last executing test programs: 7.163129283s ago: executing program 3 (id=1443): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0) r1 = socket(0x0, 0x0, 0x0) bind$inet(r1, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, 0x19, 0xa, 0x201}, 0x14}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x4}}, 0x9c}}, 0x0) recvmmsg(r0, &(0x7f000000c2c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 6.638275844s ago: executing program 3 (id=1449): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0xc04, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x100000}, 0x48) 5.895316331s ago: executing program 3 (id=1452): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x7fdf, 0x1}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000711221000000000095000000000000000842d6873aada8afa8bbff1b39bd9b5476967f0c9fb5793fb31816ba9188aafce5d922e6349b93f7cea6021bd547458a342f3ea33381e7c688faa78eec7fbf0bb25c21f3864a90469bef1c3e0a1f9f578cac1aa56eaca5ccf44a793de21f40cdfb21bcdaf792f93049e2fbe72412699c7e1ffa692a21e2a0576504aea34e7279d723b32a153cd46d9009a887079925f1e6a24355b59cd9870b389b9ba593ea7680bb37284d46ca4abac7281a81852e50ec6f0905040a478890f596041eb68066d1"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="80fd", @ANYRES64=r1], 0x9) 5.560081923s ago: executing program 3 (id=1458): r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f00000000c0)={0x4}) chdir(&(0x7f0000000140)='./file0\x00') r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0) fallocate(r1, 0x0, 0x0, 0x1001f0) syz_mount_image$iso9660(&(0x7f0000000580), &(0x7f0000000040)='./file0\x00', 0x21488b, &(0x7f0000000200)=ANY=[@ANYBLOB='map=acorn,sbsector=0x0000000000000000,uid=', @ANYRES32, @ANYBLOB="0000b18eb0ea96e8437d91edf772ce16e8f4545927e1936433740c5b1ea10b839e273fa468d364205a63adda5262cda8e690c1049c88d615fd8362cd464a35e122aeffc2000000000000000c1f09a8a7f572f5036561690a9ca3018a35bd7074bca343d909e720fdc2da8c998a8706232e5263a00000", @ANYRESOCT=r0, @ANYRES64=0x0, @ANYRES32=r1], 0x1, 0x65c, &(0x7f0000002280)="$eJzs3V1rG+n5x/HfyLKs+A/hT1uWEPJwJ+mCQ1NFkjcOIoV2OhrZs5U0YkZubSgs6cZeQuRsm6TQ+GTJSR9g+wb2bE+W0hdR6HHfRQ8LS3tW6MmUebJsS7LkRLF3t9+PiXVr5pq5r3tGmYuxpBkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABZTrNarVlqe93NLTOZ0wz8zgnz07Ut6nbauD2mqy+O9CtZ8T+Vy7qUTrr0neHsd+JfN3UlfXZF5fihrP3/e+f/H3y7WMiXPyGh16FImmGdpSxJY56/3H/ycDDYeTbnRL4CVJghaN3teqHvdex113ihbxpra9W7G63QtLySwu2w73aME7iFvh+YFee2qTUaq8atbPub3fWm3Xbzife/X69W18z7S9mWvft+JXQ2vHbb664nMfHsOOa++fTnaYhrd4zZfTzYWZ2WZBxUmyWoPi2oXq3Xa7V6vbZ2r3HvfrVaHJlQPUYjEXN/0eJrZn4Hb+ANFeL6/3dLaqusrja1JTP2x1FTgXx1JszP5PX/3bvuif0erv95lb80nH1ZSf2/lj67Nqn+T8jFyCQLjJtjTZj+ej/P9VL7eqKHGmigHT2bz3qvzy/Dt/uzLhUlT6F8eerI1rpcmWyKUUNrWlNVH2hDLYUyaslTW65CbStUX646yT4J5MpOWrEVOboto5oaamhVRq4q2pavTXW1rqZs/TuKol09Trb76gk5Kg+qzRJUPyFoUv3/xSdp1lPrvyXq/zdafvyaJQY4d1F2/n9K199ONgAAAAAA4G2wkr++W8l791clRWp5bbd63mkBAAAAAIA5St75vxI/LMatq7ImnP9HZ58bAAAAAACYDyv5jp0laTn5UL81/CbULB8CWDiDFAEAAAAAwBtK3v+/VpKi5Npr12Wd6vwfAAAAAAB8Dfz+0DX2i/k1dqP8bf2CpLC3ZP3ln0sKFq1Xva3vWnt2PMfey2JGPgHQb122LmYX6k0eSpKSZ457xbqaBmUXwbTSC/tKX+5Ou9a/FRxLoLSQ//liWgJrxeyZPtWNNOZG1u+j/YKSOWkvyy2v7VYcv/2gJtu+WOi7W/1fP338Gyk4GOfu48FO5cOPB4+SXF7Fk17txXl8ciSdwrRcXijbFlfHjviCWnmXf+h2lq2k32o+/gXZe4XDHc02/t/qZhpzczl9XN7P90Ay/nI8/lol2WXD0cej+uxPw9HXjo983I6YkEU5yeJWGnNr5Vb6kOeXZfG9BaleOb4PSvFLcLgt6oezmL4trH+NbIspWcTbYjXO4q/xioavhCNZrJ4ui5E9AgDnZXdYhZKLmI9eY/943X2do9z06v6jo728+CxKv3C4IBWz9yZO7KWs+Ii+kqxbJSUH1uLlg6Ps3o38iF7N6kpZE47o1TeobnFffx7eAylLe6Su/CeKoge1pN8/HvSbVtXP4wU+n9hv2K4vxCO8+2Lvl8kF8GMf7Xy087ReX12rvlet3qtrMRlG9kDtAQCMMf0eO1MjrPcOzqof/ePdtHWk4n3r4CMFFX2ojzXQI93JbyFwffxalw99DOHO6FlrHHtBOh5b052JZ3VJLU1jf7Zd+mEalPxeVL7I0Uo9XO/qW90HAACctZuNrDGhDs9S/+8k592SVi4fOu8+OGc/VsuP3yF4Us2tndk2AADgf40bfGkt939nBYHX+6DWaNTs/oZrAt/5iQm85rprvG7fDZwNu7vuml7g933Hb5teoCWv6YYm3Oz1/KBvWn5gen7obZmW13ZNduv30O3Y3b7nhL22a4eucfxu33b6pumFjult/rjthRtukCwc9lzHa3mO3ff8rgn9zcBxK8aErnso0Gu63b7X8uJm1/QCr2MH2+anfnuz45qmGzqB1+v76Qrzvrxuyw86yWorik59o0MAAL6Jnr/cf/JwMNh5NqmRnNFPiRk2SuNWmPfFO84AAHw1jFbpicpnkhAAAAAAAAAAAAAAAAAAAAAAABgx/St9p2wsjvuyoHQw5VcXZ1qPpXkndppG4fUX/9sJMRcOpuSb/3DMq3MYqdJGcf5rvnCar43OofGD3XSLToyJZ46dtXSwL4rz/+8QN55+MWFWFEXRyYsvHd2GpZMGeLRRlPSs9Aa74HyORwDOzn8DAAD//+I0QI0=") r2 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) fallocate(r2, 0x0, 0x0, 0x10000) 5.279588005s ago: executing program 4 (id=1460): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x7ff, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'lo\x00'}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r0, 0xe0, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000580)=[0x0, 0x0], 0x0, 0x78, &(0x7f0000000680)=[{}, {}], 0x10, 0x10, &(0x7f00000006c0), 0x0, 0x0, 0x15, 0x8, 0x8, &(0x7f0000000740)}}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) writev(r2, &(0x7f00000028c0)=[{&(0x7f0000000080)=' ', 0x1}, {&(0x7f00000008c0)="cda480c6d16296663526d8b96c373acefe16b5df668dd3e6641e956e346e5237d8647f2cb3328e957035c3b42bc4d582d38f082468c2da076d58e7e05c4e185eb1a4f476debbc74b7aa81ca772f31f5174d456b7338e7aa986756aa926eea22dc3541bd61d7c59bc0f709da42ab5345721f005fe152c191d23834ac9423892627dcdd5bdb6d4d0f85aa235c0fa515d19b0605937ff3f65ceaa8dd87c74ccf0678d62e4473f8ff6280c2759032bcc728ce971b6b845fce6b67f82360fbe839302f19c395ae006b899602ac5882ee07eb0bfd83fa031ef816677114df8dd5eabfc83981516e25a7f3efde3504a02b0e7bfded5edc0bd494e2dc5cbaaf49b1d511e5434cd9575c4cf677c107c7f113c1f39138d7a0859510caae0e82afd0229736933103be5a6bda2a929fa9b906f033246512ecd1579a6a82d8b655a48da6b14ca8bcba41e4230ce61e7097409a9007d7628569498785e10209e5b52199cb42d90dacde712b28a6e9149173c3617333c9fee764701dde6a96e3e4627a1f04c9609efe8752c16bca88d3a1a504cc86badc92e07c1b7147e75a39b0b2895b35d3e08867b6ba742110d4c42436b8464a97f7c8f680d5660a11df670e79f08cd99c8a64b44c230777e37c394156f1445f465118c0b18b01f7e6c502ab96bbdeb9f9c5b0f76023643d9edb9982724186b34ee7b8b6ff716bb3f512a41bbf9482dc1eb510747ee1736d4b484eba9bacdc40b7b9f07c0b031b57ef3bdbc94eb33f7a514eda3016d10274f0f65159c0c252720b72aab2b144ac015db232008011e236df4f8e787d52889d5d48c41ac24baf1e7e35f3640ac566305c39194f4d2bf3b173b4b1aa81d65fb0ec445467614be50d7832ba690ac4ea08670d2b0df8670a46a6a14036da3fb336c7b19a401fa5366c6cf6999f80cddeff0c315e521faad9be1c95f6e237d9f73dccaef4bb8b39a88d2aeb2dcdc339f35bcba94c1acec927307d643d1aa3f2ad3ba5e2c660e8ccabd02f1ea975143d75d919c5b47dedeb24dd757e2df61c8cf84ef76c7f3607a660e49b94cbc68ad0275a9a7974671a399e55c9c7cdd70b736a6b2685e529abf2414a04dd5c3bdff34131c8a330721b97950580d6c3b411b91376d1853e8821d19137556d4c5e2a19fffa8b687776295e983d31d3bc2c042f7a43f54d906705304ce0b2cd3ced5479271d7029a57eba1bfd74305389404d5211a326c40a11174e4fb5b504fd895b176b708b9a52d707417e7c440b63ce276530b423099cd4b70f574d7b1bb42d0821ca1dc99077eff4ad4bf7a915b343d164f0dbd51aa1e592aa4ad1857f1b602bcf6fe83fc684b9ed24f4fb5638980c3eee52aa44e04acfde304c5afa6c4ba18ac1c107d289d738eaf7d17530be1d20c7d5993051ed675972ba71dfba186e9a019dd4efa9212d21bf52dc44d513fc82810ef1483f5e9dab2f6084365d82be4eac717d8c3a9d845f2a38dbedd46991985ee77b24be01f497736fe6db66a997854f13a0fa4be420d533f08b9b0d1654bc818e578ec624fae9c7b001d724ea9aabad7fd36f66a969500b981c5ba5c341bbdec7d67265bed4411b866ca53e20df944358b9f0eef29d48c446b891048f45146a5d9c5c66dce4139969c389feeebe2502c3669e76550a2ce69946369d0994218f90bf17668dab4a3b93bbca3dac79be1937954d04fe69ff11966bbe964729ad368b705c2c843df5f5c2326d2e0091a2c118e6c9a76ffe3326e886f30c4aa325d13df888c96cd9f6de21643e6bca4d9dfe96d4a571a04f77044c688e65a0fa967408cba18eadecb86b67d0072002e1bfbc845accf17b796c744690f19a8a9d623159ad136f00fe7d2bc608fafc7deea5c5d4b094ea627fe282983d6c59849fa4123762a866bb2a287ba4e5272fc8ecef8cb8e8e2084a9c05235605dbaee2c1961f17daf9f54bd315424ce2113901ff21bf1009af25a630ffd8a09bed8bf1e4f14d66cf9b762d8abf1a657e1dfe50ed6f2e6a5817c4ee431d723197055dab1ab2448d176bec06cc0f6d3389f8f3d9e6e8aaa6ae2f411bfc55562917fc2db6fcc7102aeacc111f0f714d515c10c393c074c491fbfbe67f6b4547744e766881cec90801dd19c34434b5328e35f20ec077bb47ab5bc229415cce942a190d541f1e2f02ef72b9c02395e2214f2dedfd81012655e3e10b681357c9dd5053263fc80f20ae1f2e9fbd3c3b479cb0a19b6de63c1823f2517fad4639e964fd4b39b9099ea68b6f15127251bbf29cf467f784b82ea141e7271bc983ecd97b57e9ba3b2c5b6dee8df11830a5f5bb65b78c635e5d217e079c94058779aafd4e1e2ab68ada9a5e192a44c7b11a3db46fcf8bf28713873404fe510b7fa6f2ceafa5f07b24530d6efd75e92e4cbfd80acd8418bbffe856c82217fc7e154556d7a7899f3fcc4585c5b0712913ee255d17ebb2ce462d0d5b401fda2bd9ceae57d3b7f5f250a008a83ad250fe62c8da9304af1afe4d6526a6d19c6ea0437ecd712b5e78b4c30b92f1f74c06c2b25fc48b88625ff446b9cddd2766a83c87a82a22a7788d0dc425173e47b1c6301d9fa6195d9c0fbd7136d16ad04984d8d60fab7f623013a3bde6110c0d462c8b2aec873d180ad92ba6f406979d4d600486c2b1c8b04ef572dd988f5ea2aa0d88a5b9b63c48415b6f19cd2cec07f2395ae293aa026a0206a926fdebcf52c7a4b0030685e6c6c34719272469706032d9bf3f2a310cb04cad3bd58726c7997b77a6b7c6a9df7e6394cd204401329a17e667f168d8b4fb60d35fb7aec18e75d00d11e1c9e85a991489aac831cb7734d5ca204eba2f2525b887a05a4801fea8a6df65a1f7495d72393603f0b18d77d6952a68b3411bf8053636104be88fd8fb6ea3da8c5a4adcee6ee871b89cf28b9cadfa3613ce5c29d1b18a4c120da684fd5241644d96a79b6ff8c4adc157f59bf2d9bdc2269d0aeb50c1da862603059a72e216ae9c2a4460a1f06615b27e5dcc53a891fea46c4955c13213e67fc602259a7cb019c4ba5893fa0f6ce3605ea9a5a4869b18f0b9017019a8a4719ed1cc4d8a1710d9082edef1af1ab392171d2a03e35529146d49407f5bb40e80c220c3100bdf57ec3180e62399b4b494b09db5c809809283703ba3735ad65d4f084c9f7f1118090ea8976e941aa2fd36ae14c03f86127412a96b64e5a8b74f302592dc19806f2a81d158e7d384e5447a376dcf4603a6f7eae548ea080d2839b13843beec754c7e58b5631926b5994ef210344f480b135b21efc1a1127467fe183e0e22b84c1dc70e14392b6415948fc0691f68e6a4c77e1b22ebee7b4355fb254dda00206e43c8109b01200f8a6bb017eb4cb9e726e1826a1d69ab7fbf2aa53921457055185a7b544e78f7d1b821266a904da3398c32a937b1eedcf01c870d3118878ce1577ac6a8a896c25f1c296615b8704cac971efff6e8b39e4121c2ce61882829274a1fd05400e486587a24efb584c8c8505d6bd3eeaef359a6629f27823d3fec68621709483d2677fbc4a635670c3528a7615a72fb9242a9c8a6115c242499d423073ad277293f423ba8ffd076649f134c5c5a1e59ac0265a82022111a015e3568b17b4dafb18f28686b91f559f5498649045ba47fb18e18148798e906a0d1b2c52818353cebc82c4a36fe02c659f975579e063e05b8436e412c9d34da087b1e018d842d20126c4960b47969ebd6db51d6b598bc7b61a6f93545c08bfc007b25a545dabc0ec4583689de979c6dd613d10cf312908f229aa2c983326d487846d2908bdda6f6ce697a3cf8d124ce991e137fcb053ced45a3822310e6af8c28ce1acf8eadbd9c112d24403197d870efe5f48cdfec0e84c04a4a578a9e0b6f7b86fe62dd1d759899079743a5df7297e0d6d590ff0d2009f14ea681946927d448d872a2ce82337b2a714448e359b373314e9dc778205f3fc069beadefb770929737af1f1ba4465fda9235ff5cd4b6d1b7c7164ee9540ebdeb6502734ec8e0fd9694c897611d5a4d07202232c774cf871b710148d79c2aee9850adc501763e3859361305b6b8881f6ea016e33661176c47d7b111a8756f12790c645688ee2a922f85c7d72333e161ee8acdbede84c29c305fb330b890fc9bd0756abaf1ccbfca6bf8dc1d2aca20a4b84e0ec85e1302d667d12d776809f8c9e2bcd4cd92e3f672a8993e71c38325c7fe65a31c9ec10e9ad8d2a531a10117daf5cc9cd37ad6c0f9c6503b1ce74b405d0db81bf278b108abbd2ec07aa5865527876607a3caa3109b2f6dc83d0bb5b5d8a0c3adb2aafa8ed044957509c1be791c3eb8b2760ba1cb4bab6a75e7d75874502446b228d2df6cf56b5f980c8aff82e5433438a88e8466f401942f8865f29c4be46350c719742ffd22cf4c29f1d418fc9fa0e8c8542398f420ef940873aa13441dea8c56b4d1eca2d77c726f5fd5123421c4583715578b28ba8d40729cf62510919164dff88e382feba5decc22d7a3a2fff6af5547b79b636df314eb48edddd853fcbf91b9048309c3d1507a2358cfe8f8269f2b6592ed1b4175e2bb0b953a0b262c2d9936fcdfcd4e0a7ff40a700e977ee7aae8ed1acd0f060e87fb1c5d0fdc233c466b7b1744971d976d3e3f77ca72f7b0819f34e60980e28fbf5c584c7d2380f1a2f084ff71a9a932ed834248a2fb8c22f6bea95a86a79e5f54f3b77f4a9a495308e40de412ab21afe745d3e5ed349a6e9e4cc6ee3ed88c59c26519f0881bfcda77de88012c47cae7252e8595fc9d8a8ae4f520315878c5a5620abc255f336de3f9cc120796da42beb71c38c2e9e3bdcc987c0e257483da869b9e13a634ecc667c3a51bdc2932efd0cc29d6aba410859404a398d98bdec4a44d3fe98d14bac3123966da174ea6d47f4bec7773cc663901c1c117e73cec3fd6e71732ab783e890f09d59c7cff24f302979b306aa7a3079a82b677619eff5305d19337fbe1fd124c96897dbfb70d5ec93f408c08f8e0419de738382ae1a09fe9b487f8501c82b0f678dfa247bc61620007276641065fd065bf45e47b621a42d7b4a1167810a1612f4f858fa7e56f8a439105f4df5a4056d63673cadedde90b5cbcce811442fafca661070ddf89ebf74cd467fb7f280f81f48e4271989c4bb5932430d43b6e9d61284d9fffaf119d0e3abf33c935419dec2059f57ddd433234b8969e74bd130e2a6ff56b5b6b2aefe37283168d969b7810ff00523972c03ac71f69221c62e78873d65b2e27c8c6be9e00de3f13f279b45babda8d8a730b6f967887bf969ac7ea50b55886a3049a0458b24636ec44ef99f2d1462f3d1795b9b233753481558b39347c6a7b34bf918aa521d1f46aeb9ed1e3c191ee310923250073a4882e59e15cdd013f903cbb34a581e063d7e0b83914a95021de729f52fde744cb02bc905c3c8c0e0ef642c448b014b2dbcf21250f8f891c182ca05cb6eb6e023ead5304bb8d7cad41a18b0f75fb80688aec364b873aab7e45a5fd07507c7bb6a93cb46892b90134f50331e332458ea32666898736eac057e6e6ea8656bffc633e76b313df8af0f51467d9907874d22c0e6a7461e1ad7cc8bccc598a43a749a5d7ad1705b2885298cd985365ca9b11fc3dfec81900621368db8b6f70319c54001b8a646325e7984577ec85114d5e2e4d94b082707e75b6e93156bc1788748af", 0xfbe}], 0x2) r3 = socket$inet(0x2, 0x3, 0x8) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3f0, 0x1c0, 0xe138, 0x198, 0x1c0, 0x198, 0x358, 0x358, 0x358, 0x358, 0x358, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0005000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8b9fb6133db7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a7dbaae5592e8b15900000100", 0x8}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:system_cron_spool_t:s0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x450) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='mm_page_alloc\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000500)={'pim6reg0\x00', 0x232}) ioctl$TUNSETTXFILTER(r4, 0x400454d1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x28011, 0xffffffffffffffff, 0x0) 4.978485534s ago: executing program 1 (id=1463): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) ftruncate(r3, 0x8001) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_buf(r4, 0x0, 0x4, &(0x7f0000000040)="9f", 0x1) getsockopt$inet_opts(r4, 0x0, 0x4, 0x0, &(0x7f0000000240)) writev(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 4.936220592s ago: executing program 4 (id=1464): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) prctl$PR_PAC_RESET_KEYS(0x36, 0x0) 4.904838413s ago: executing program 2 (id=1465): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r0, &(0x7f0000001c40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000140)="dc", 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000000)=[@in], 0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, r2}, 0x10) 4.880299768s ago: executing program 4 (id=1466): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0) 4.568075978s ago: executing program 0 (id=1467): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_ECN={0x8}, @TCA_CODEL_TARGET={0x8}]}}]}, 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 4.375465105s ago: executing program 4 (id=1468): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x58, 0x2, 0x6, 0x301, 0x6c, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x58}}, 0x0) socket$igmp(0x2, 0x3, 0x2) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') lseek(r2, 0xd7, 0x0) syz_emit_ethernet(0x168, &(0x7f0000000800)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd687c6c9e01322ffdfc010000000000000000000000000000000000000000000000ffff7f000001211004083f680700ff020000000000000000000000000001ff010000000000000000000000000001fc020000000000000000000000000001fe880000000000000000000000000001fe80000000000000000000000000007ffc00000000000000000000000000000000000000000000000000ffffac1414aaff0100000000000000000000000000012b0006506500000033020000000000000401090502000801050000000000c20400000008000000002f0c04060640000000000000000000000000000000000000fc00000000000000000000000000000100000000000000000000ffff640101010000000000000000000000000000000100000000000000000000ffffe0000002fe8000000000000000000000000000aa16000649670000006d9b0068a4220c4a06619e191cabd29adf3a00"], 