfc, 0xfffffffdffffffbe, 0xfdfffffffffffff9, 0x104, 0x9, 0xc82, 0x767], 0xeeef0000, 0x80082}) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000000)=0x100000b3, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f0000000040)={0x0, 0x0}, 0x10) socket$inet(0x2, 0x4000000000000001, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000080)={0xa, 0x2, 0xfffffff9, @loopback, 0x80}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='dctcp', 0x5) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) 4.840643846s ago: executing program 5 (id=1942): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0xc000) 3.730915811s ago: executing program 0 (id=1943): clock_gettime(0x6, &(0x7f0000000300)) 3.730592111s ago: executing program 2 (id=1944): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="18000000000300000000000000"], &(0x7f0000001700)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000100)=0x3) mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f00000000c0)=ANY=[@ANYRESHEX, @ANYRESHEX]) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa8f, 0x86c, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x8, 0x2800, 0x6, 0x2, 0xba2, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}}) socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) 3.513572603s ago: executing program 0 (id=1945): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x439a, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @loopback, 0xbf}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000f40)=0x6c, 0x4) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}, 0x7ffffffe}], 0x1, 0x40002000, 0x0) 3.468722556s ago: executing program 5 (id=1946): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000226bd7000fbd8df250500000008003a0004000000050038000000000008003c00e1320000050037000100000005002a00010000000a2e27c61affffffffff00000500290001000000"], 0x50}, 0x1, 0x0, 0x0, 0x4040010}, 0x8010) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x800, 0x0) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_usb_connect(0x0, 0x24, &(0x7f0000001b80)={{0x12, 0x1, 0x0, 0xd5, 0x7, 0xdf, 0x8, 0x10c4, 0x8244, 0xdc00, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3}}]}}]}}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil) ioctl$SNDCTL_TMR_SELECT(r2, 0x40045408) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYRESOCT=0x0, @ANYRES8=r3, @ANYRES64=r1], 0x20}, 0x1, 0x0, 0x0, 0x4008455}, 0x20000800) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) syz_open_dev$video(&(0x7f0000000140), 0x8, 0x140) openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x1f7) syz_open_procfs(0x0, &(0x7f0000000280)='sched\x00') ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f00000000c0)) 3.461328037s ago: executing program 6 (id=1947): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000002a00)={[{@noblock_validity}, {@bsdgroups}, {@acl}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@nodiscard}]}, 0xfe, 0x477, &(0x7f0000001e00)="$eJzs3MtvVNUfAPDvnT5oefzKD/EBglbRSHy0tDxk4UajiQuNJrrAuKptIUihhtZECFF0gTEuDIl745LEv8CVboy6MnGre0NiDBvQ1ZhzH9AOM9CWaac4n09y4Zx77nDO9557Zs49d4YAutZw+iOL2BwRv0XEUJFdfMBw8de1K+cm/75ybjKLev2Nv7L8uKtXzk2W/8T1120qdtTrZX5Dk3ovvB0xMTMzfbrMj86ffG907szZZ46fnDg2fWz61Pjhwwf27+4/NH6wLXGmuK7u/HB2146X37r46uSRi+/89E1q7+ayvIqjnYaLs9vU4+2urMO2LEhnvR1sCMuS+i11V18+/oeiJwavlw3FS590tHHAqqrX6/Vmn8/JpbIc+K/KjHHoUtVnfbr/rba1m3103p/PFzdAKe5r5VaU9EatPKav4f62nQYi4sj5f75KW6zSOgQAwELfpfnP083mf7W4b8Fx/yufoWyNiP9HxLaIuCcitkfEvRH5sfdHxAPLrL/xCcnN85/a5RUFtkRp/vdc+Wxr8fyvmv3F1p4ytyWPvy87enxmel95TvZG34aUH1v0ksW+f/HXLxr3fV4usw8vmP+lLdVfzQXLdlzubVigm5qYn2hL8Cn+jyN29jaLP4vqMU4WETsiYucK6zj+5KVdrcpuH/8ttOE5U/3riCeK/j8fDfFXspbPJ8eePTR+cHQgZqb3jVZXxc1+/uXC663qv6P42yD1/8am138Rf7pHzAYi5s6cPZE/r51bfh0Xfv90MmtRtn2F139/9mae7i/3fTAxP396LKI/eyVlBxftH7/x2ipfHZ/i37un+fjfVtye5WfiwYhIF/HuiHgoIh4u++6RiHg0IvbcIv4fX3js3VZlrfu/1ap8e6X4p27R/+ktL6Vu9P/yEz0nfvi2Vf31JfX/gTy1t9wz1X/797+lNvBOzh0AAADcLWr5d+Cz2sj1dK02MlJ8h397bKzNzM7NP3V09v1TU8V35bdGX61a6RpasB46Vq4NV/nxhvz+ct34y57BPD8yOTsz1engocttysd8T55eOP6TP3o62zZgDfi9FnQv4x+6l/EP3cv4h+5l/EOX6m+++6O1bgfQEcv//B9YlXYAa8/8H7qX8Q/dy/iHrtTyt/G1O/rJ/92a6F0fzWiaGFwfzagSUVsXzWhf4rXPiiGxXtpTJXqX/J9ZrDCxoWlRp9+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2uPfAAAA//9sF+YW") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x113) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x1c}) syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfec9, 0x8, 0x0, 0xdf}, &(0x7f0000000040), &(0x7f0000000140)) r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f00000002c0)={0x1, 0x6}, 0x2) write$USERIO_CMD_REGISTER(r2, &(0x7f00000000c0), 0x2) write$USERIO_CMD_SEND_INTERRUPT(r2, &(0x7f00000001c0)={0x2, 0x8}, 0x2) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) socket$kcm(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r7 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@delrng={0x10, 0x14, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x4000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 2.851541702s ago: executing program 7 (id=1851): r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={0x58, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x10000042}, 0x4090) 2.704713931s ago: executing program 2 (id=1948): setxattr$security_ima(0x0, &(0x7f0000000140), 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_vhci(0x0, 0x7) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in={{0x2, 0x4e24, @remote}}}, &(0x7f0000000040)=0x84) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup, 0x20, 0x1, 0x5, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f0000000440)}, 0x40) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={r4, 0xb}, &(0x7f0000000280)=0x8) 2.54400809s ago: executing program 0 (id=1949): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x8003000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, r3, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x24044080) 2.543603561s ago: executing program 2 (id=1950): socket$kcm(0x11, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x0) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0) 1.960896405s ago: executing program 6 (id=1951): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x38, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.8593846s ago: executing program 7 (id=1952): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r3 = fanotify_init(0x200, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e40), 0x40080, 0x0) ioctl$TIOCPKT(r4, 0x5420, &(0x7f00000000c0)=0x1) readv(r3, &(0x7f00000001c0), 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000e, 0x12, r5, 0x1cd1e000) ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000001440)={'bridge0\x00', 0x0}) 1.794267655s ago: executing program 6 (id=1953): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x292cc2, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000700)='attr/current\x00') r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(r1, &(0x7f0000000080)='./file1\x00', 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r5 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0) landlock_restrict_self(r5, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) read$FUSE(r0, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000500)={@fallback, 0xffffffffffffffff, 0x12, 0x54}, 0x20) 1.720625909s ago: executing program 2 (id=1954): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x12) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = socket(0x10, 0x3, 0x0) r1 = getpid() bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111b300000000008510000002000000850000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x6}, 0x70) prctl$PR_SET_IO_FLUSHER(0x34, 0x1) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4) write(r0, &(0x7f0000000000)='\"', 0x1) recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) 1.167743091s ago: executing program 0 (id=1955): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x70, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x80, 0xff, 0x8, 0x8, 0xd833}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 778.363924ms ago: executing program 7 (id=1956): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d", 0x13) recvmmsg(r2, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) 456.701243ms ago: executing program 6 (id=1957): r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x10c) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) lseek(r2, 0x3, 0x0) 430.128925ms ago: executing program 5 (id=1958): openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f0000000440)='./file0\x00', 0x0) syz_clone(0x1010000, &(0x7f0000000340), 0x0, 0x0, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) sendfile(r3, r3, 0x0, 0x40008) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) syz_open_dev$dri(&(0x7f0000000a40), 0x0, 0x88400) r5 = memfd_create(0x0, 0x7) ioctl$FS_IOC_RESVSP(r5, 0x40305829, 0x0) sendmsg$nl_route(r4, 0x0, 0x44000) 211.339958ms ago: executing program 6 (id=1959): socket$packet(0x11, 0x3, 0x300) socket$kcm(0xa, 0x922000000003, 0x11) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800"], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 179.648849ms ago: executing program 0 (id=1960): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/if_inet6\x00') getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x6, 0x202, 0xb, 0x9}, &(0x7f00000001c0)=0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x70}}, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0xa00, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) timer_create(0x3, &(0x7f0000000140)={0x0, 0x2e, 0x2, @thr={0x0, 0x0}}, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0xe42, 0x9, 0xfffffffffffffffb, 0x5, 0x10000, 0x3, 0x4002004c2, 0x100000007ff, 0x1, 0x0, 0x10000000000400, 0x80, 0x8b, 0x0, 0x8, 0x8b], 0x58000, 0x240046}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 130.452332ms ago: executing program 6 (id=1961): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xdb, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, 0x0, 0x0, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ptrace(0x10, 0x1) syz_open_dev$dri(0x0, 0x8, 0x47a45d90d8f77123) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x77c}) mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000580000/0x4000)=nil) listen(0xffffffffffffffff, 0xda8c) openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=1962): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, 0x0, 0x0) mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): S-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 183.256298][ T5487] syz.0.318: attempt to access beyond end of device [ 183.256298][ T5487] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 184.835211][ T4575] kworker/u4:14: attempt to access beyond end of device [ 184.835211][ T4575] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 187.777989][ T5535] 9pnet_fd: Insufficient options for proto=fd [ 187.865863][ T5516] loop2: detected capacity change from 0 to 40427 [ 188.006807][ T5516] F2FS-fs (loop2): invalid crc value [ 189.164785][ T5516] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-4) [ 190.574522][ T5569] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 194.197389][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.205439][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.794098][ T5624] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 205.763655][ T5694] netlink: 20 bytes leftover after parsing attributes in process `syz.1.367'. [ 206.089220][ T5696] loop3: detected capacity change from 0 to 40427 [ 206.112299][ T5696] F2FS-fs (loop3): invalid crc value [ 206.203636][ T5696] F2FS-fs (loop3): Found nat_bits in checkpoint [ 206.241147][ T5696] F2FS-fs (loop3): Start checkpoint disabled! [ 206.340642][ T5696] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 207.461893][ T5708] syz.3.368: attempt to access beyond end of device [ 207.461893][ T5708] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 209.417221][ T4575] kworker/u4:14: attempt to access beyond end of device [ 209.417221][ T4575] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 209.954087][ T5735] 9pnet_fd: Insufficient options for proto=fd [ 211.818072][ T5749] 9pnet_fd: Insufficient options for proto=fd [ 215.589086][ T5770] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 216.009097][ T5784] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 216.018445][ T5784] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 219.368502][ T5808] 9pnet_fd: Insufficient options for proto=fd [ 224.501808][ T5845] 9pnet_fd: Insufficient options for proto=fd [ 225.356991][ T5853] loop1: detected capacity change from 0 to 32768 [ 227.725538][ C1] sched: RT throttling activated [ 229.286008][ T5877] netlink: 44 bytes leftover after parsing attributes in process `syz.2.404'. [ 232.795604][ T5912] 9pnet_fd: Insufficient options for proto=fd [ 233.047568][ T5917] 9pnet_fd: Insufficient options for proto=fd [ 233.219816][ T5922] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0) [ 235.179462][ T5919] cgroup: No subsys list or none specified [ 235.469359][ T5927] 9pnet_fd: Insufficient options for proto=fd [ 235.765932][ T26] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 236.288152][ T26] usb 3-1: Using ep0 maxpacket: 8 [ 236.420689][ T26] usb 3-1: unable to get BOS descriptor or descriptor too short [ 236.431440][ T26] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 236.442117][ T26] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 236.457279][ T26] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 236.466469][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.474486][ T26] usb 3-1: Product: syz [ 236.479783][ T26] usb 3-1: Manufacturer: syz [ 236.495635][ T26] usb 3-1: SerialNumber: syz [ 236.522901][ T26] usb 3-1: config 0 descriptor?? [ 236.618265][ T26] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 236.734384][ T5936] udevd[5936]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 237.973314][ T5942] loop0: detected capacity change from 0 to 40427 [ 238.128816][ T5942] F2FS-fs (loop0): invalid crc value [ 238.255417][ T26] usb 3-1: USB disconnect, device number 4 [ 238.434064][ T5942] F2FS-fs (loop0): Found nat_bits in checkpoint [ 238.524358][ T5942] F2FS-fs (loop0): Start checkpoint disabled! [ 238.559111][ T5942] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 241.107244][ T4575] kworker/u4:14: attempt to access beyond end of device [ 241.107244][ T4575] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 242.926369][ T5989] cgroup: No subsys list or none specified [ 242.950299][ T5986] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 242.961678][ T5994] 9pnet_fd: Insufficient options for proto=fd [ 244.448012][ T6001] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 244.643056][ T6003] device bridge1 entered promiscuous mode [ 246.048996][ T6010] netlink: 28 bytes leftover after parsing attributes in process `syz.0.445'. [ 247.525641][ T6023] loop0: detected capacity change from 0 to 40427 [ 247.565303][ T6027] 9pnet_fd: Insufficient options for proto=fd [ 247.846193][ T4310] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 248.136932][ T6023] F2FS-fs (loop0): invalid crc value [ 248.171974][ T6023] F2FS-fs (loop0): Found nat_bits in checkpoint [ 248.208756][ T6023] F2FS-fs (loop0): Start checkpoint disabled! [ 248.255659][ T4310] usb 2-1: Using ep0 maxpacket: 8 [ 248.263047][ T4310] usb 2-1: unable to get BOS descriptor or descriptor too short [ 248.325608][ T4310] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.335830][ T4310] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 248.351333][ T4310] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 248.386034][ T6023] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 248.458588][ T4310] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.466987][ T4310] usb 2-1: Product: syz [ 248.471306][ T4310] usb 2-1: Manufacturer: syz [ 248.479213][ T4310] usb 2-1: SerialNumber: syz [ 248.493542][ T4310] usb 2-1: config 0 descriptor?? [ 248.633773][ T6033] syz.0.449: attempt to access beyond end of device [ 248.633773][ T6033] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 248.911234][ T4310] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 248.999576][ T5937] udevd[5937]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 249.209878][ T4350] kworker/u4:5: attempt to access beyond end of device [ 249.209878][ T4350] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 250.615649][ T14] usb 2-1: USB disconnect, device number 2 [ 250.999198][ T6056] loop2: detected capacity change from 0 to 32768 [ 253.117305][ T6058] loop1: detected capacity change from 0 to 32768 [ 253.845721][ T6056] read_mapping_page failed! [ 253.846052][ T6058] read_mapping_page failed! [ 253.850698][ T6056] jfs_mount: diMount(ipaimap2) failed, rc = -5 [ 253.855247][ T6058] jfs_mount: Failed to read AGGREGATE_I [ 253.866969][ T6058] Mount JFS Failure: -5 [ 253.871126][ T6058] jfs_mount failed w/return code = -5 [ 254.287659][ T6056] Mount JFS Failure: -5 [ 254.291879][ T6056] jfs_mount failed w/return code = -5 [ 254.766151][ T4255] I/O error, dev loop2, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 255.237508][ T6067] device bridge1 entered promiscuous mode [ 255.628513][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.636707][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.965018][ T6095] loop2: detected capacity change from 0 to 40427 [ 260.092450][ T6095] F2FS-fs (loop2): invalid crc value [ 260.139039][ T6095] F2FS-fs (loop2): Found nat_bits in checkpoint [ 260.162987][ T6095] F2FS-fs (loop2): Start checkpoint disabled! [ 260.176088][ T6095] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 260.321740][ T6100] syz.2.464: attempt to access beyond end of device [ 260.321740][ T6100] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 262.283994][ T6107] loop3: detected capacity change from 0 to 32768 [ 264.538221][ T4346] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 265.433732][ T4575] kworker/u4:14: attempt to access beyond end of device [ 265.433732][ T4575] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 265.779646][ T6117] loop0: detected capacity change from 0 to 256 [ 266.095434][ T6119] snd_dummy snd_dummy.0: control 0:0:8:syz0:0 is already present [ 266.246476][ T6117] exfat: Unknown parameter 'zero_size_dir' [ 266.846445][ T6129] netlink: 44 bytes leftover after parsing attributes in process `syz.0.474'. [ 267.247822][ T6129] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.255104][ T6129] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.656663][ T6138] device syzkaller0 entered promiscuous mode [ 272.953428][ T6183] netlink: 44 bytes leftover after parsing attributes in process `syz.3.489'. [ 273.944331][ T6192] cgroup: No subsys list or none specified [ 274.703851][ T6201] loop2: detected capacity change from 0 to 1024 [ 274.754038][ T6201] EXT4-fs: Ignoring removed orlov option [ 274.783300][ T6201] EXT4-fs: Ignoring removed orlov option [ 275.045791][ T6201] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 275.071124][ T6201] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2799: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 275.776046][ T6220] netlink: 44 bytes leftover after parsing attributes in process `syz.1.503'. [ 276.203192][ T4273] EXT4-fs (loop2): unmounting filesystem. [ 276.317167][ T6227] loop0: detected capacity change from 0 to 256 [ 276.349165][ T6227] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 276.677738][ T6230] loop2: detected capacity change from 0 to 40427 [ 276.698672][ T6230] F2FS-fs (loop2): invalid crc value [ 276.798431][ T6236] cgroup: No subsys list or none specified [ 277.439468][ T6230] F2FS-fs (loop2): Found nat_bits in checkpoint [ 277.483765][ T6230] F2FS-fs (loop2): Start checkpoint disabled! [ 277.491582][ T6237] device syzkaller0 entered promiscuous mode [ 277.525698][ T6230] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 277.727735][ T6244] syz.2.506: attempt to access beyond end of device [ 277.727735][ T6244] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 279.726521][ T6264] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 280.146392][ T4359] kworker/u4:6: attempt to access beyond end of device [ 280.146392][ T4359] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 280.494043][ T6272] netlink: 44 bytes leftover after parsing attributes in process `syz.3.519'. [ 281.128460][ T6281] loop4: detected capacity change from 0 to 256 [ 281.180098][ T6281] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 281.311525][ T6284] cgroup: No subsys list or none specified [ 283.029898][ T6292] loop3: detected capacity change from 0 to 40427 [ 283.059186][ T6292] F2FS-fs (loop3): invalid crc value [ 283.080437][ T6300] 9pnet_fd: Insufficient options for proto=fd [ 283.096033][ T6292] F2FS-fs (loop3): Found nat_bits in checkpoint [ 283.132168][ T6292] F2FS-fs (loop3): Start checkpoint disabled! [ 283.142590][ T6292] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 283.464095][ T6292] syz.3.528: attempt to access beyond end of device [ 283.464095][ T6292] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 285.884371][ T6319] 9pnet_fd: Insufficient options for proto=fd [ 286.046738][ T4406] kworker/u4:9: attempt to access beyond end of device [ 286.046738][ T4406] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 286.155866][ T4374] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 286.329125][ T6321] loop1: detected capacity change from 0 to 40427 [ 286.347477][ T4374] usb 1-1: Using ep0 maxpacket: 8 [ 286.365095][ T6321] F2FS-fs (loop1): invalid crc value [ 286.374927][ T4374] usb 1-1: unable to get BOS descriptor or descriptor too short [ 286.402696][ T6321] F2FS-fs (loop1): Found nat_bits in checkpoint [ 286.409171][ T4374] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 286.409233][ T4374] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 286.411304][ T4374] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 286.493079][ T6321] F2FS-fs (loop1): Start checkpoint disabled! [ 286.531025][ T6321] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 286.705068][ T6329] syz.1.536: attempt to access beyond end of device [ 286.705068][ T6329] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 288.122330][ T6332] cgroup: No subsys list or none specified [ 288.473801][ T4374] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.664229][ T4374] usb 1-1: Product: syz [ 288.764393][ T4374] usb 1-1: Manufacturer: syz [ 288.865892][ T4374] usb 1-1: SerialNumber: syz [ 289.021026][ T4374] usb 1-1: config 0 descriptor?? [ 289.086448][ T4374] usb 1-1: can't set config #0, error -71 [ 289.160685][ T4374] usb 1-1: USB disconnect, device number 3 [ 289.377113][ T4520] kworker/u4:13: attempt to access beyond end of device [ 289.377113][ T4520] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 291.204759][ T6362] loop4: detected capacity change from 0 to 40427 [ 291.219603][ T6362] F2FS-fs (loop4): invalid crc value [ 291.231200][ T6362] F2FS-fs (loop4): Found nat_bits in checkpoint [ 291.257174][ T6362] F2FS-fs (loop4): Start checkpoint disabled! [ 291.386595][ T6362] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 292.358106][ T6372] loop2: detected capacity change from 0 to 32768 [ 295.131164][ T6373] syz.4.546: attempt to access beyond end of device [ 295.131164][ T6373] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 295.194807][ T6372] read_mapping_page failed! [ 295.199666][ T6372] jfs_mount: Failed to read AGGREGATE_I [ 295.205276][ T6372] Mount JFS Failure: -5 [ 295.209557][ T6372] jfs_mount failed w/return code = -5 [ 295.563004][ T6379] device bridge1 entered promiscuous mode [ 295.740397][ T75] kworker/u4:4: attempt to access beyond end of device [ 295.740397][ T75] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 295.776775][ T6383] device syzkaller0 entered promiscuous mode [ 295.967261][ T6388] 9pnet_fd: Insufficient options for proto=fd [ 296.275929][ T4267] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 296.499272][ T4267] usb 3-1: Using ep0 maxpacket: 8 [ 296.513121][ T4267] usb 3-1: unable to get BOS descriptor or descriptor too short [ 296.563171][ T4267] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 296.650943][ T4267] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 296.843492][ T6392] netlink: 44 bytes leftover after parsing attributes in process `syz.0.554'. [ 297.157624][ T4267] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 297.214221][ T4267] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.241620][ T4267] usb 3-1: Product: syz [ 297.246360][ T4267] usb 3-1: Manufacturer: syz [ 297.251110][ T4267] usb 3-1: SerialNumber: syz [ 297.258547][ T4267] usb 3-1: config 0 descriptor?? [ 297.319322][ T4267] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 297.593400][ T5936] udevd[5936]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 297.599090][ T6407] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 299.014476][ T4267] usb 3-1: USB disconnect, device number 5 [ 299.325385][ T6415] loop2: detected capacity change from 0 to 40427 [ 299.345096][ T6415] F2FS-fs (loop2): invalid crc value [ 299.359020][ T6415] F2FS-fs (loop2): Found nat_bits in checkpoint [ 299.383272][ T6415] F2FS-fs (loop2): Start checkpoint disabled! [ 299.395564][ T6415] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 299.759648][ T6412] syz.2.561: attempt to access beyond end of device [ 299.759648][ T6412] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 300.649557][ T4403] kworker/u4:8: attempt to access beyond end of device [ 300.649557][ T4403] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 302.180947][ T6440] loop3: detected capacity change from 0 to 32768 [ 303.043392][ T6441] netlink: 44 bytes leftover after parsing attributes in process `syz.4.568'. [ 304.472030][ T6447] device syzkaller0 entered promiscuous mode [ 305.941765][ T6462] loop2: detected capacity change from 0 to 32768 [ 310.111282][ T6473] device bridge2 entered promiscuous mode [ 310.457992][ T6479] loop2: detected capacity change from 0 to 40427 [ 310.467230][ T6479] F2FS-fs (loop2): invalid crc value [ 310.484720][ T6479] F2FS-fs (loop2): Found nat_bits in checkpoint [ 310.518008][ T6479] F2FS-fs (loop2): Start checkpoint disabled! [ 310.535313][ T6479] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 310.688792][ T6485] syz.2.576: attempt to access beyond end of device [ 310.688792][ T6485] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 312.477674][ T6491] netlink: 44 bytes leftover after parsing attributes in process `syz.0.583'. [ 312.986404][ T6499] 9pnet_fd: Insufficient options for proto=fd [ 313.587752][ T4411] kworker/u4:11: attempt to access beyond end of device [ 313.587752][ T4411] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 314.311479][ T6508] loop0: detected capacity change from 0 to 32768 [ 316.966497][ T6513] device syzkaller0 entered promiscuous mode [ 318.145728][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.152033][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.419015][ T6520] device bridge2 entered promiscuous mode [ 318.589521][ T4282] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 318.618109][ T4282] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 318.626386][ T4282] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 318.634249][ T4282] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 318.642064][ T4282] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 318.649403][ T4282] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 319.074893][ T6528] loop0: detected capacity change from 0 to 40427 [ 319.084893][ T6528] F2FS-fs (loop0): invalid crc value [ 319.108375][ T6528] F2FS-fs (loop0): Found nat_bits in checkpoint [ 319.147477][ T6528] F2FS-fs (loop0): Start checkpoint disabled! [ 319.182682][ T6528] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 319.362445][ T6531] syz.0.596: attempt to access beyond end of device [ 319.362445][ T6531] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 320.675602][ T4281] Bluetooth: hci1: command 0x0409 tx timeout [ 320.936072][ T4520] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.994695][ T4520] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.048482][ T33] kworker/u4:2: attempt to access beyond end of device [ 322.048482][ T33] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 322.293878][ T4520] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.576988][ T4520] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.746850][ T4281] Bluetooth: hci1: command 0x041b tx timeout [ 322.881880][ T6521] chnl_net:caif_netlink_parms(): no params data found [ 323.162430][ T6553] 9pnet_fd: Insufficient options for proto=fd [ 323.873198][ T6521] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.897227][ T6521] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.935168][ T6521] device bridge_slave_0 entered promiscuous mode [ 324.117945][ T6521] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.125206][ T6521] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.179153][ T6521] device bridge_slave_1 entered promiscuous mode [ 324.608022][ T6521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.638695][ T6521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.866406][ T4281] Bluetooth: hci1: command 0x040f tx timeout [ 325.478767][ T6521] team0: Port device team_slave_0 added [ 325.528628][ T6521] team0: Port device team_slave_1 added [ 325.701370][ T6521] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.735530][ T6521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.875214][ T6521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 326.039683][ T6521] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 326.047851][ T6521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.131729][ T6521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 326.645757][ T6521] device hsr_slave_0 entered promiscuous mode [ 326.656608][ T6521] device hsr_slave_1 entered promiscuous mode [ 326.663647][ T6521] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 326.672636][ T6521] Cannot create hsr debugfs directory [ 326.705439][ T6605] 9pnet_fd: Insufficient options for proto=fd [ 326.919351][ T4281] Bluetooth: hci1: command 0x0419 tx timeout [ 327.197619][ T6613] 9pnet_fd: Insufficient options for proto=fd [ 328.750133][ T4520] device hsr_slave_0 left promiscuous mode [ 328.783751][ T4520] device hsr_slave_1 left promiscuous mode [ 328.866251][ T4520] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 328.873763][ T4520] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 328.922478][ T4520] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 328.955676][ T4520] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 328.974237][ T4520] device bridge_slave_1 left promiscuous mode [ 329.005426][ T4520] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.030558][ T4520] device bridge_slave_0 left promiscuous mode [ 329.048698][ T4520] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.426922][ T4520] device veth1_macvtap left promiscuous mode [ 329.433575][ T4520] device veth0_macvtap left promiscuous mode [ 329.785936][ T4520] device veth1_vlan left promiscuous mode [ 329.793138][ T4520] device veth0_vlan left promiscuous mode [ 335.845558][ T4410] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 336.718430][ T4520] team0 (unregistering): Port device team_slave_1 removed [ 336.726097][ T4410] usb 3-1: Using ep0 maxpacket: 8 [ 336.756657][ T4410] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 336.780108][ T4410] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 336.798746][ T4410] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 336.965167][ T4410] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 336.979966][ T4410] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 336.989201][ T4410] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.021527][ T4520] team0 (unregistering): Port device team_slave_0 removed [ 337.053611][ T6700] 9pnet_fd: Insufficient options for proto=fd [ 337.657906][ T4520] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 337.690868][ T4410] usb 3-1: GET_CAPABILITIES returned 0 [ 337.697310][ T4410] usbtmc 3-1:16.0: can't read capabilities [ 337.802150][ T952] usb 3-1: USB disconnect, device number 6 [ 337.824731][ T4520] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 338.217158][ T6707] loop0: detected capacity change from 0 to 40427 [ 338.243060][ T6707] F2FS-fs (loop0): invalid crc value [ 338.261210][ T6707] F2FS-fs (loop0): Found nat_bits in checkpoint [ 338.299251][ T6707] F2FS-fs (loop0): Start checkpoint disabled! [ 338.327369][ T6707] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 338.501077][ T6711] syz.0.637: attempt to access beyond end of device [ 338.501077][ T6711] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 338.956301][ T4520] bond0 (unregistering): Released all slaves [ 339.021928][ T75] kworker/u4:4: attempt to access beyond end of device [ 339.021928][ T75] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 339.214530][ T6718] 9pnet_fd: Insufficient options for proto=fd [ 339.947641][ T6521] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 340.110478][ T6521] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 340.202460][ T6521] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 340.304867][ T6521] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 342.052740][ T6521] 8021q: adding VLAN 0 to HW filter on device bond0 [ 342.148943][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 342.192568][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 342.222639][ T6748] 9pnet_fd: Insufficient options for proto=fd [ 342.282944][ T6521] 8021q: adding VLAN 0 to HW filter on device team0 [ 342.362239][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 342.401991][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 342.493004][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.500202][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 342.653310][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 342.705236][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 342.750024][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 342.825186][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.832391][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.204608][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 343.336615][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 343.576099][ T6769] loop4: detected capacity change from 0 to 40427 [ 343.604775][ T6769] F2FS-fs (loop4): invalid crc value [ 343.644368][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 343.666854][ T6769] F2FS-fs (loop4): Found nat_bits in checkpoint [ 343.685709][ T4324] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 343.712573][ T6769] F2FS-fs (loop4): Start checkpoint disabled! [ 343.722002][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 343.732161][ T6769] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 343.882926][ T6774] syz.4.649: attempt to access beyond end of device [ 343.882926][ T6774] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 343.897734][ T4324] usb 4-1: Using ep0 maxpacket: 8 [ 343.917507][ T4324] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 343.935617][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 344.133627][ T4324] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 344.160863][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 344.330038][ T4324] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 344.349629][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 344.479339][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 344.495080][ T4324] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 344.603387][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 344.660087][ T4324] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 344.743464][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 344.799351][ T4324] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.889386][ T6521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 345.027895][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 345.279523][ T4324] usb 4-1: usb_control_msg returned -71 [ 345.356007][ T4324] usbtmc 4-1:16.0: can't read capabilities [ 345.837392][ T4324] usb 4-1: USB disconnect, device number 2 [ 346.051943][ T6781] cgroup: No subsys list or none specified [ 346.189887][ T6786] device bridge3 entered promiscuous mode [ 346.216400][ T4407] kworker/u4:10: attempt to access beyond end of device [ 346.216400][ T4407] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 346.371957][ T6791] netlink: 16 bytes leftover after parsing attributes in process `syz.2.652'. [ 347.609217][ T6807] 9pnet_fd: Insufficient options for proto=fd [ 349.165507][ T6818] 9pnet_fd: Insufficient options for proto=fd [ 350.773895][ T6521] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 350.836088][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 350.872855][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 352.884462][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 352.996107][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 353.102663][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 353.140602][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 353.229665][ T6521] device veth0_vlan entered promiscuous mode [ 353.254182][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 353.263432][ T4520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 354.383061][ T6521] device veth1_vlan entered promiscuous mode [ 354.461210][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 354.474185][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 354.514846][ T6521] device veth0_macvtap entered promiscuous mode [ 354.549232][ T6521] device veth1_macvtap entered promiscuous mode [ 354.620373][ T6521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.663910][ T6521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.734869][ T6521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.825981][ T6521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.881223][ T6521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.959700][ T6876] input: syz1 as /devices/virtual/input/input14 [ 356.385751][ T6521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.396862][ T6521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 356.407529][ T6521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.423074][ T6521] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.526722][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 356.534871][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 356.710011][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 356.843345][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 356.976276][ T6521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.082848][ T6521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.164061][ T6521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 358.333857][ T6521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.355534][ T6521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 358.385492][ T6521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.395338][ T6521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 358.427728][ T6521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.508635][ T6521] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 358.525751][ T4455] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 358.545249][ T4455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 358.587302][ T6521] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.600751][ T6521] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.619043][ T6521] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.632959][ T6521] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.322100][ T4645] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.381212][ T4645] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 359.702942][ T4455] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 361.610793][ T6779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 361.628150][ T6779] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.772763][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 367.663371][ T6987] snd_dummy snd_dummy.0: control 0:0:8:syz0:0 is already present [ 369.279114][ T7020] 9pnet_fd: Insufficient options for proto=fd [ 370.951429][ T7038] loop3: detected capacity change from 0 to 1024 [ 371.061130][ T7038] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 371.194094][ T27] audit: type=1800 audit(1770147006.410:2): pid=7038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.701" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 372.512994][ T7038] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3852: comm syz.3.701: Allocating blocks 497-513 which overlap fs metadata [ 372.723622][ T7038] EXT4-fs (loop3): pa ffff8880757f80e0: logic 48, phys. 193, len 20 [ 372.732056][ T7038] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4892: group 0, free 0, pa_free 1 [ 373.226351][ T4276] EXT4-fs (loop3): unmounting filesystem. [ 374.612465][ T7080] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 377.706273][ T7115] loop2: detected capacity change from 0 to 40427 [ 377.763707][ T7115] F2FS-fs (loop2): invalid crc value [ 377.771831][ T7115] F2FS-fs (loop2): Found nat_bits in checkpoint [ 377.809716][ T7115] F2FS-fs (loop2): Start checkpoint disabled! [ 377.827143][ T7115] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 378.011803][ T7121] syz.2.719: attempt to access beyond end of device [ 378.011803][ T7121] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 378.507440][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.513801][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.849763][ T7127] device bridge2 entered promiscuous mode [ 379.892895][ T4407] kworker/u4:10: attempt to access beyond end of device [ 379.892895][ T4407] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 383.901157][ T7143] loop3: detected capacity change from 0 to 32768 [ 384.056403][ T7143] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 scanned by syz.3.724 (7143) [ 384.652957][ T7178] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 388.830834][ T7235] loop0: detected capacity change from 0 to 1024 [ 388.852689][ T7235] EXT4-fs: Ignoring removed orlov option [ 388.883531][ T7235] EXT4-fs: Ignoring removed bh option [ 388.994702][ T7235] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 389.922713][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 389.963228][ T7230] loop4: detected capacity change from 0 to 32768 [ 390.023026][ T7230] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.747 (7230) [ 390.185022][ T7230] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 390.225208][ T7251] netlink: 44 bytes leftover after parsing attributes in process `syz.0.750'. [ 390.232183][ T7230] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 390.256011][ T7230] BTRFS info (device loop4): enabling auto defrag [ 390.271582][ T7230] BTRFS info (device loop4): use no compression [ 390.313722][ T7230] BTRFS info (device loop4): force clearing of disk cache [ 390.354254][ T7230] BTRFS info (device loop4): max_inline at 4096 [ 390.390982][ T7230] BTRFS info (device loop4): disabling free space tree [ 391.059987][ T7230] BTRFS info (device loop4): enabling ssd optimizations [ 391.081084][ T7230] BTRFS info (device loop4): rebuilding free space tree [ 391.380668][ T7230] BTRFS info (device loop4): disabling free space tree [ 392.049910][ T7230] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 392.149823][ T7230] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 392.986082][ T4272] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 394.073009][ T7315] input: syz1 as /devices/virtual/input/input15 [ 394.163362][ T7316] device syzkaller0 entered promiscuous mode [ 394.332841][ T7321] loop3: detected capacity change from 0 to 1024 [ 394.366370][ T7321] EXT4-fs: Ignoring removed orlov option [ 394.393768][ T7321] EXT4-fs: Ignoring removed bh option [ 394.428394][ T7326] netlink: 28 bytes leftover after parsing attributes in process `syz.0.761'. [ 394.487306][ T7321] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 394.669155][ T7323] loop4: detected capacity change from 0 to 8192 [ 394.730126][ T7331] netlink: 44 bytes leftover after parsing attributes in process `syz.2.762'. [ 395.298853][ T4276] EXT4-fs (loop3): unmounting filesystem. [ 395.307883][ T7323] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 395.404818][ T27] audit: type=1800 audit(1770147030.620:3): pid=7323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.754" name="file2" dev="loop4" ino=1048601 res=0 errno=0 [ 395.613328][ T7345] netlink: 24 bytes leftover after parsing attributes in process `syz.3.764'. [ 395.691177][ T7343] loop0: detected capacity change from 0 to 4096 [ 395.756148][ T7347] loop4: detected capacity change from 0 to 2048 [ 395.766490][ T7348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.764'. [ 395.884637][ T7347] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 396.053636][ T7347] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 397.158478][ T7361] loop2: detected capacity change from 0 to 40427 [ 397.212419][ T7361] F2FS-fs (loop2): invalid crc value [ 397.248320][ T7361] F2FS-fs (loop2): Found nat_bits in checkpoint [ 397.306935][ T7361] F2FS-fs (loop2): Start checkpoint disabled! [ 397.335083][ T7361] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 397.556156][ T7373] syz.2.769: attempt to access beyond end of device [ 397.556156][ T7373] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 397.898298][ T7376] device syzkaller0 entered promiscuous mode [ 398.053117][ T7382] netlink: 28 bytes leftover after parsing attributes in process `syz.5.773'. [ 398.098002][ T75] kworker/u4:4: attempt to access beyond end of device [ 398.098002][ T75] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 398.835245][ T4265] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 398.860148][ T4265] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 399.075910][ T7394] loop4: detected capacity change from 0 to 1024 [ 399.440770][ T7405] syz.4.776 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 399.889642][ T7407] loop2: detected capacity change from 0 to 1024 [ 399.946447][ T7407] EXT4-fs: Ignoring removed orlov option [ 399.962539][ T7407] EXT4-fs: Ignoring removed bh option [ 400.008858][ T7407] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 401.409054][ T7420] loop5: detected capacity change from 0 to 32768 [ 402.864036][ T4273] EXT4-fs (loop2): unmounting filesystem. [ 404.073377][ T7439] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 405.811910][ T7459] input: syz1 as /devices/virtual/input/input16 [ 406.708823][ T7463] loop3: detected capacity change from 0 to 1024 [ 407.665121][ T4359] hfsplus: b-tree write err: -5, ino 4 [ 410.101353][ T7494] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 411.913078][ T7505] netlink: 44 bytes leftover after parsing attributes in process `syz.3.800'. [ 418.833782][ T7560] loop5: detected capacity change from 0 to 2048 [ 418.887408][ T7560] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 418.956437][ T7560] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 419.884974][ T7570] cgroup: No subsys list or none specified [ 420.911318][ T7582] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 425.364278][ T4411] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.545996][ T4411] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.756930][ T4411] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.798724][ T7629] device bridge4 entered promiscuous mode [ 425.887721][ T4411] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.281011][ T4282] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 429.291679][ T4282] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 429.301202][ T4275] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 429.310155][ T4282] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 429.318750][ T4275] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 429.326425][ T4282] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 430.540176][ T7671] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 431.381295][ T7650] chnl_net:caif_netlink_parms(): no params data found [ 431.385579][ T4282] Bluetooth: hci3: command 0x0409 tx timeout [ 431.458987][ T7684] input: syz1 as /devices/virtual/input/input17 [ 433.468210][ T4282] Bluetooth: hci3: command 0x041b tx timeout [ 433.772674][ T7650] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.800233][ T7650] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.860680][ T7650] device bridge_slave_0 entered promiscuous mode [ 433.894609][ T7650] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.636202][ T7650] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.657623][ T7650] device bridge_slave_1 entered promiscuous mode [ 434.742029][ T7711] 9pnet_fd: Insufficient options for proto=fd [ 435.034331][ T4411] device hsr_slave_0 left promiscuous mode [ 435.073053][ T4411] device hsr_slave_1 left promiscuous mode [ 435.095685][ T4411] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 435.103139][ T4411] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 435.136545][ T4411] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 435.143989][ T4411] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.191035][ T4411] device bridge_slave_1 left promiscuous mode [ 435.215652][ T4411] bridge0: port 2(bridge_slave_1) entered disabled state [ 435.236798][ T4411] device bridge_slave_0 left promiscuous mode [ 435.243092][ T4411] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.330058][ T4411] device veth1_macvtap left promiscuous mode [ 435.345739][ T4411] device veth0_macvtap left promiscuous mode [ 435.351883][ T4411] device veth1_vlan left promiscuous mode [ 435.382024][ T4411] device veth0_vlan left promiscuous mode [ 435.545533][ T4282] Bluetooth: hci3: command 0x040f tx timeout [ 435.895512][ T4309] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 436.233853][ T4309] usb 5-1: Using ep0 maxpacket: 32 [ 436.256487][ T4309] usb 5-1: unable to get BOS descriptor or descriptor too short [ 436.287162][ T4309] usb 5-1: config 225 has an invalid interface number: 57 but max is 0 [ 436.298882][ T4309] usb 5-1: config 225 has no interface number 0 [ 436.328336][ T4309] usb 5-1: New USB device found, idVendor=05c6, idProduct=7002, bcdDevice=d2.98 [ 436.356218][ T4309] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.364516][ T4309] usb 5-1: Product: syz [ 436.369004][ T4309] usb 5-1: Manufacturer: syz [ 436.373621][ T4309] usb 5-1: SerialNumber: syz [ 436.607807][ T4309] usb-storage 5-1:225.57: USB Mass Storage device detected [ 437.441321][ T4309] usb 5-1: USB disconnect, device number 3 [ 437.512977][ T4411] team0 (unregistering): Port device team_slave_1 removed [ 437.589419][ T4411] team0 (unregistering): Port device team_slave_0 removed [ 437.630890][ T4282] Bluetooth: hci3: command 0x0419 tx timeout [ 437.713024][ T4411] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 437.843357][ T7744] 9pnet_fd: Insufficient options for proto=fd [ 437.932406][ T4411] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 439.322672][ T7751] input: syz1 as /devices/virtual/input/input18 [ 439.511492][ T4411] bond0 (unregistering): Released all slaves [ 439.602353][ T7650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 439.615066][ T7730] device bridge5 entered promiscuous mode [ 439.623612][ T7740] device veth0 entered promiscuous mode [ 439.674880][ T7740] device veth0 left promiscuous mode [ 439.736745][ T7650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 439.858169][ T7650] team0: Port device team_slave_0 added [ 439.879723][ T7650] team0: Port device team_slave_1 added [ 440.854102][ T7763] loop0: detected capacity change from 0 to 32768 [ 440.869782][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.888139][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.153975][ T7650] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.205528][ T7650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 442.325198][ T7650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 442.350875][ T7650] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 442.364140][ T7650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 442.411707][ T7650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.464835][ T7770] 9pnet_fd: Insufficient options for proto=fd [ 443.305714][ T4281] Bluetooth: hci1: command 0x0406 tx timeout [ 443.422894][ T7650] device hsr_slave_0 entered promiscuous mode [ 443.517042][ T7650] device hsr_slave_1 entered promiscuous mode [ 443.675560][ T4309] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 443.865850][ T4309] usb 6-1: Using ep0 maxpacket: 8 [ 443.873901][ T4309] usb 6-1: unable to get BOS descriptor or descriptor too short [ 443.890280][ T4309] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 443.979019][ T4309] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 444.017016][ T4309] usb 6-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 444.031553][ T4309] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.040118][ T4309] usb 6-1: Product: syz [ 444.044656][ T4309] usb 6-1: Manufacturer: syz [ 444.055873][ T4309] usb 6-1: SerialNumber: syz [ 444.070113][ T4309] usb 6-1: config 0 descriptor?? [ 444.472826][ T4309] snd-usb-audio: probe of 6-1:0.0 failed with error -2 [ 444.604274][ T7646] udevd[7646]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 444.727892][ T7795] input: syz1 as /devices/virtual/input/input19 [ 444.968369][ T7799] device bridge2 entered promiscuous mode [ 444.990767][ T7650] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 445.064314][ T7650] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 445.125331][ T7650] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 445.185545][ T7650] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 445.671286][ T7650] 8021q: adding VLAN 0 to HW filter on device bond0 [ 445.743487][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 445.763174][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 445.815997][ T7650] 8021q: adding VLAN 0 to HW filter on device team0 [ 445.903416][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 445.932142][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 446.020657][ T4411] bridge0: port 1(bridge_slave_0) entered blocking state [ 446.027871][ T4411] bridge0: port 1(bridge_slave_0) entered forwarding state [ 446.192790][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 446.249037][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 446.273155][ T27] audit: type=1326 audit(1770147081.490:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7823 comm="syz.4.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a8fd9aeb9 code=0x7ffc0000 [ 446.319692][ T4411] bridge0: port 2(bridge_slave_1) entered blocking state [ 446.326870][ T4411] bridge0: port 2(bridge_slave_1) entered forwarding state [ 446.380837][ T27] audit: type=1326 audit(1770147081.520:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7823 comm="syz.4.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a8fd9aeb9 code=0x7ffc0000 [ 446.412807][ T4309] usb 6-1: USB disconnect, device number 2 [ 446.441390][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 446.492074][ T27] audit: type=1326 audit(1770147081.530:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7823 comm="syz.4.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f1a8fd9aeb9 code=0x7ffc0000 [ 446.526953][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 446.566893][ T27] audit: type=1326 audit(1770147081.530:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7823 comm="syz.4.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a8fd9aeb9 code=0x7ffc0000 [ 446.597781][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 446.622153][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 446.650749][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 446.678705][ T27] audit: type=1326 audit(1770147081.530:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7823 comm="syz.4.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a8fd9aeb9 code=0x7ffc0000 [ 446.808694][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 446.832571][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 446.880249][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 447.479175][ T7650] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 447.502171][ T7650] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 447.603633][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 447.643621][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 447.684127][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 447.711083][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 447.743662][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 447.930164][ T7835] loop4: detected capacity change from 0 to 4096 [ 449.375438][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 449.402136][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 449.463883][ T7650] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 450.996819][ T7877] 9pnet_fd: Insufficient options for proto=fd [ 451.663964][ T7878] 9pnet_fd: Insufficient options for proto=fd [ 451.952507][ T7891] snd_dummy snd_dummy.0: control 0:0:8:syz0:0 is already present [ 452.167644][ T7566] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 452.307645][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 452.351937][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 452.795718][ T7566] usb 3-1: Using ep0 maxpacket: 8 [ 452.803132][ T7566] usb 3-1: unable to get BOS descriptor or descriptor too short [ 452.824883][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 452.946159][ T7566] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 452.974654][ T7566] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 453.004271][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 453.013976][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 453.022475][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 453.032662][ T7650] device veth0_vlan entered promiscuous mode [ 453.049350][ T7566] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 453.077395][ T7650] device veth1_vlan entered promiscuous mode [ 453.083605][ T7566] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.102446][ T7566] usb 3-1: Product: syz [ 453.113263][ T7566] usb 3-1: Manufacturer: syz [ 453.129589][ T7566] usb 3-1: SerialNumber: syz [ 453.136582][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 453.162962][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 453.175844][ T7566] usb 3-1: config 0 descriptor?? [ 453.184562][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 453.197675][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 453.234021][ T7566] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 453.244438][ T7650] device veth0_macvtap entered promiscuous mode [ 453.264830][ T7650] device veth1_macvtap entered promiscuous mode [ 453.342504][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 453.375796][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 454.018396][ T7659] udevd[7659]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 454.019101][ T7650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 454.199166][ T7650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.242317][ T7650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 454.309012][ T7650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.341463][ T7650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 454.352155][ T7650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.367440][ T7650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 454.713602][ T7925] 9pnet_fd: Insufficient options for proto=fd [ 454.816645][ T7650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.026856][ T7650] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 455.082873][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 455.177856][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 455.252124][ T7650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 455.276437][ T4309] usb 3-1: USB disconnect, device number 7 [ 455.291181][ T7650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.325570][ T7650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 455.354642][ T7650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.390527][ T7650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 455.431477][ T7650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.462123][ T7650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 455.489544][ T7650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.523842][ T7650] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 455.570324][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 455.586504][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 455.618292][ T7650] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.655590][ T7650] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.664364][ T7650] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.704241][ T7650] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.893424][ T4350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 455.924064][ T4350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 456.689462][ T4411] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 456.744554][ T5147] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 456.765454][ T4411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 457.065385][ T4411] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 457.768163][ T7964] capability: warning: `syz.6.828' uses deprecated v2 capabilities in a way that may be insecure [ 458.573341][ T7967] loop6: detected capacity change from 0 to 256 [ 458.835883][ T7971] loop2: detected capacity change from 0 to 4096 [ 459.848040][ T4273] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 459.868675][ T4273] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 461.908327][ T8011] device syzkaller0 entered promiscuous mode [ 462.214797][ T8020] 9pnet_fd: Insufficient options for proto=fd [ 465.448769][ T8041] loop0: detected capacity change from 0 to 16 [ 465.476236][ T8041] erofs: (device loop0): mounted with root inode @ nid 36. [ 465.487474][ T8041] syz.0.910: attempt to access beyond end of device [ 465.487474][ T8041] loop0: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 465.517779][ T8041] syz.0.910: attempt to access beyond end of device [ 465.517779][ T8041] loop0: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 465.533992][ T8041] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 465.547285][ T27] audit: type=1800 audit(1770147100.770:9): pid=8041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.910" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 466.515506][ T127] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 466.713009][ T127] usb 3-1: Using ep0 maxpacket: 8 [ 466.736997][ T127] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 466.827439][ T127] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 466.870187][ T127] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 466.899695][ T127] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 466.950329][ T127] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 467.025071][ T127] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.428171][ T8077] 9pnet_fd: Insufficient options for proto=fd [ 468.009957][ T127] usb 3-1: GET_CAPABILITIES returned 0 [ 468.015751][ T127] usbtmc 3-1:16.0: can't read capabilities [ 468.222415][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 468.244729][ T127] usb 3-1: USB disconnect, device number 8 [ 468.254333][ T8087] netlink: 12 bytes leftover after parsing attributes in process `syz.6.919'. [ 468.319213][ T8087] netlink: 4 bytes leftover after parsing attributes in process `syz.6.919'. [ 468.354091][ T8087] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.442378][ T8087] device bridge_slave_1 left promiscuous mode [ 468.450166][ T8087] bridge0: port 2(bridge_slave_1) entered disabled state [ 469.550618][ T8106] loop6: detected capacity change from 0 to 32768 [ 469.583267][ T8106] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by syz.6.923 (8106) [ 469.853265][ T8106] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 469.909453][ T8106] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 470.080204][ T8106] BTRFS info (device loop6): force clearing of disk cache [ 470.140770][ T8106] BTRFS info (device loop6): enabling auto defrag [ 470.227771][ T8106] BTRFS info (device loop6): enabling ssd optimizations [ 470.305917][ T8106] BTRFS info (device loop6): max_inline at 0 [ 470.345674][ T8106] BTRFS info (device loop6): enabling disk space caching [ 470.353197][ T8106] BTRFS info (device loop6): disk space caching is enabled [ 470.840691][ T8106] BTRFS info (device loop6): rebuilding free space tree [ 470.876910][ T8106] BTRFS info (device loop6): disabling free space tree [ 470.908412][ T8106] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 470.971787][ T8106] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 471.339957][ T7650] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 472.914114][ T8197] device bridge3 entered promiscuous mode [ 479.784610][ T8241] loop6: detected capacity change from 0 to 32768 [ 479.927847][ T8241] (syz.6.950,8241,0):ocfs2_parse_options:1446 ERROR: Unrecognized mount option "akl" or missing value [ 480.005593][ T8241] (syz.6.950,8241,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 480.995226][ T8281] device bridge1 entered promiscuous mode [ 487.507811][ T8338] loop2: detected capacity change from 0 to 1024 [ 487.515134][ T8338] ext4: Unknown parameter 'defcontext' [ 489.993694][ T8361] device bridge3 entered promiscuous mode [ 492.136889][ T8382] loop6: detected capacity change from 0 to 2048 [ 492.186495][ T8382] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 492.303820][ T8382] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 492.969756][ T8392] loop8: detected capacity change from 0 to 7 [ 492.993508][ T7646] Dev loop8: unable to read RDB block 7 [ 493.003091][ T7646] loop8: unable to read partition table [ 493.021891][ T7646] loop8: partition table beyond EOD, truncated [ 493.053405][ T8392] Dev loop8: unable to read RDB block 7 [ 493.085663][ T8392] loop8: unable to read partition table [ 493.132373][ T8392] loop8: partition table beyond EOD, truncated [ 493.149082][ T8392] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 494.210501][ T8411] snd_dummy snd_dummy.0: control 0:0:8:syz0:0 is already present [ 496.116607][ T8432] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 498.136117][ T8471] snd_dummy snd_dummy.0: control 0:0:8:syz0:0 is already present [ 498.569977][ T8477] loop5: detected capacity change from 0 to 256 [ 498.662967][ T8477] exfat: Deprecated parameter 'utf8' [ 498.757106][ T8477] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 500.988129][ T8497] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 501.396436][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.402818][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.658777][ T8505] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1001'. [ 502.642756][ T8512] loop8: detected capacity change from 0 to 8 [ 502.845206][ T8512] Dev loop8: unable to read RDB block 8 [ 502.865532][ T8512] loop8: unable to read partition table [ 503.610815][ T8512] loop8: partition table beyond EOD, truncated [ 504.089781][ T8512] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 505.781748][ T8546] loop6: detected capacity change from 0 to 40427 [ 506.326575][ T8546] F2FS-fs (loop6): invalid crc value [ 506.387073][ T8546] F2FS-fs (loop6): Found nat_bits in checkpoint [ 506.431186][ T8546] F2FS-fs (loop6): Start checkpoint disabled! [ 506.487518][ T8546] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 506.577928][ T8546] syz.6.1011: attempt to access beyond end of device [ 506.577928][ T8546] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 506.642746][ T8559] loop2: detected capacity change from 0 to 2048 [ 506.739903][ T8559] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 506.789820][ T8559] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 507.111332][ T4455] kworker/u4:12: attempt to access beyond end of device [ 507.111332][ T4455] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 508.809552][ T8574] loop5: detected capacity change from 0 to 16 [ 508.838687][ T8574] erofs: (device loop5): mounted with root inode @ nid 36. [ 508.847506][ T8574] syz.5.1018: attempt to access beyond end of device [ 508.847506][ T8574] loop5: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 508.864049][ T8574] syz.5.1018: attempt to access beyond end of device [ 508.864049][ T8574] loop5: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 508.877781][ T8574] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 508.891048][ T27] audit: type=1800 audit(1770147144.110:10): pid=8574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1018" name="file2" dev="loop5" ino=89 res=0 errno=0 [ 509.157618][ T8580] 9pnet_fd: Insufficient options for proto=fd [ 509.267987][ T8583] device vlan2 entered promiscuous mode [ 509.398948][ T8583] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1019'. [ 509.950746][ T8591] netlink: 212 bytes leftover after parsing attributes in process `syz.4.1023'. [ 510.422404][ T8604] loop4: detected capacity change from 0 to 40427 [ 510.462357][ T8610] input: syz1 as /devices/virtual/input/input20 [ 510.476672][ T8604] F2FS-fs (loop4): invalid crc value [ 510.486325][ T8604] F2FS-fs (loop4): Found nat_bits in checkpoint [ 510.513126][ T8604] F2FS-fs (loop4): Start checkpoint disabled! [ 510.675722][ T8604] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 511.471425][ T8604] syz.4.1026: attempt to access beyond end of device [ 511.471425][ T8604] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 511.511247][ T8623] MPTCP: kernel_bind error, err=-98 [ 512.064771][ T8629] loop2: detected capacity change from 0 to 16 [ 512.081051][ T8629] erofs: (device loop2): mounted with root inode @ nid 36. [ 512.089804][ T8629] syz.2.1031: attempt to access beyond end of device [ 512.089804][ T8629] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 512.105925][ T8629] syz.2.1031: attempt to access beyond end of device [ 512.105925][ T8629] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 512.119566][ T8629] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 512.144623][ T27] audit: type=1800 audit(1770147147.350:11): pid=8629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1031" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 512.381769][ T5147] kworker/u4:19: attempt to access beyond end of device [ 512.381769][ T5147] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 513.155093][ T8653] 9pnet_fd: Insufficient options for proto=fd [ 516.482705][ T8695] loop6: detected capacity change from 0 to 256 [ 516.686346][ T8695] exfat: Deprecated parameter 'utf8' [ 516.796661][ T8695] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 517.397374][ T8718] 9pnet_fd: Insufficient options for proto=fd [ 518.051540][ T8728] 9pnet_fd: Insufficient options for proto=fd [ 519.070390][ T8739] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 520.121052][ T8763] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 521.467249][ T8785] 9pnet_fd: Insufficient options for proto=fd [ 523.277091][ T8797] loop6: detected capacity change from 0 to 32768 [ 525.363542][ T8816] 9pnet_fd: Insufficient options for proto=fd [ 525.645987][ T4267] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 525.875593][ T4267] usb 7-1: Using ep0 maxpacket: 8 [ 525.924545][ T4267] usb 7-1: unable to get BOS descriptor or descriptor too short [ 526.023016][ T4267] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 526.095561][ T4267] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 526.160500][ T4267] usb 7-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 526.187431][ T4267] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.221094][ T4267] usb 7-1: Product: syz [ 526.225300][ T4267] usb 7-1: Manufacturer: syz [ 526.944323][ T4267] usb 7-1: SerialNumber: syz [ 526.964599][ T4267] usb 7-1: config 0 descriptor?? [ 527.137083][ T4267] snd-usb-audio: probe of 7-1:0.0 failed with error -2 [ 527.253341][ T7794] udevd[7794]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 527.620865][ T8834] loop4: detected capacity change from 0 to 32768 [ 527.646072][ T8834] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1078 (8834) [ 527.743034][ T8834] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 527.771134][ T8834] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 527.815055][ T8834] BTRFS info (device loop4): using free space tree [ 528.368637][ T8834] BTRFS info (device loop4): enabling ssd optimizations [ 528.395214][ T8864] 9pnet_fd: Insufficient options for proto=fd [ 528.403903][ T4346] usb 7-1: USB disconnect, device number 2 [ 528.882186][ T27] audit: type=1800 audit(1770147164.100:12): pid=8868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1078" name="file2" dev="loop4" ino=261 res=0 errno=0 [ 529.180722][ T4272] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 531.745141][ T8903] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 532.239742][ T8910] loop6: detected capacity change from 0 to 16 [ 532.252154][ T8910] erofs: (device loop6): mounted with root inode @ nid 36. [ 532.261224][ T8910] syz.6.1090: attempt to access beyond end of device [ 532.261224][ T8910] loop6: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 532.275867][ T8910] syz.6.1090: attempt to access beyond end of device [ 532.275867][ T8910] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 532.289474][ T8910] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 532.311190][ T27] audit: type=1800 audit(1770147167.520:13): pid=8910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1090" name="file2" dev="loop6" ino=89 res=0 errno=0 [ 533.706559][ T8935] loop5: detected capacity change from 0 to 40427 [ 533.806642][ T8935] F2FS-fs (loop5): invalid crc value [ 533.818755][ T8935] F2FS-fs (loop5): Found nat_bits in checkpoint [ 533.854351][ T8935] F2FS-fs (loop5): Start checkpoint disabled! [ 534.010772][ T8935] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 534.057173][ T8935] syz.5.1094: attempt to access beyond end of device [ 534.057173][ T8935] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 534.078993][ T8946] 9pnet_fd: Insufficient options for proto=fd [ 534.252061][ T9] kworker/u4:0: attempt to access beyond end of device [ 534.252061][ T9] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 535.861646][ T8975] loop5: detected capacity change from 0 to 256 [ 535.892923][ T8975] exfat: Deprecated parameter 'utf8' [ 535.913604][ T8975] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 537.230270][ T8992] loop5: detected capacity change from 0 to 40427 [ 538.314259][ T8992] F2FS-fs (loop5): invalid crc value [ 538.336666][ T8992] F2FS-fs (loop5): Found nat_bits in checkpoint [ 538.379480][ T8992] F2FS-fs (loop5): Start checkpoint disabled! [ 538.445922][ T8992] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 538.564582][ T9002] process 'syz.2.1109' launched '/dev/fd/6' with NULL argv: empty string added [ 538.926687][ T8992] syz.5.1107: attempt to access beyond end of device [ 538.926687][ T8992] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 539.453472][ T9009] 9pnet_fd: Insufficient options for proto=fd [ 539.663052][ T5147] kworker/u4:19: attempt to access beyond end of device [ 539.663052][ T5147] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 540.298689][ T9016] 9pnet_virtio: no channels available for device syz [ 540.386305][ T9016] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 540.891936][ T9016] overlayfs: failed to look up (tracing) for ino (-66) [ 543.229177][ T9036] loop5: detected capacity change from 0 to 16 [ 543.244053][ T9036] erofs: (device loop5): mounted with root inode @ nid 36. [ 543.252861][ T9036] syz.5.1119: attempt to access beyond end of device [ 543.252861][ T9036] loop5: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 543.288981][ T9036] syz.5.1119: attempt to access beyond end of device [ 543.288981][ T9036] loop5: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 543.302818][ T9036] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 543.314194][ T27] audit: type=1800 audit(1770147178.530:14): pid=9036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1119" name="file2" dev="loop5" ino=89 res=0 errno=0 [ 543.558641][ T9042] loop4: detected capacity change from 0 to 128 [ 544.466509][ T9042] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 544.520872][ T9042] ext4 filesystem being mounted at /220/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 544.960641][ T9058] 9pnet_fd: Insufficient options for proto=fd [ 545.652734][ T4272] EXT4-fs (loop4): unmounting filesystem. [ 546.249037][ T9069] loop4: detected capacity change from 0 to 2048 [ 546.763352][ T9069] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 546.835957][ T9074] 9pnet_fd: Insufficient options for proto=fd [ 547.449327][ T9069] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 547.861946][ T9079] 9pnet_fd: Insufficient options for proto=fd [ 552.356724][ T9111] 9pnet_fd: Insufficient options for proto=fd [ 552.514496][ T9115] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1139'. [ 552.998501][ T9123] 9pnet_fd: Insufficient options for proto=fd [ 553.193247][ T9126] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 555.056341][ T9141] loop2: detected capacity change from 0 to 16 [ 555.063357][ T4282] Bluetooth: hci3: command 0x0406 tx timeout [ 555.082856][ T9141] erofs: (device loop2): mounted with root inode @ nid 36. [ 555.093611][ T9141] syz.2.1146: attempt to access beyond end of device [ 555.093611][ T9141] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 555.108475][ T9141] syz.2.1146: attempt to access beyond end of device [ 555.108475][ T9141] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 555.122132][ T9141] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 555.136653][ T27] audit: type=1800 audit(1770147190.360:15): pid=9141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1146" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 555.600476][ T9147] loop4: detected capacity change from 0 to 2048 [ 555.623158][ T9147] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 555.726964][ T9147] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 556.062503][ T9154] 9pnet_fd: Insufficient options for proto=fd [ 556.814752][ T9162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1152'. [ 557.345003][ T9167] 9pnet_fd: Insufficient options for proto=fd [ 561.160583][ T9202] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1163'. [ 562.157589][ T9215] 9pnet_fd: Insufficient options for proto=fd [ 562.654679][ T9224] 9pnet_fd: Insufficient options for proto=fd [ 562.828200][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.834840][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.115520][ T22] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 563.585494][ T22] usb 3-1: Using ep0 