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r3, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800b00010067656e6576650000280002800000000000000000000000000000060005000000000008000b400000001f"], 0x58}}, 0x0) r7 = open_tree(r4, &(0x7f0000000240)='\x00', 0x89901) fchdir(r7) close(r7) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x6, 0x8001, 0x0, 0x400, 0x35ec, 0x1000, 0x6}, 0x1c) open$dir(&(0x7f0000000000)='./file0/../file0/file0\x00', 0x0, 0x0) r8 = getpid() r9 = syz_pidfd_open(r8, 0x0) r10 = pidfd_getfd(r9, r9, 0x0) setns(r10, 0x66020000) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000380)=[@fadd={0x58, 0x114, 0x6, {{}, &(0x7f0000001480), 0x0}}], 0x58}, 0x0) ioctl$AUTOFS_IOC_FAIL(r0, 0x80044941, 0x100000000000000) 3.721466752s ago: executing program 1 (id=1469): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000002c0)={0x0, 0x1, 0x0, 0x0, 0x0, 0x2081, 0x10000002}) 3.653928708s ago: executing program 1 (id=1470): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r3, 0x402, 0x25) close_range(r3, 0xffffffffffffffff, 0x2) sendmsg$nl_generic(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x20000084}, 0x24008000) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$video4linux(&(0x7f00000002c0), 0x3, 0x4000) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x240, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x1a8, 0xffffffff, 0xffffffff, 0x1a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'sit0\x00', {}, {}, 0x1}, 0x0, 0xc0, 0xf0, 0x0, {}, [@common=@ttl={{0x28}}, @common=@icmp={{0x28}, {0x0, "fe00"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'ipvlan1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) 3.480523036s ago: executing program 0 (id=1471): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0xd, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x80) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000d40)={r1}, 0xc) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3e, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f030278a8900100db901e0089e9aaa911d7c2290f2b86dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0x10048, 0x0, &(0x7f0000000540)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 3.479792535s ago: executing program 2 (id=1472): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0xd) r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0xffffffffffffffff, 0x12) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r7 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r7, &(0x7f0000000300), 0x10) listen(r7, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r8, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) close_range(r6, 0xffffffffffffffff, 0x0) 3.350621146s ago: executing program 4 (id=1473): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket(0x0, 0x2, 0x6) creat(0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001d00)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b70500000000e000720a23fe000000008500000012000000b70000000000000095000000000000004e6258941c823b7505608556ba4ababb42684e890d31ae450400373a0a5447a801b8c1c4f0c4bd97c6555e61345400f9bd42abeb9ade0105000000000000a21902ff07000094a2b51c21df74924f5436a6ed89b98f75e800230c49c90fe1336481f3b92a63336c36fcd745d61d7739c6554ca201000000bebbe8282f8b1e26407437a397bf8f50e87ed4d27adfd876bffc402887781979461c4363bc5c9b6202ea471428197ef88bc333fbcec0ea4334844d232279ae95a90fd41d528f58d305000000435883df6c10ce86188c92292b2d0226082960be682836bdff8b0971f2a5405e453228e7b1005bd73479358a90df3e481947de6453736aa572158af6ea63d6d418fbbd2bba050000001da000ef78df03000000d19913a5fb03c79dac2e489f68127892658115e7ffb588a71dffffff951b8535167ab8069a2c92a3aa18e22517000026637b4c34bf2d0aa304ed42bf70480e9e97203fd169411f37fddd1f7fbe16dbbc0f307bceb5064f388a0350c3dc928b0e638b1e2b2a9d25264233e5d45eb377f56b95241024dbe30f67191c2b56b70328d6d3215dfffe5d89af1d10599bd494d921d1fb2db99b6aba0fa978f41eb1d4c553e5a9326ed550c13f8dd36716a899a1e79234294707c5312b924d142c17b20bb80ee202222c03fa84ccc374e717f694018630366397266090a82343aedfbf7afe892390c2eb775b0d16073da2229958db05de7df6ab7600004000010000006d8081cb3bf251d906c00da0e23b50465f8394820be571e3592d0000c7ef10fdc462e7040e7074ec43aa461fc54401a76406db718d4efd6c1bd10ce1d087cf9bba461162555a95524c84df0952d32093082b7aa71304e0d2d9ec310d1b676b378a5879e47941de1a28c3a8f400000000000000000e032b7d2badd0bc6617a859b7ac273b6304555f664469cec152030f06cc0ca1765838eb5590264736fbccfc3a8f4e3b10daf6a275daf5db2dac7096fe8ac8876acaad043663b3b0fedb05e6d31408fa20140c9d2db1c59ac8a3ce28e489d67d87d3a107ccea3007f58f2c5017e8807107f79ac50cc1d4f546b4443d137eb706b71b1767a10cca7a7c82b76c96e874aff249f36329a6526b354b6e674b08f7ef492b804c4b08fb10de807d79fd782027318cd7632e22d2faa16209272b39b5ec8d239832ea02cc88e249a2e77753a58987547571fbc8de747faab724bebb6401412b496e078fcb6c78ab447e871b76a8b0506f49594aa1d610567e14d739a60ff3ce04d0d2e5681e787c7e1ad25467bb81f2f448128207fe07a83759ec30cf9e0a3fd3f2fcee97fe8d273f8e712a8a64eaf2d89a1fa44554357fcd7ab531ff7a41c27164fca430a62d015b477de61853f5ee2e25b00a63642ec32ece2ff3bb5883deb895f52a923b5c744d8dccdd6a09ded8b90f1eeda8e6e884a4f090edb6ab9fc8107846508d51f3735493d5860cf80200ce31b92eb3563d485b5a7d192092d7a9fd2bc67d305d1d4573aad5f6501d1cd27657ce17330402dacb78d72d776330711645eed7d4c292f4448733c0826c4eb950f3d40457f82d7f792d106518f6bde874aff9e2bea7d73f74bebeeacfc700"/1267], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x300f000, 0xb, 0x0, &(0x7f0000000080)="0069c2704ade28eddb0000", 0x0, 0x48b8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="3800000012002102000000000000000007000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x38}}, 0x0) lseek(r2, 0x7ff, 0x0) getdents64(r2, 0x0, 0x10) 3.29216564s ago: executing program 0 (id=1474): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000006900000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.642220395s ago: executing program 1 (id=1475): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f0000002240)=ANY=[@ANYRES16, @ANYRESOCT], 0x8) close(r2) socket$inet_udp(0x2, 0x2, 0x0) openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) dup(0xffffffffffffffff) r3 = socket(0x1, 0x2, 0x0) recvmsg$inet_nvme(r3, &(0x7f00000014c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0) r5 = eventfd(0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002e40)='/sys/kernel/address_bits', 0x0, 0x0) dup3(r5, r6, 0x0) read$FUSE(r6, &(0x7f0000000140)={0x2020}, 0x2020) close(r4) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x1c9c380}}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 2.577833297s ago: executing program 2 (id=1476): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) prctl$PR_PAC_RESET_KEYS(0x36, 0x0) 2.460237795s ago: executing program 0 (id=1477): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000080)) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0) 2.452684899s ago: executing program 2 (id=1478): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0) 2.393421099s ago: executing program 0 (id=1479): syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x82, &(0x7f0000001900)=ANY=[], 0xfd, 0x22e, &(0x7f0000000c00)="$eJzs2k+LW1UYwOH3dkZap0wT8R8tiAfd6ObSZOXCRQdpQQwo2ggqSG+dGw3JJENuGIhIOzu3fgTX4tKdIP0Cs/ETdOFuNrPsQrzSptiZEsFabNQ8zyYvnPzgXE4IZ3EP3/xmZ9Cr8l4xjVNZFuuXYj/uZNGMU7EWc/vx+o03br/0wUcfv7PV6Vx+P6UrW1db7ZTSuZd/+uSr71+5NT374Q/nfjwdB81PD4/avxy8cHD+8LerX/Sr1K/SaDxNRbo+Hk+L68MybferQZ7Se8OyqMrUH1Xl5MR6bzje3Z2lYrS9ubE7KasqFaNZGpSzNB2n6WSWis+L/ijleZ42N4LH0f3uTl3HUf3Utajr+ulv4+yt2LwdjcieSdmzl7Lnr2Uv7mfnj+q6seyt8o9w/qvN+a8257/ajl3qzkTsfL3X3evOP+frW73oxzDKuBiN+DXu/kzum89X3u5cvpjuaUbauXm/v7nXXTvZt6IRzcV9a96nk/3p2Djet6MRzy3u2wv7M/Haq8f6PBrx82cxjmFsx932QX+jldJb73Ye6i/c+x4AwP9Nnv6w8P6W53+2Pu8f4X740P1qPS6sL/fZiahmXw6K4bCcGP7qkP2Nai3+JZs3rM5QZ4+TL/ufiSfhwaEveycAAAAAAAAAAAA8iifxNuKynxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+G/4PQAA//9R0vDu") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_mount_image$fuse(0x0, &(0x7f0000000b00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 2.391588268s ago: executing program 3 (id=1480): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) ftruncate(r3, 0x8001) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_buf(r4, 0x0, 0x4, &(0x7f0000000040)="9f", 0x1) getsockopt$inet_opts(r4, 0x0, 0x4, 0x0, &(0x7f0000000240)) writev(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.341069711s ago: executing program 4 (id=1481): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x7fdf, 0x1}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000711221000000000095000000000000000842d6873aada8afa8bbff1b39bd9b5476967f0c9fb5793fb31816ba9188aafce5d922e6349b93f7cea6021bd547458a342f3ea33381e7c688faa78eec7fbf0bb25c21f3864a90469bef1c3e0a1f9f578cac1aa56eaca5ccf44a793de21f40cdfb21bcdaf792f93049e2fbe72412699c7e1ffa692a21e2a0576504aea34e7279d723b32a153cd46d9009a887079925f1e6a24355b59cd9870b389b9ba593ea7680bb37284d46ca4abac7281a81852e50ec6f0905040a478890f596041eb68066d1"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="80fd", @ANYRES64=r1], 0x9) 2.339237734s ago: executing program 2 (id=1482): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_ECN={0x8}, @TCA_CODEL_TARGET={0x8}]}}]}, 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 1.849874774s ago: executing program 0 (id=1484): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) read(r1, &(0x7f0000001600)=""/233, 0xe9) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x0, &(0x7f0000000040), 0x0, 0x4) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x0, &(0x7f0000000080), 0x0, 0x4) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa08, &(0x7f0000000180)={&(0x7f000063c000/0x4000)=nil, 0x4000}) 1.651878491s ago: executing program 1 (id=1485): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000b80)={0x3f, 0x0, 0x0}) ioctl$IOMMU_IOAS_COPY$syz(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x10000, 0x0, r1, 0x0, 0xffffffffffffffff}) 1.384165185s ago: executing program 1 (id=1486): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r3, 0x402, 0x25) close_range(r3, 0xffffffffffffffff, 0x2) sendmsg$nl_generic(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x20000084}, 0x24008000) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$video4linux(&(0x7f00000002c0), 0x3, 0x4000) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x240, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x1a8, 0xffffffff, 0xffffffff, 0x1a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'sit0\x00', {}, {}, 0x1}, 0x0, 0xc0, 0xf0, 0x0, {}, [@common=@ttl={{0x28}}, @common=@icmp={{0x28}, {0x0, "fe00"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'ipvlan1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) 1.360298567s ago: executing program 2 (id=1487): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 0s ago: executing program 3 (id=1488): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) prctl$PR_PAC_RESET_KEYS(0x36, 0x0) kernel console output (not intermixed with test programs): (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 280.361161][ T8009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.479749][ T8009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.622506][ T8274] loop0: detected capacity change from 0 to 1024 [ 280.798166][ T2853] bridge_slave_1: left allmulticast mode [ 280.807812][ T2853] bridge_slave_1: left promiscuous mode [ 280.819071][ T2853] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.841695][ T2853] bridge_slave_0: left allmulticast mode [ 280.852883][ T2853] bridge_slave_0: left promiscuous mode [ 280.857165][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.872466][ T2853] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.877777][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.895752][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.903287][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.915971][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.923449][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.935728][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.943291][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.951469][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.959316][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.969740][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.987437][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 280.995427][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.013636][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.021806][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.030074][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.043455][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.051773][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.060850][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.069125][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.076709][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.084655][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.093858][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.102286][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.111154][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.168910][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.177410][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.256713][ T29] audit: type=1326 audit(1721290494.778:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.807" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc048d75a99 code=0x0 [ 281.290717][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.298603][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.991546][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 281.999107][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.006647][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.014070][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.029866][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.037553][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.045007][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.056023][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.063567][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.071187][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.078776][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.086285][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.094096][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.104362][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 282.117089][ T5156] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 282.589885][ T2853] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.602447][ T2853] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.618290][ T2853] bond0 (unregistering): Released all slaves [ 282.635566][ T8278] netlink: 24 bytes leftover after parsing attributes in process `syz.2.806'. [ 282.858606][ T8304] netlink: 16 bytes leftover after parsing attributes in process `syz.0.812'. [ 282.988319][ T8310] loop0: detected capacity change from 0 to 128 [ 283.011202][ T8310] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 283.025206][ T8310] ext4 filesystem being mounted at /132/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 283.167039][ T8310] syz.0.815 (pid 8310) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 283.279932][ T5956] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 284.610683][ T54] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 284.625727][ T54] Bluetooth: hci3: Injecting HCI hardware error event [ 284.643942][ T5111] Bluetooth: hci3: hardware error 0x00 [ 285.148369][ T8009] hsr_slave_0: entered promiscuous mode [ 285.154784][ T8009] hsr_slave_1: entered promiscuous mode [ 285.177781][ T8009] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.192102][ T8009] Cannot create hsr debugfs directory [ 285.522801][ T8322] loop3: detected capacity change from 0 to 764 [ 285.548874][ T8322] iso9660: Bad value for 'mode' [ 285.828329][ T8340] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.822'. [ 285.988992][ T2853] hsr_slave_0: left promiscuous mode [ 286.005476][ T2853] hsr_slave_1: left promiscuous mode [ 286.020472][ T2853] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.049406][ T2853] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 286.066150][ T2853] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.073603][ T2853] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.137319][ T2853] veth1_macvtap: left promiscuous mode [ 286.143186][ T2853] veth0_macvtap: left promiscuous mode [ 286.153561][ T2853] veth1_vlan: left promiscuous mode [ 286.161443][ T2853] veth0_vlan: left promiscuous mode [ 286.759241][ T5111] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 287.036200][ T2853] team0 (unregistering): Port device team_slave_1 removed [ 287.091384][ T2853] team0 (unregistering): Port device team_slave_0 removed [ 287.584477][ T8344] netlink: 260 bytes leftover after parsing attributes in process `syz.3.824'. [ 288.386803][ T7952] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 288.650681][ T7952] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 288.664990][ T8367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.828'. [ 288.678066][ T5111] Bluetooth: hci2: command 0x0406 tx timeout [ 288.742754][ T7952] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 288.776080][ T29] audit: type=1326 audit(1721290502.358:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8366 comm="syz.2.828" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d77775a99 code=0x0 [ 288.893268][ T7952] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 289.012101][ T8378] netlink: 24 bytes leftover after parsing attributes in process `syz.3.832'. [ 289.368720][ T8384] netlink: 260 bytes leftover after parsing attributes in process `syz.0.834'. [ 289.679514][ T8390] loop2: detected capacity change from 0 to 8 [ 289.689506][ T8390] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 289.716604][ T8389] block nbd2: shutting down sockets [ 289.848355][ T8388] cramfs: bad data blocksize 4294966936 [ 289.855113][ T8388] cramfs: bad data blocksize 524460 [ 289.860577][ T8388] cramfs: bad data blocksize 4294966936 [ 289.986382][ T29] audit: type=1800 audit(1721290503.458:25): pid=8388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.833" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 290.394430][ T7952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.418770][ T7952] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.645167][ T927] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.652406][ T927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.569820][ T8009] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 291.587830][ T8009] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 291.693420][ T8415] loop2: detected capacity change from 0 to 512 [ 291.704314][ T8415] EXT4-fs: Ignoring removed nomblk_io_submit option [ 291.714792][ T8415] EXT4-fs: Ignoring removed oldalloc option [ 291.783774][ T8415] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.843: invalid indirect mapped block 11 (level 0) [ 291.804277][ T8415] EXT4-fs (loop2): Remounting filesystem read-only [ 291.864280][ T8415] EXT4-fs (loop2): 1 truncate cleaned up [ 291.884142][ T8415] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 292.000379][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.745207][ T927] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.752527][ T927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.763437][ T8009] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 293.778707][ T8009] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 294.040463][ T8430] loop2: detected capacity change from 0 to 1024 [ 294.076048][ T8433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.847'. [ 294.179206][ T8430] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 294.265140][ T8430] VFS: Lookup of 'file0' in ext4 loop2 would have caused loop [ 294.331065][ T8009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.427825][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.489645][ T8009] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.523010][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.530689][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 295.349312][ T8447] netlink: 'syz.2.851': attribute type 1 has an invalid length. [ 295.404698][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.411986][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.421657][ T8447] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.851'. [ 295.463542][ T8447] netlink: 'syz.2.851': attribute type 1 has an invalid length. [ 295.866605][ T7952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.174642][ T7952] veth0_vlan: entered promiscuous mode [ 296.297108][ T7952] veth1_vlan: entered promiscuous mode [ 296.432587][ T8482] loop3: detected capacity change from 0 to 512 [ 296.453710][ T7952] veth0_macvtap: entered promiscuous mode [ 296.484452][ T8482] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 296.503728][ T7952] veth1_macvtap: entered promiscuous mode [ 296.574627][ T8482] EXT4-fs (loop3): 1 orphan inode deleted [ 296.596010][ T8482] EXT4-fs (loop3): 1 truncate cleaned up [ 296.602591][ T8482] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.682162][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 296.724139][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 296.775573][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 296.803814][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 296.842465][ T8482] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 296.866970][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 296.888876][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 296.911398][ T8479] loop2: detected capacity change from 0 to 4096 [ 296.931670][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 296.942497][ T8482] EXT4-fs (loop3): Remounting filesystem read-only [ 296.962644][ T8482] EXT4-fs (loop3): error restoring inline_data for inode -- potential data loss! (inode 12, error -5) [ 296.976831][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 296.987120][ T8479] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 297.018010][ T7952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.093424][ T8009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 297.128910][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.176206][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.207119][ T8500] loop0: detected capacity change from 0 to 1024 [ 297.215792][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.256507][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.317527][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.343531][ T8500] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 297.371914][ T8479] ntfs3: loop2: failed to convert "c46c" to iso8859-14 [ 297.382076][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.392882][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.404398][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.427450][ T8500] VFS: Lookup of 'file0' in ext4 loop0 would have caused loop [ 297.530963][ T7952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 297.547778][ T7395] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.577553][ T7952] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.588939][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.599139][ T7952] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.635969][ T54] Bluetooth: hci4: command tx timeout [ 297.636376][ T7952] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.664776][ T7952] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.137034][ T8520] netlink: 'syz.0.862': attribute type 1 has an invalid length. [ 298.151935][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.180569][ T8520] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.862'. [ 298.196556][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.222892][ T8520] netlink: 'syz.0.862': attribute type 1 has an invalid length. [ 298.428976][ T2853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.449877][ T8009] veth0_vlan: entered promiscuous mode [ 298.489022][ T2853] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.533944][ T8009] veth1_vlan: entered promiscuous mode [ 298.712457][ T8009] veth0_macvtap: entered promiscuous mode [ 298.763387][ T8009] veth1_macvtap: entered promiscuous mode [ 298.861519][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.896017][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.925706][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.975728][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.021323][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.055793][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.089505][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.139031][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.165817][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 299.194250][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.217798][ T8009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 299.271954][ T8544] loop2: detected capacity change from 0 to 4096 [ 299.284899][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.335800][ T8544] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 299.351416][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.397069][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.441012][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.465795][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.510234][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.521662][ T8544] ntfs3: loop2: failed to convert "076c" to cp932 [ 299.528503][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.559391][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.585757][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 299.609840][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 299.645523][ T8009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 299.701872][ T8009] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.931574][ T8009] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.974236][ T8009] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.983230][ T8009] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.530930][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 300.991507][ T2802] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.041887][ T2802] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.212392][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.254176][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.532916][ T8607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.885'. [ 302.633173][ T29] audit: type=1326 audit(1721290516.198:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8606 comm="syz.0.885" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc048d75a99 code=0x0 [ 302.776153][ T46] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 302.985882][ T46] usb 5-1: Using ep0 maxpacket: 8 [ 302.986955][ T8628] netlink: 180 bytes leftover after parsing attributes in process `syz.2.891'. [ 303.004435][ T46] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 303.027141][ T8628] netlink: 'syz.2.891': attribute type 1 has an invalid length. [ 303.047549][ T46] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.059779][ T46] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 303.071546][ T46] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 303.087627][ T46] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 303.117928][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 303.148418][ T46] usb 5-1: SerialNumber: syz [ 303.180820][ T46] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 303.200797][ T46] usb-storage 5-1:1.0: USB Mass Storage device detected [ 303.233349][ T46] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 303.362844][ T8645] netlink: 40 bytes leftover after parsing attributes in process `syz.2.895'. [ 303.514703][ T8649] loop1: detected capacity change from 0 to 16 [ 303.531076][ T8649] cramfs: Unknown parameter '/dev/input/mice' [ 304.152627][ T8649] loop1: detected capacity change from 0 to 4096 [ 304.278233][ T8667] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 304.384913][ T8603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.423985][ T8603] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.625894][ T8680] netlink: 180 bytes leftover after parsing attributes in process `syz.0.904'. [ 304.637743][ T8680] netlink: 'syz.0.904': attribute type 1 has an invalid length. [ 304.852403][ T5158] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 304.865990][ T8686] netlink: 'syz.0.907': attribute type 1 has an invalid length. [ 304.889336][ T8686] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.907'. [ 304.929250][ T8686] netlink: 'syz.0.907': attribute type 1 has an invalid length. [ 305.065976][ T5158] usb 4-1: Using ep0 maxpacket: 16 [ 305.117284][ T5158] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 305.162068][ T5158] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.211625][ T5158] usb 4-1: Product: syz [ 305.221021][ T5158] usb 4-1: Manufacturer: syz [ 305.238263][ T5158] usb 4-1: SerialNumber: syz [ 305.287771][ T5158] usb 4-1: config 0 descriptor?? [ 305.932875][ T5158] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 306.423863][ T8706] loop1: detected capacity change from 0 to 2048 [ 306.466718][ T5158] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 306.500859][ T5158] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 306.534866][ T8712] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 306.545763][ T5158] usb 4-1: media controller created [ 306.645009][ T5158] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 306.818649][ T5158] zl10353_read_register: readreg error (reg=127, ret==0) [ 306.866160][ T5158] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 307.103059][ T5158] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 307.132215][ T5158] usb 4-1: USB disconnect, device number 3 [ 307.155851][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 307.402712][ T8732] loop2: detected capacity change from 0 to 8 [ 307.412769][ T8732] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 307.520808][ T8732] cramfs: bad data blocksize 4294966936 [ 307.526701][ T8732] cramfs: bad data blocksize 524460 [ 307.532070][ T8732] cramfs: bad data blocksize 4294966936 [ 307.640127][ T54] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 307.649471][ T54] Bluetooth: hci1: Injecting HCI hardware error event [ 307.661593][ T54] Bluetooth: hci1: hardware error 0x00 [ 307.676865][ T29] audit: type=1800 audit(2000000002.530:27): pid=8732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.916" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 307.944728][ T5158] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 307.969124][ T8731] block nbd2: shutting down sockets [ 308.193082][ T8733] input: syz1 as /devices/virtual/input/input25 [ 308.260752][ T8736] netlink: 180 bytes leftover after parsing attributes in process `syz.3.917'. [ 308.322533][ T8736] netlink: 'syz.3.917': attribute type 1 has an invalid length. [ 308.417987][ T8741] loop2: detected capacity change from 0 to 512 [ 308.460871][ T8741] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #12: comm syz.2.919: corrupted in-inode xattr: invalid ea_ino [ 308.474677][ T8741] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.919: couldn't read orphan inode 12 (err -117) [ 308.644200][ T29] audit: type=1326 audit(2000000003.630:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8717 comm="syz.0.