maxpacket: 8 [ 563.592824][ T22] usb 3-1: unable to get BOS descriptor or descriptor too short [ 563.632343][ T22] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 563.695436][ T22] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 563.740206][ T22] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 563.765132][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.972565][ T22] usb 3-1: Product: syz [ 563.985113][ T22] usb 3-1: Manufacturer: syz [ 563.995466][ T22] usb 3-1: SerialNumber: syz [ 564.311723][ T22] usb 3-1: config 0 descriptor?? [ 564.579831][ T22] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 564.603232][ T7915] udevd[7915]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 565.098780][ T9254] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1177'. [ 565.255468][ T4309] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 565.442283][ T9260] 9pnet_fd: Insufficient options for proto=fd [ 566.154756][ T4324] usb 3-1: USB disconnect, device number 9 [ 566.245526][ T4309] usb 5-1: Using ep0 maxpacket: 8 [ 566.251977][ T4309] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 566.283879][ T4309] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 567.622209][ T4309] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 567.883491][ T4309] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 568.019813][ T9276] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 568.162063][ T4309] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 568.183879][ T4309] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.215122][ T4309] usb 5-1: can't set config #16, error -71 [ 568.239440][ T4309] usb 5-1: USB disconnect, device number 4 [ 569.204465][ T9295] loop6: detected capacity change from 0 to 32768 [ 571.314298][ T9313] 9pnet_fd: Insufficient options for proto=fd [ 575.645660][ T9336] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1201'. [ 576.600081][ T9348] 9pnet_fd: Insufficient options for proto=fd [ 577.068652][ T9350] input: syz1 as /devices/virtual/input/input21 [ 579.415120][ T9373] loop6: detected capacity change from 0 to 40427 [ 579.427244][ T9373] F2FS-fs (loop6): invalid crc value [ 579.437367][ T9373] F2FS-fs (loop6): Found nat_bits in checkpoint [ 579.470422][ T9373] F2FS-fs (loop6): Start checkpoint disabled! [ 579.547621][ T9373] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 580.386582][ T9373] syz.6.1210: attempt to access beyond end of device [ 580.386582][ T9373] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 580.647604][ T9390] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1214'. [ 581.126549][ T9] kworker/u4:0: attempt to access beyond end of device [ 581.126549][ T9] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 581.167051][ T9394] 9pnet_fd: Insufficient options for proto=fd [ 581.477281][ T9399] 9pnet_fd: Insufficient options for proto=fd [ 585.253689][ T9426] loop4: detected capacity change from 0 to 40427 [ 585.269766][ T9426] F2FS-fs (loop4): invalid crc value [ 585.280073][ T9426] F2FS-fs (loop4): Found nat_bits in checkpoint [ 585.302593][ T9426] F2FS-fs (loop4): Start checkpoint disabled! [ 585.361426][ T9426] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 585.396659][ T9426] syz.4.1226: attempt to access beyond end of device [ 585.396659][ T9426] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 585.771084][ T5058] kworker/u4:18: attempt to access beyond end of device [ 585.771084][ T5058] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 588.353972][ T9450] loop6: detected capacity change from 0 to 32768 [ 591.227281][ T9464] loop6: detected capacity change from 0 to 40427 [ 591.256271][ T9464] F2FS-fs (loop6): invalid crc value [ 591.267123][ T9464] F2FS-fs (loop6): Found nat_bits in checkpoint [ 591.308703][ T9464] F2FS-fs (loop6): Start checkpoint disabled! [ 591.324508][ T9464] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 591.425840][ T9464] syz.6.1239: attempt to access beyond end of device [ 591.425840][ T9464] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 591.634778][ T9472] 9pnet_fd: Insufficient options for proto=fd [ 592.013968][ T4455] kworker/u4:12: attempt to access beyond end of device [ 592.013968][ T4455] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 592.028835][ T9475] 9pnet_fd: Insufficient options for proto=fd [ 592.726583][ T9483] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 592.777063][ T9486] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1241'. [ 592.790615][ T9486] device bridge1 entered promiscuous mode [ 597.417981][ T9526] 9pnet_fd: Insufficient options for proto=fd [ 597.492862][ T9528] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 602.661873][ T9560] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 602.868260][ T9564] 9pnet_fd: Insufficient options for proto=fd [ 607.323080][ T9596] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1278'. [ 607.336976][ T9596] device bridge6 entered promiscuous mode [ 608.604310][ T9608] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 608.772053][ T9610] 9pnet_fd: Insufficient options for proto=fd [ 612.203768][ T9640] 9pnet_fd: Insufficient options for proto=fd [ 614.581990][ T9663] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 617.120549][ T9676] 9pnet_fd: Insufficient options for proto=fd [ 618.231141][ T9692] loop5: detected capacity change from 0 to 2048 [ 618.277204][ T9692] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 618.299512][ T9692] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 618.328341][ T9696] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1306'. [ 619.646334][ T9708] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 624.270278][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.276757][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.613729][ T9762] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 627.589301][ T9779] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1329'. [ 627.602746][ T9779] device bridge4 entered promiscuous mode [ 628.270023][ T9782] loop2: detected capacity change from 0 to 16 [ 628.294693][ T9782] erofs: (device loop2): mounted with root inode @ nid 36. [ 628.303895][ T9782] syz.2.1331: attempt to access beyond end of device [ 628.303895][ T9782] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 628.335866][ T9782] syz.2.1331: attempt to access beyond end of device [ 628.335866][ T9782] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 628.349590][ T9782] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 628.360896][ T27] audit: type=1800 audit(1770147263.580:16): pid=9782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1331" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 630.206757][ T9798] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1336'. [ 630.268903][ T9800] loop6: detected capacity change from 0 to 2048 [ 630.399929][ T9800] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 630.540418][ T9800] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 632.389709][ T9829] 9pnet_fd: Insufficient options for proto=fd [ 633.022727][ T9825] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1342'. [ 633.100666][ T9825] device bridge5 entered promiscuous mode [ 633.205430][ T7] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 634.055510][ T7] usb 7-1: Using ep0 maxpacket: 8 [ 634.062741][ T7] usb 7-1: unable to get BOS descriptor or descriptor too short [ 634.152884][ T7] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 634.279231][ T7] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 634.454625][ T7] usb 7-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 634.475641][ T7] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.483672][ T7] usb 7-1: Product: syz [ 634.499598][ T7] usb 7-1: Manufacturer: syz [ 634.504248][ T7] usb 7-1: SerialNumber: syz [ 634.585824][ T7] usb 7-1: config 0 descriptor?? [ 634.661929][ T7] snd-usb-audio: probe of 7-1:0.0 failed with error -2 [ 634.745985][ T7794] udevd[7794]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 636.294101][ T22] usb 7-1: USB disconnect, device number 3 [ 639.818212][ T9885] loop5: detected capacity change from 0 to 256 [ 639.927170][ T9885] exfat: Deprecated parameter 'utf8' [ 640.039065][ T9885] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 642.107291][ T9910] 9pnet_fd: Insufficient options for proto=fd [ 642.915828][ T4324] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 643.155475][ T4324] usb 6-1: Using ep0 maxpacket: 8 [ 643.167692][ T4324] usb 6-1: unable to get BOS descriptor or descriptor too short [ 643.766164][ T4324] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 643.815497][ T4324] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 643.844305][ T4324] usb 6-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 643.884324][ T4324] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.905488][ T4324] usb 6-1: Product: syz [ 643.909692][ T4324] usb 6-1: Manufacturer: syz [ 643.914299][ T4324] usb 6-1: SerialNumber: syz [ 644.041499][ T4324] usb 6-1: config 0 descriptor?? [ 644.740187][ T4324] snd-usb-audio: probe of 6-1:0.0 failed with error -2 [ 644.810329][ T7794] udevd[7794]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 645.376309][ T8892] usb 6-1: USB disconnect, device number 3 [ 647.822570][ T9952] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1371'. [ 647.834621][ T9952] device bridge2 entered promiscuous mode [ 647.968926][ T9954] loop5: detected capacity change from 0 to 256 [ 648.015814][ T9954] exfat: Deprecated parameter 'utf8' [ 648.390644][ T9954] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 651.300964][ T9985] 9pnet_fd: Insufficient options for proto=fd [ 652.345416][ T4267] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 652.535439][ T4267] usb 6-1: Using ep0 maxpacket: 8 [ 653.043500][ T4267] usb 6-1: unable to get BOS descriptor or descriptor too short [ 653.236835][ T4267] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 653.340287][ T4267] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 653.413386][ T4267] usb 6-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 653.453804][ T4267] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.483863][ T4267] usb 6-1: Product: syz [ 653.498886][ T9996] device bridge6 entered promiscuous mode [ 653.515581][ T4267] usb 6-1: Manufacturer: syz [ 653.543165][ T4267] usb 6-1: SerialNumber: syz [ 653.572969][ T4267] usb 6-1: config 0 descriptor?? [ 654.333364][ T4267] snd-usb-audio: probe of 6-1:0.0 failed with error -2 [ 654.546688][T10000] loop6: detected capacity change from 0 to 4096 [ 654.582999][ T7794] udevd[7794]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 655.412898][ T8892] usb 6-1: USB disconnect, device number 4 [ 656.833258][ T7650] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22. [ 656.865460][ T7650] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 657.204505][T10029] device bridge3 entered promiscuous mode [ 657.745229][T10034] loop4: detected capacity change from 0 to 16 [ 657.766096][T10034] erofs: (device loop4): mounted with root inode @ nid 36. [ 658.084513][T10039] loop5: detected capacity change from 0 to 256 [ 658.143373][T10039] exfat: Deprecated parameter 'utf8' [ 658.177804][T10039] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 661.447468][T10068] loop6: detected capacity change from 0 to 4096 [ 663.248841][ T7650] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22. [ 663.257219][ T7650] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 663.403135][T10082] device bridge2 entered promiscuous mode [ 667.284746][T10131] loop5: detected capacity change from 0 to 32768 [ 668.989580][T10137] device bridge4 entered promiscuous mode [ 670.699679][T10163] 9pnet_fd: Insufficient options for proto=fd [ 673.780797][T10197] 9pnet_fd: Insufficient options for proto=fd [ 674.485971][T10203] 9pnet_fd: Insufficient options for proto=fd [ 677.324859][T10242] 9pnet_fd: Insufficient options for proto=fd [ 678.487826][T10255] loop5: detected capacity change from 0 to 2048 [ 678.718780][T10255] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 678.732724][T10255] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 679.265732][T10268] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 681.381951][T10288] 9pnet_fd: Insufficient options for proto=fd [ 682.511256][T10292] loop5: detected capacity change from 0 to 40427 [ 682.533442][T10292] F2FS-fs (loop5): invalid crc value [ 682.567164][T10292] F2FS-fs (loop5): Found nat_bits in checkpoint [ 682.677128][T10292] F2FS-fs (loop5): Start checkpoint disabled! [ 683.278083][T10292] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 683.492645][T10304] syz.5.1476: attempt to access beyond end of device [ 683.492645][T10304] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 685.589666][ T5147] kworker/u4:19: attempt to access beyond end of device [ 685.589666][ T5147] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 685.717696][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.724342][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 689.402731][T10336] 9pnet_fd: Insufficient options for proto=fd [ 690.525951][T10339] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 696.305576][T10387] 9pnet_fd: Insufficient options for proto=fd [ 708.688914][T10498] 9pnet_fd: Insufficient options for proto=fd [ 711.235172][T10528] 9pnet_fd: Insufficient options for proto=fd [ 711.429403][T10530] 9pnet_fd: Insufficient options for proto=fd [ 716.275699][T10561] netlink: 'syz.2.1551': attribute type 7 has an invalid length. [ 716.288640][T10561] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 716.298096][T10561] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 716.306845][T10561] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 716.315560][T10561] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 716.556820][T10561] netlink: 'syz.2.1551': attribute type 7 has an invalid length. [ 720.388663][T10600] 9pnet_fd: Insufficient options for proto=fd [ 721.492712][ T4324] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 721.685353][ T4324] usb 6-1: Using ep0 maxpacket: 8 [ 721.696324][ T4324] usb 6-1: unable to get BOS descriptor or descriptor too short [ 721.733013][ T4324] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 721.779285][ T4324] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 721.860073][ T4324] usb 6-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 721.896527][ T4324] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 721.904552][ T4324] usb 6-1: Product: syz [ 721.952740][ T4324] usb 6-1: Manufacturer: syz [ 721.965742][ T4324] usb 6-1: SerialNumber: syz [ 722.006076][ T4324] usb 6-1: config 0 descriptor?? [ 722.478366][ T4324] snd-usb-audio: probe of 6-1:0.0 failed with error -2 [ 722.569128][T10612] 9pnet: Could not find request transport: fd0xffffffffffffffff0xffffffffffffffff [ 722.587776][T10616] udevd[10616]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 723.637767][ T8174] usb 6-1: USB disconnect, device number 5 [ 724.058010][T10633] loop6: detected capacity change from 0 to 8192 [ 726.162757][ T7650] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1) [ 726.254095][ T7650] FAT-fs (loop6): Filesystem has been set read-only [ 727.256763][T10659] 9pnet_fd: Insufficient options for proto=fd [ 731.172023][T10686] block device autoloading is deprecated and will be removed. [ 732.425793][ T4324] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 733.055552][ T4324] usb 7-1: Using ep0 maxpacket: 8 [ 733.078294][ T4324] usb 7-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 733.205535][ T4324] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.332565][ T4324] usb 7-1: Product: syz [ 733.406713][ T4324] usb 7-1: Manufacturer: syz [ 733.466963][ T4324] usb 7-1: SerialNumber: syz [ 733.578071][ T4324] usb 7-1: config 0 descriptor?? [ 733.691431][ T4324] radio-usb-si4713 7-1:0.0: Si4713 development board discovered: (10C4:8244) [ 734.831474][ T4324] radio-usb-si4713: probe of 7-1:0.0 failed with error -32 [ 734.847920][ T4324] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 734.976166][ T8172] usb 7-1: USB disconnect, device number 4 [ 735.005999][T10707] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1583'. [ 739.132439][T10739] loop5: detected capacity change from 0 to 2048 [ 739.176200][T10737] loop6: detected capacity change from 0 to 4096 [ 739.200843][T10739] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 739.213482][T10737] ext4: Bad value for 'mb_optimize_scan' [ 739.234117][T10739] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 740.886795][T10747] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1602'. [ 743.419701][T10793] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1616'. [ 747.486359][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.505224][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.874863][T10831] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1628'. [ 747.935853][T10831] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1628'. [ 750.515247][T10868] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1642'. [ 754.748144][T10908] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1654'. [ 755.259156][T10914] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1656'. [ 759.843865][T10952] loop6: detected capacity change from 0 to 256 [ 760.104745][T10954] Invalid ELF header magic: != ELF [ 760.195577][T10952] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 760.228879][ T27] audit: type=1326 audit(1770147395.450:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 760.319371][ T27] audit: type=1326 audit(1770147395.450:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 760.445404][ T27] audit: type=1326 audit(1770147395.450:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 760.490948][ T27] audit: type=1326 audit(1770147395.490:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 760.628694][ T27] audit: type=1326 audit(1770147395.490:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 760.881543][ T27] audit: type=1326 audit(1770147395.490:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 761.062735][ T27] audit: type=1326 audit(1770147395.490:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 761.294873][ T27] audit: type=1326 audit(1770147395.490:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 761.411507][ T27] audit: type=1326 audit(1770147395.490:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10955 comm="syz.5.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 761.885158][T10982] mmap: syz.2.1674 (10982) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 762.593148][T10991] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1679'. [ 762.789913][T10994] loop5: detected capacity change from 0 to 256 [ 762.818834][T10994] exfat: Deprecated parameter 'utf8' [ 762.863314][T10994] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 765.820934][T11028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1690'. [ 768.646332][T11059] xt_hashlimit: size too large, truncated to 1048576 [ 771.084565][ T27] audit: type=1326 audit(1770147406.300:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 771.120673][T11082] loop5: detected capacity change from 0 to 1024 [ 771.127339][ T27] audit: type=1326 audit(1770147406.330:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f81ebd9aeb9 code=0x7ffc0000 [ 771.161602][ T27] audit: type=1326 audit(1770147406.330:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f81ebd9ac22 code=0x7ffc0000 [ 771.184607][T11077] device lo entered promiscuous mode [ 771.204708][T11077] device tunl0 entered promiscuous mode [ 771.212095][ T27] audit: type=1326 audit(1770147406.330:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f81ebd5b78e code=0x7ffc0000 [ 771.236446][T11077] device gre0 entered promiscuous mode [ 771.243847][T11077] device gretap0 entered promiscuous mode [ 771.250986][T11077] device erspan0 entered promiscuous mode [ 771.258018][T11077] device ip_vti0 entered promiscuous mode [ 771.264632][T11077] device ip6_vti0 entered promiscuous mode [ 771.271488][T11077] device sit0 entered promiscuous mode [ 771.278437][T11077] device ip6tnl0 entered promiscuous mode [ 771.283215][T11082] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 771.285006][T11077] device ip6gre0 entered promiscuous mode [ 771.302548][T11077] device syz_tun entered promiscuous mode [ 771.309414][T11077] device ip6gretap0 entered promiscuous mode [ 771.317477][T11077] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.324589][T11077] bridge0: port 2(bridge_slave_1) entered listening state [ 771.331962][T11077] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.339125][T11077] bridge0: port 1(bridge_slave_0) entered listening state [ 771.347210][T11077] device bridge0 entered promiscuous mode [ 771.364165][ T27] audit: type=1326 audit(1770147406.340:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f81ebd9ace7 code=0x7ffc0000 [ 771.389413][ T27] audit: type=1326 audit(1770147406.340:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81ebd5b78e code=0x7ffc0000 [ 771.428324][ T27] audit: type=1326 audit(1770147406.340:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81ebd9ab4b code=0x7ffc0000 [ 771.459020][T11087] overlayfs: failed to clone upperpath [ 771.469073][ T6521] EXT4-fs (loop5): unmounting filesystem. [ 771.531520][ T27] audit: type=1326 audit(1770147406.370:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f81ebd5b78e code=0x7ffc0000 [ 771.644489][ T27] audit: type=1326 audit(1770147406.370:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f81ebd5b78e code=0x7ffc0000 [ 771.686322][ T27] audit: type=1326 audit(1770147406.380:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.5.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f81ebd99d97 code=0x7ffc0000 [ 771.717998][T11092] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1710'. [ 772.853945][T11115] loop5: detected capacity change from 0 to 64 [ 774.488601][T11126] tmpfs: Unknown parameter 'usrquota' [ 776.700821][T11132] overlayfs: missing 'lowerdir' [ 777.811854][T11154] loop5: detected capacity change from 0 to 256 [ 778.368693][T11154] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d) [ 778.637891][T11154] fuse: Bad value for 'fd' [ 779.431556][T11165] loop6: detected capacity change from 0 to 64 [ 781.096467][T11182] 9pnet_fd: Insufficient options for proto=fd [ 781.345472][T11172] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 781.915576][ T4267] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 781.976398][T11172] usb 6-1: Using ep0 maxpacket: 8 [ 781.983737][T11172] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 782.006458][T11172] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 782.039930][T11172] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 782.070807][T11172] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 782.135637][T11172] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 782.144718][T11172] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 782.235329][ T4267] usb 7-1: Using ep0 maxpacket: 8 [ 782.256689][ T4267] usb 7-1: unable to get BOS descriptor or descriptor too short [ 782.291168][ T4267] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 782.322624][ T4267] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 782.424662][ T4267] usb 7-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 782.545989][ T4267] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 782.897975][T11172] usb 6-1: GET_CAPABILITIES returned 0 [ 782.903526][T11172] usbtmc 6-1:16.0: can't read capabilities [ 783.298514][ T4267] usb 7-1: Product: syz [ 783.302744][ T4267] usb 7-1: Manufacturer: syz [ 783.307391][ T4267] usb 7-1: SerialNumber: syz [ 783.385553][T11172] usb 6-1: USB disconnect, device number 6 [ 783.427523][ T4267] usb 7-1: config 0 descriptor?? [ 783.473623][ T4267] snd-usb-audio: probe of 7-1:0.0 failed with error -2 [ 785.826910][T11172] usb 7-1: USB disconnect, device number 5 [ 786.303538][T11224] udevd[11224]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 786.468626][T11242] overlayfs: missing 'lowerdir' [ 786.828533][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 786.836866][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 788.900385][T11259] loop5: detected capacity change from 0 to 2048 [ 788.951854][T11259] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 789.012270][T11259] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 789.626932][T11268] 9pnet_fd: Insufficient options for proto=fd [ 790.313834][T11277] overlayfs: failed to clone upperpath [ 790.335349][ T7] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 790.535455][ T7] usb 6-1: Using ep0 maxpacket: 8 [ 790.547982][ T7] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 790.634754][ T7] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 790.785857][ T7] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 790.949151][ T7] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 791.098389][ T7] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 791.117091][ T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 791.352746][ T7] usb 6-1: GET_CAPABILITIES returned 0 [ 791.358556][ T7] usbtmc 6-1:16.0: can't read capabilities [ 792.045180][ C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 792.085526][ T4876] usb 6-1: USB disconnect, device number 7 [ 796.067728][T11325] loop5: detected capacity change from 0 to 16 [ 796.127283][T11325] erofs: (device loop5): mounted with root inode @ nid 36. [ 796.138595][T11325] syz.5.1778: attempt to access beyond end of device [ 796.138595][T11325] loop5: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 796.153956][T11325] syz.5.1778: attempt to access beyond end of device [ 796.153956][T11325] loop5: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 796.168578][T11325] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 796.180685][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 796.180698][ T27] audit: type=1800 audit(1770147431.400:45): pid=11325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1778" name="file2" dev="loop5" ino=89 res=0 errno=0 [ 797.035403][ T7] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 797.268040][ T7] usb 7-1: Using ep0 maxpacket: 8 [ 797.276597][ T7] usb 7-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 797.325296][ T7] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.345417][ T7] usb 7-1: Product: syz [ 797.349624][ T7] usb 7-1: Manufacturer: syz [ 797.354237][ T7] usb 7-1: SerialNumber: syz [ 797.389944][ T7] usb 7-1: config 0 descriptor?? [ 797.416893][ T7] radio-usb-si4713 7-1:0.0: Si4713 development board discovered: (10C4:8244) [ 797.608979][ T7] radio-usb-si4713: probe of 7-1:0.0 failed with error -71 [ 797.636061][ T7] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 797.665492][ T7] usb 7-1: USB disconnect, device number 6 [ 801.912828][T11390] netlink: 'syz.0.1795': attribute type 4 has an invalid length. [ 802.312620][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 802.319923][ C1] bridge0: topology change detected, propagating [ 802.327064][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 802.334283][ C1] bridge0: topology change detected, propagating [ 802.495156][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 806.233752][T11432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 806.294451][T11432] bond0: (slave rose0): Enslaving as an active interface with an up link [ 806.329727][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 807.717825][T11442] overlayfs: failed to clone lowerpath [ 807.753699][T11442] overlayfs: failed to clone lowerpath [ 808.589997][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.596404][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.304606][T11466] loop6: detected capacity change from 0 to 512 [ 809.415296][T11466] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 810.115715][T11466] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e12c, mo2=0002] [ 810.124339][T11466] System zones: 1-12 [ 810.143471][T11466] EXT4-fs (loop6): orphan cleanup on readonly fs [ 810.170120][T11466] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.1816: bg 0: block 361: padding at end of block bitmap is not set [ 810.199767][T11466] EXT4-fs (loop6): Remounting filesystem read-only [ 810.206452][T11466] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6181: Corrupt filesystem [ 810.241302][T11466] EXT4-fs (loop6): Remounting filesystem read-only [ 810.250509][T11466] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1816: invalid indirect mapped block 12 (level 1) [ 810.440316][T11466] EXT4-fs (loop6): Remounting filesystem read-only [ 810.517849][T11480] overlayfs: failed to clone upperpath [ 811.137009][T11466] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1816: invalid indirect mapped block 2 (level 2) [ 811.166004][T11466] EXT4-fs (loop6): Remounting filesystem read-only [ 811.195053][T11466] EXT4-fs (loop6): 1 truncate cleaned up [ 811.248680][T11466] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 812.397790][ T7650] EXT4-fs (loop6): unmounting filesystem. [ 813.776150][T11502] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 819.646233][T11546] (syz.6.1833,11546,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 825.941321][T11600] loop6: detected capacity change from 0 to 16 [ 825.948477][T11600] erofs: (device loop6): mounted with root inode @ nid 36. [ 825.969571][T11600] syz.6.1845: attempt to access beyond end of device [ 825.969571][T11600] loop6: rw=524288, sector=8, nr_sectors = 24 limit=16 [ 826.010819][T11600] syz.6.1845: attempt to access beyond end of device [ 826.010819][T11600] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 826.024635][T11600] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 826.037367][ T27] audit: type=1800 audit(2000000006.500:46): pid=11600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1845" name="file2" dev="loop6" ino=89 res=0 errno=0 [ 831.309735][T11656] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 831.321758][T11656] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 831.330436][T11656] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 831.819461][T11656] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 831.827231][T11656] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 831.835025][T11656] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 833.950823][T11656] Bluetooth: hci2: command 0x0409 tx timeout [ 834.183756][ T6779] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.709856][ T6779] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 834.984783][ T6779] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 835.951394][T11655] chnl_net:caif_netlink_parms(): no params data found [ 836.025794][T11656] Bluetooth: hci2: command 0x041b tx timeout [ 836.234969][ T8892] kernel write not supported for file bpf-prog (pid: 8892 comm: kworker/0:10) [ 836.317640][ T6779] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 837.197129][T11729] device geneve2 entered promiscuous mode [ 838.202323][T11656] Bluetooth: hci2: command 0x040f tx timeout [ 838.371134][T11655] bridge0: port 1(bridge_slave_0) entered blocking state [ 838.381341][T11655] bridge0: port 1(bridge_slave_0) entered disabled state [ 838.402059][T11655] device bridge_slave_0 entered promiscuous mode [ 838.533437][T11655] bridge0: port 2(bridge_slave_1) entered blocking state [ 838.550833][T11655] bridge0: port 2(bridge_slave_1) entered disabled state [ 838.571896][T11723] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1871'. [ 838.582229][T11655] device bridge_slave_1 entered promiscuous mode [ 839.557963][T11655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 839.630524][T11655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 840.184024][T11655] team0: Port device team_slave_0 added [ 840.239523][T11655] team0: Port device team_slave_1 added [ 840.437648][T11655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 840.458428][T11655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 840.525806][T11656] Bluetooth: hci2: command 0x0419 tx timeout [ 840.612362][T11655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 840.826787][T11655] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 840.834357][T11655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 841.226693][T11655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 842.818135][T11655] device hsr_slave_0 entered promiscuous mode [ 842.886679][T11655] device hsr_slave_1 entered promiscuous mode [ 842.925357][T11655] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 842.932957][T11655] Cannot create hsr debugfs directory [ 847.258995][T11655] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 848.207961][T11655] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 848.316429][T11655] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 848.659754][T11655] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 848.799352][ T6779] device hsr_slave_0 left promiscuous mode [ 848.822940][ T6779] device hsr_slave_1 left promiscuous mode [ 848.899047][ T6779] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 848.912227][ T6779] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 848.942909][ T6779] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 848.962585][ T6779] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 848.999349][ T6779] device bridge_slave_1 left promiscuous mode [ 849.015610][ T6779] bridge0: port 2(bridge_slave_1) entered disabled state [ 849.057426][ T6779] device bridge_slave_0 left promiscuous mode [ 849.068199][ T6779] bridge0: port 1(bridge_slave_0) entered disabled state [ 849.333058][ T6779] device veth1_macvtap left promiscuous mode [ 849.341527][ T6779] device veth0_macvtap left promiscuous mode [ 849.358804][ T6779] device veth1_vlan left promiscuous mode [ 850.098826][ T6779] device veth0_vlan left promiscuous mode [ 854.200247][ T6779] team0 (unregistering): Port device team_slave_1 removed [ 854.291163][ T6779] team0 (unregistering): Port device team_slave_0 removed [ 854.393715][ T6779] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 854.559162][ T6779] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 855.678463][ T6779] bond0 (unregistering): Released all slaves [ 856.450009][T11655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 856.497442][ T6331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 856.521459][ T6331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 856.538846][T11655] 8021q: adding VLAN 0 to HW filter on device team0 [ 856.664958][ T6331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 856.674366][ T6331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 857.396190][ T6331] bridge0: port 1(bridge_slave_0) entered blocking state [ 857.403323][ T6331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 857.561640][ T6331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 857.649397][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 857.668306][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 857.696944][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 857.704150][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 857.750181][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 857.780430][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 857.853209][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 857.913228][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 857.960625][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 857.994310][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 858.123867][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 858.176000][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 858.796067][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 859.074951][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 859.312462][T11655] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 859.770761][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 861.399040][T11959] syz.6.1920 (11959) used greatest stack depth: 18000 bytes left [ 862.143153][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 862.164073][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 862.192236][T11655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 864.751634][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 864.771382][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 864.868412][ T6779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 864.896644][ T6779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 864.916992][ T6779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 864.925136][ T6779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 864.940865][T11655] device veth0_vlan entered promiscuous mode [ 864.958187][T11655] device veth1_vlan entered promiscuous mode [ 864.993776][T11655] device veth0_macvtap entered promiscuous mode [ 865.012514][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 865.032031][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 865.056508][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 865.092244][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 865.122167][T11655] device veth1_macvtap entered promiscuous mode [ 865.153320][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 865.164313][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.199517][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 865.216732][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.227269][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 865.260317][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 865.975502][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 865.986438][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 866.000155][T11655] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 866.107612][T12028] netlink: 'syz.2.1935': attribute type 2 has an invalid length. [ 866.129572][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 866.150375][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 866.164221][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 866.178536][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 866.212838][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 866.233660][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 866.271835][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 866.309578][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 866.336324][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 866.367864][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 866.378294][T11655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 867.004295][T11655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 867.045154][T11655] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 867.075028][ T6779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 867.100864][ T6779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 867.113278][T11655] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.180004][T11655] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.228471][T11655] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.239631][T11655] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 868.755847][T10316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 868.792567][T10316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 868.834489][ T6779] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 868.851646][ T6779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 868.867815][ T6779] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 868.916284][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 870.065906][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.072276][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.337974][T12122] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1959'. [ 872.506399][T12130] ------------[ cut here ]------------ [ 872.512220][T12130] WARNING: CPU: 0 PID: 12130 at include/linux/fs.h:503 hugetlb_split+0x234/0x2a0 [ 872.521444][T12130] Modules linked in: [ 872.525474][T12130] CPU: 0 PID: 12130 Comm: syz.0.1962 Not tainted syzkaller #0 [ 872.532946][T12130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 872.543089][T12130] RIP: 0010:hugetlb_split+0x234/0x2a0 [ 872.548594][T12130] Code: b4 ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7d e8 48 a8 b4 ff 0f 0b e9 65 fe ff ff e8 3c a8 b4 ff <0f> 0b e9 2d ff ff ff 48 c7 c1 e4 f7 1f 8e 80 e1 07 80 c1 03 38 c1 [ 872.568351][T12130] RSP: 0018:ffffc90004a5f568 EFLAGS: 00010287 [ 872.574440][T12130] RAX: ffffffff81cdca34 RBX: 0000200000000000 RCX: 0000000000080000 [ 872.582570][T12130] RDX: ffffc900059a9000 RSI: 0000000000014b21 RDI: 0000000000014b22 [ 872.591176][T12130] RBP: 0000000000000000 R08: ffff8880785db56f R09: 1ffff1100f0bb6ad [ 872.599491][T12130] R10: dffffc0000000000 R11: ffffed100f0bb6ae R12: ffff8880571f8ec8 [ 872.607562][T12130] R13: dffffc0000000000 R14: ffff8880571f8e58 R15: ffff888026ec5338 [ 872.615576][T12130] FS: 00007f16f8b226c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 872.624614][T12130] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 872.631236][T12130] CR2: 000000110c3e5aa1 CR3: 000000007c071000 CR4: 00000000003506f0 [ 872.639264][T12130] Call Trace: [ 872.642566][T12130] [ 872.645561][T12130] __vma_adjust+0x4a3/0x1cd0 [ 872.650191][T12130] ? css_get+0x55/0x230 [ 872.654380][T12130] ? validate_mm+0x2e0/0x2e0 [ 872.659061][T12130] ? __lock_acquire+0x7d10/0x7d10 [ 872.664113][T12130] ? up_write+0x1bb/0x420 [ 872.668514][T12130] ? hugetlb_vm_op_open+0x23c/0x540 [ 872.673731][T12130] __split_vma+0x3a7/0x500 [ 872.678212][T12130] do_mas_align_munmap+0x397/0x12b0 [ 872.683454][T12130] ? do_mas_munmap+0x2b0/0x2b0 [ 872.688315][T12130] ? mtree_range_walk+0x672/0x7b0 [ 872.693373][T12130] ? mas_walk+0x15f/0x180 [ 872.697784][T12130] ? mas_find+0x1e8/0x230 [ 872.702142][T12130] do_mas_munmap+0x240/0x2b0 [ 872.706820][T12130] mmap_region+0x6e0/0x1ca0 [ 872.711357][T12130] ? pud_huge+0x40/0x40 [ 872.715570][T12130] ? file_mmap_ok+0x170/0x170 [ 872.720267][T12130] ? validate_mm+0x23f/0x2e0 [ 872.724856][T12130] ? cap_mmap_addr+0x165/0x2e0 [ 872.729709][T12130] ? file_mmap_ok+0x11c/0x170 [ 872.734415][T12130] do_mmap+0x964/0xfd0 [ 872.738549][T12130] ? mlock_future_check+0x100/0x100 [ 872.743769][T12130] ? ima_file_free+0x3e0/0x3e0 [ 872.748580][T12130] ? common_file_perm+0x171/0x1c0 [ 872.753643][T12130] vm_mmap_pgoff+0x1c1/0x2d0 [ 872.758342][T12130] ? account_locked_vm+0xe0/0xe0 [ 872.763316][T12130] ? hugetlbfs_get_inode+0x432/0x510 [ 872.768697][T12130] ? hugetlb_file_setup+0x415/0x610 [ 872.773927][T12130] ksys_mmap_pgoff+0x54b/0x6f0 [ 872.778767][T12130] do_syscall_64+0x4c/0xa0 [ 872.783226][T12130] ? clear_bhb_loop+0x60/0xb0 [ 872.787984][T12130] ? clear_bhb_loop+0x60/0xb0 [ 872.792680][T12130] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 872.798720][T12130] RIP: 0033:0x7f16f7b9aeb9 [ 872.803178][T12130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 872.822841][T12130] RSP: 002b:00007f16f8b22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 872.831302][T12130] RAX: ffffffffffffffda RBX: 00007f16f7e15fa0 RCX: 00007f16f7b9aeb9 [ 872.839321][T12130] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000200000 [ 872.847332][T12130] RBP: 00007f16f7c08c1f R08: ffffffffffffffff R09: 0000000000000000 [ 872.855351][T12130] R10: 000200000006c832 R11: 0000000000000246 R12: 0000000000000000 [ 872.863340][T12130] R13: 00007f16f7e16038 R14: 00007f16f7e15fa0 R15: 00007ffc731c9418 [ 872.871384][T12130] [ 872.874403][T12130] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 872.881675][T12130] CPU: 0 PID: 12130 Comm: syz.0.1962 Not tainted syzkaller #0 [ 872.889120][T12130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 872.899169][T12130] Call Trace: [ 872.902530][T12130] [ 872.905451][T12130] dump_stack_lvl+0x188/0x24e [ 872.910125][T12130] ? memcpy+0x3c/0x60 [ 872.914093][T12130] ? show_regs_print_info+0x12/0x12 [ 872.919291][T12130] ? load_image+0x400/0x400 [ 872.923806][T12130] panic+0x2e5/0x730 [ 872.927702][T12130] ? bpf_jit_dump+0xd0/0xd0 [ 872.932207][T12130] __warn+0x2f8/0x4f0 [ 872.936177][T12130] ? hugetlb_split+0x234/0x2a0 [ 872.940928][T12130] ? hugetlb_split+0x234/0x2a0 [ 872.945721][T12130] report_bug+0x2ba/0x4f0 [ 872.950041][T12130] ? hugetlb_split+0x234/0x2a0 [ 872.954793][T12130] handle_bug+0x3a/0x70 [ 872.958940][T12130] exc_invalid_op+0x16/0x40 [ 872.963450][T12130] asm_exc_invalid_op+0x16/0x20 [ 872.968287][T12130] RIP: 0010:hugetlb_split+0x234/0x2a0 [ 872.973645][T12130] Code: b4 ff 4c 89 f7 48 89 de 4c 89 fa 31 c9 5b 41 5c 41 5d 41 5e 41 5f 5d eb 7d e8 48 a8 b4 ff 0f 0b e9 65 fe ff ff e8 3c a8 b4 ff <0f> 0b e9 2d ff ff ff 48 c7 c1 e4 f7 1f 8e 80 e1 07 80 c1 03 38 c1 [ 872.993246][T12130] RSP: 0018:ffffc90004a5f568 EFLAGS: 00010287 [ 872.999307][T12130] RAX: ffffffff81cdca34 RBX: 0000200000000000 RCX: 0000000000080000 [ 873.007270][T12130] RDX: ffffc900059a9000 RSI: 0000000000014b21 RDI: 0000000000014b22 [ 873.015407][T12130] RBP: 0000000000000000 R08: ffff8880785db56f R09: 1ffff1100f0bb6ad [ 873.023366][T12130] R10: dffffc0000000000 R11: ffffed100f0bb6ae R12: ffff8880571f8ec8 [ 873.031323][T12130] R13: dffffc0000000000 R14: ffff8880571f8e58 R15: ffff888026ec5338 [ 873.039284][T12130] ? hugetlb_split+0x234/0x2a0 [ 873.044044][T12130] ? hugetlb_split+0x234/0x2a0 [ 873.048798][T12130] __vma_adjust+0x4a3/0x1cd0 [ 873.053380][T12130] ? css_get+0x55/0x230 [ 873.057522][T12130] ? validate_mm+0x2e0/0x2e0 [ 873.062094][T12130] ? __lock_acquire+0x7d10/0x7d10 [ 873.067105][T12130] ? up_write+0x1bb/0x420 [ 873.071425][T12130] ? hugetlb_vm_op_open+0x23c/0x540 [ 873.076618][T12130] __split_vma+0x3a7/0x500 [ 873.081026][T12130] do_mas_align_munmap+0x397/0x12b0 [ 873.086213][T12130] ? do_mas_munmap+0x2b0/0x2b0 [ 873.090970][T12130] ? mtree_range_walk+0x672/0x7b0 [ 873.095985][T12130] ? mas_walk+0x15f/0x180 [ 873.100303][T12130] ? mas_find+0x1e8/0x230 [ 873.104619][T12130] do_mas_munmap+0x240/0x2b0 [ 873.109201][T12130] mmap_region+0x6e0/0x1ca0 [ 873.113693][T12130] ? pud_huge+0x40/0x40 [ 873.117838][T12130] ? file_mmap_ok+0x170/0x170 [ 873.122496][T12130] ? validate_mm+0x23f/0x2e0 [ 873.127071][T12130] ? cap_mmap_addr+0x165/0x2e0 [ 873.131832][T12130] ? file_mmap_ok+0x11c/0x170 [ 873.136500][T12130] do_mmap+0x964/0xfd0 [ 873.140559][T12130] ? mlock_future_check+0x100/0x100 [ 873.145761][T12130] ? ima_file_free+0x3e0/0x3e0 [ 873.150523][T12130] ? common_file_perm+0x171/0x1c0 [ 873.155534][T12130] vm_mmap_pgoff+0x1c1/0x2d0 [ 873.160120][T12130] ? account_locked_vm+0xe0/0xe0 [ 873.165041][T12130] ? hugetlbfs_get_inode+0x432/0x510 [ 873.170315][T12130] ? hugetlb_file_setup+0x415/0x610 [ 873.175504][T12130] ksys_mmap_pgoff+0x54b/0x6f0 [ 873.180258][T12130] do_syscall_64+0x4c/0xa0 [ 873.184659][T12130] ? clear_bhb_loop+0x60/0xb0 [ 873.189319][T12130] ? clear_bhb_loop+0x60/0xb0 [ 873.193980][T12130] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 873.199867][T12130] RIP: 0033:0x7f16f7b9aeb9 [ 873.204284][T12130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 873.223885][T12130] RSP: 002b:00007f16f8b22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 873.232292][T12130] RAX: ffffffffffffffda RBX: 00007f16f7e15fa0 RCX: 00007f16f7b9aeb9 [ 873.240252][T12130] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000200000 [ 873.248234][T12130] RBP: 00007f16f7c08c1f R08: ffffffffffffffff R09: 0000000000000000 [ 873.256194][T12130] R10: 000200000006c832 R11: 0000000000000246 R12: 0000000000000000 [ 873.264152][T12130] R13: 00007f16f7e16038 R14: 00007f16f7e15fa0 R15: 00007ffc731c9418 [ 873.272120][T12130] [ 873.275540][T12130] Kernel Offset: disabled [ 873.280000][T12130] Rebooting in 86400 seconds..