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc048d75a99 code=0x7fc00000 [ 308.701629][ T8741] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 309.021150][ T8759] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.919: Directory hole found for htree leaf block 0 [ 310.629875][ T54] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 310.787430][ T5110] usb 5-1: USB disconnect, device number 6 [ 311.042715][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 311.319403][ T8769] loop3: detected capacity change from 0 to 1024 [ 311.747999][ T8769] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 311.759070][ T8769] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 311.768958][ T8769] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32907!=20869) [ 311.779067][ T8769] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 311.789608][ T8769] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 312.138683][ T8774] Bluetooth: MGMT ver 1.23 [ 312.469850][ T25] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 312.546943][ T8792] loop2: detected capacity change from 0 to 164 [ 312.574478][ T8792] iso9660: Unknown parameter 'moje' [ 312.632864][ T8786] loop1: detected capacity change from 0 to 4096 [ 312.643302][ T8795] netlink: 40 bytes leftover after parsing attributes in process `syz.0.933'. [ 312.711334][ T8786] ntfs3: Unknown parameter '0x0000000000000000017777777777777777777770xffffffffffffffff0xffffffffffffffff' [ 312.932659][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 313.100274][ T8799] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '#! [ 313.100274][ T8799] cct.usage_percpu_sys' [ 313.195628][ T25] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 313.350114][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.439813][ T25] usb 4-1: Product: syz [ 313.617936][ T25] usb 4-1: Manufacturer: syz [ 313.630585][ T25] usb 4-1: SerialNumber: syz [ 313.688628][ T25] usb 4-1: config 0 descriptor?? [ 313.736611][ T8800] input: syz0 as /devices/virtual/input/input26 [ 314.200900][ T8808] random: crng reseeded on system resumption [ 315.078865][ T25] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 315.103555][ T25] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 315.116432][ T25] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 315.135809][ T25] usb 4-1: media controller created [ 315.183256][ T8814] loop0: detected capacity change from 0 to 256 [ 315.484480][ T8814] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 315.890537][ T5110] kernel write not supported for file /dsp (pid: 5110 comm: kworker/0:3) [ 316.007698][ T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 316.072636][ T25] zl10353_read_register: readreg error (reg=127, ret==0) [ 316.082444][ T25] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 316.116311][ T25] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 316.161453][ T25] usb 4-1: USB disconnect, device number 4 [ 316.388783][ T25] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 316.794242][ T8827] loop0: detected capacity change from 0 to 1024 [ 316.827435][ T8827] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 316.838661][ T8827] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 316.848506][ T8827] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32907!=20869) [ 316.861072][ T8827] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 316.871279][ T8827] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 317.326240][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.332767][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.601591][ T8837] loop3: detected capacity change from 0 to 1024 [ 317.707680][ T8837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 317.739315][ T8842] binder: 8839:8842 ioctl c018620c 20000200 returned -22 [ 317.773214][ T8844] netlink: 596 bytes leftover after parsing attributes in process `syz.2.948'. [ 317.947107][ T25] kernel write not supported for file /dsp (pid: 25 comm: kworker/1:0) [ 318.069630][ T8850] loop4: detected capacity change from 0 to 64 [ 318.364782][ T8837] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 318.426234][ T8837] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 318.472933][ T8850] loop4: detected capacity change from 0 to 4096 [ 318.497547][ T8837] EXT4-fs (loop3): This should not happen!! Data will be lost [ 318.497547][ T8837] [ 318.513949][ T8850] ntfs3: Unknown parameter 'iochars;\W|set' [ 318.524894][ T8837] EXT4-fs (loop3): Total free blocks count 0 [ 318.545557][ T8837] EXT4-fs (loop3): Free/Dirty block details [ 318.614358][ T8821] loop1: detected capacity change from 0 to 40427 [ 318.622566][ T8837] EXT4-fs (loop3): free_blocks=68451041280 [ 318.632378][ T8850] syz.4.951[8850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 318.632520][ T8850] syz.4.951[8850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 318.655502][ T8821] F2FS-fs (loop1): Fix alignment : done, start(4096) end(16896) block(12288) [ 318.661459][ T8837] EXT4-fs (loop3): dirty_blocks=16 [ 318.699973][ T8821] F2FS-fs (loop1): heap/no_heap options were deprecated [ 318.712052][ T8831] loop0: detected capacity change from 0 to 32768 [ 318.720889][ T8821] F2FS-fs (loop1): invalid crc value [ 318.728998][ T8837] EXT4-fs (loop3): Block reservation details [ 318.743022][ T8821] F2FS-fs (loop1): invalid crc value [ 318.753426][ T8850] hub 6-0:1.0: USB hub found [ 318.759482][ T8821] F2FS-fs (loop1): Failed to get valid F2FS checkpoint [ 318.769941][ T5110] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 318.788295][ T8850] hub 6-0:1.0: 1 port detected [ 318.830227][ T8831] XFS (loop0): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 318.856720][ T8837] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 318.930940][ T8865] loop1: detected capacity change from 0 to 256 [ 318.972025][ T8831] XFS (loop0): Ending clean mount [ 318.998217][ T5110] usb 3-1: Using ep0 maxpacket: 8 [ 319.026208][ T5110] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 319.068148][ T5110] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 319.104939][ T8865] FAT-fs (loop1): Directory bread(block 64) failed [ 319.122086][ T5110] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 319.145318][ T8865] FAT-fs (loop1): Directory bread(block 65) failed [ 319.154512][ T8868] loop4: detected capacity change from 0 to 4096 [ 319.161859][ T5110] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 319.185372][ T8865] FAT-fs (loop1): Directory bread(block 66) failed [ 319.203164][ T8865] FAT-fs (loop1): Directory bread(block 67) failed [ 319.215385][ T5110] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 319.224876][ T8868] NILFS (loop4): invalid segment: Checksum error in segment payload [ 319.243272][ T8865] FAT-fs (loop1): Directory bread(block 68) failed [ 319.246946][ T8868] NILFS (loop4): trying rollback from an earlier position [ 319.261228][ T5110] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 319.285128][ T5956] XFS (loop0): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 319.295582][ T8865] FAT-fs (loop1): Directory bread(block 69) failed [ 319.302319][ T5110] usb 3-1: SerialNumber: syz [ 319.308479][ T8865] FAT-fs (loop1): Directory bread(block 70) failed [ 319.315056][ T8865] FAT-fs (loop1): Directory bread(block 71) failed [ 319.324247][ T8868] NILFS (loop4): recovery complete [ 319.333755][ T5110] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 319.367585][ T5110] usb-storage 3-1:1.0: USB Mass Storage device detected [ 319.375219][ T8865] FAT-fs (loop1): Directory bread(block 72) failed [ 319.386139][ T8865] FAT-fs (loop1): Directory bread(block 73) failed [ 319.392886][ T8870] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 319.407967][ T5110] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 319.438385][ T7395] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.503284][ T8865] syz.1.954: attempt to access beyond end of device [ 319.503284][ T8865] loop1: rw=524288, sector=1160, nr_sectors = 4 limit=256 [ 319.517814][ T8865] syz.1.954: attempt to access beyond end of device [ 319.517814][ T8865] loop1: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 319.555678][ T29] audit: type=1800 audit(2000000010.480:29): pid=8865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.954" name="file0" dev="loop1" ino=1048640 res=0 errno=0 [ 319.602950][ T8872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.603417][ T8872] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.871523][ T8878] binder: 8877:8878 ioctl c018620c 20000200 returned -22 [ 320.000670][ T35] kworker/u8:2: attempt to access beyond end of device [ 320.000670][ T35] loop1: rw=1, sector=1224, nr_sectors = 32 limit=256 [ 320.014133][ T8881] netlink: 596 bytes leftover after parsing attributes in process `syz.4.960'. [ 320.048573][ T35] kworker/u8:2: attempt to access beyond end of device [ 320.048573][ T35] loop1: rw=1, sector=1352, nr_sectors = 96 limit=256 [ 320.262773][ T8891] loop3: detected capacity change from 0 to 64 [ 320.344886][ T8888] evm: overlay not supported [ 320.438244][ T8888] syz.1.962[8888] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 320.438421][ T8888] syz.1.962[8888] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 320.584808][ T8891] loop3: detected capacity change from 0 to 4096 [ 320.638998][ T8891] ntfs3: Unknown parameter 'iochars;\W|set' [ 320.758908][ T8891] syz.3.965[8891] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 320.759071][ T8891] syz.3.965[8891] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 320.869283][ T8891] hub 6-0:1.0: USB hub found [ 320.916044][ T5110] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 320.938825][ T8891] hub 6-0:1.0: 1 port detected [ 320.939515][ T8904] binder: 8903:8904 ioctl c018620c 20000200 returned -22 [ 321.020461][ T8900] loop1: detected capacity change from 0 to 8192 [ 321.103310][ T25] usb 3-1: USB disconnect, device number 6 [ 321.116611][ T5110] usb 1-1: Using ep0 maxpacket: 16 [ 321.132437][ T5110] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 321.165348][ T5110] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 321.184244][ T8909] input: syz1 as /devices/virtual/input/input27 [ 321.203471][ T5110] usb 1-1: config 0 has no interface number 0 [ 321.257646][ T5110] usb 1-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 321.308329][ T8913] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.973'. [ 321.341447][ T5110] usb 1-1: New USB device found, idVendor=046d, idProduct=c291, bcdDevice=e2.9b [ 321.376317][ T5110] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.385544][ T5110] usb 1-1: Product: syz [ 321.411604][ T5110] usb 1-1: Manufacturer: syz [ 321.432603][ T5110] usb 1-1: SerialNumber: syz [ 321.456496][ T5110] usb 1-1: config 0 descriptor?? [ 321.507778][ T8917] loop3: detected capacity change from 0 to 2048 [ 321.586123][ T8920] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 322.235121][ T8928] xt_NFQUEUE: number of total queues is 0 [ 322.939715][ T8899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.022518][ T8899] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.219180][ T8937] netem: unknown loss type 0 [ 323.246287][ T8937] netem: change failed [ 323.267807][ T46] usb 1-1: USB disconnect, device number 9 [ 323.289388][ T8939] loop3: detected capacity change from 0 to 64 [ 323.407224][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 323.606855][ T8939] loop3: detected capacity change from 0 to 4096 [ 323.637461][ T8939] ntfs3: Unknown parameter 'iochars;\W|set' [ 323.707101][ T8949] netlink: 596 bytes leftover after parsing attributes in process `syz.4.987'. [ 323.805348][ T8939] syz.3.983[8939] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.805625][ T8939] syz.3.983[8939] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.909412][ T8939] hub 6-0:1.0: USB hub found [ 323.951288][ T8939] hub 6-0:1.0: 1 port detected [ 323.954212][ T8956] loop1: detected capacity change from 0 to 164 [ 323.988245][ T8956] iso9660: Unknown parameter 'moje' [ 324.476522][ T8967] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '#! [ 324.476522][ T8967] cct.usage_percpu_sys' [ 324.590759][ C0] eth0: bad gso: type: 1, size: 1408 [ 324.996313][ T8969] netem: unknown loss type 0 [ 325.044029][ T8969] netem: change failed [ 325.288887][ T46] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 325.479444][ T8979] random: crng reseeded on system resumption [ 326.095867][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 326.123341][ T46] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 326.141596][ T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 326.188280][ T46] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.235932][ T46] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 326.261077][ T8981] syz.3.999[8981] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 326.261251][ T8981] syz.3.999[8981] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 326.273491][ T46] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 326.331042][ T46] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 326.348036][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 326.360859][ T46] usb 1-1: SerialNumber: syz [ 326.380244][ T46] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 326.380689][ T46] usb-storage 1-1:1.0: USB Mass Storage device detected [ 326.409371][ T46] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 326.418415][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 326.500705][ T25] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 326.526994][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.545917][ T25] usb 3-1: Product: syz [ 326.560450][ T25] usb 3-1: Manufacturer: syz [ 326.565121][ T25] usb 3-1: SerialNumber: syz [ 326.613307][ T25] usb 3-1: config 0 descriptor?? [ 326.630165][ T25] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 326.650921][ T8995] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 326.660434][ T8995] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 326.669285][ T8995] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 326.678082][ T8995] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 326.888856][ T8998] netlink: 'syz.3.1005': attribute type 29 has an invalid length. [ 326.927254][ T5187] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 326.958719][ T8998] netlink: 'syz.3.1005': attribute type 29 has an invalid length. [ 326.979889][ T8999] input: syz0 as /devices/virtual/input/input28 [ 327.141615][ T8965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 327.156176][ T5187] usb 2-1: Using ep0 maxpacket: 16 [ 327.194307][ T5187] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 327.223704][ T5187] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.233161][ T9003] netlink: 12 bytes leftover after parsing attributes in process `syz.2.998'. [ 327.246286][ T8965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 327.262903][ T5187] usb 2-1: Product: syz [ 327.273217][ T5187] usb 2-1: Manufacturer: syz [ 327.283653][ T5187] usb 2-1: SerialNumber: syz [ 327.326152][ T5187] usb 2-1: config 0 descriptor?? [ 327.627045][ T9004] loop3: detected capacity change from 0 to 4096 [ 327.682972][ T9004] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 327.804617][ T5187] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 327.854864][ T5187] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 327.897591][ T5187] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 327.920868][ T5187] usb 2-1: media controller created [ 328.011356][ T29] audit: type=1800 audit(2000000018.950:30): pid=9004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1006" name="bus" dev="loop3" ino=33 res=0 errno=0 [ 328.038534][ T5187] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 328.107776][ T29] audit: type=1800 audit(2000000018.950:31): pid=9007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1006" name="bus" dev="loop3" ino=33 res=0 errno=0 [ 328.157199][ T5187] zl10353_read_register: readreg error (reg=127, ret==0) [ 328.192360][ T5187] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 328.250512][ T5187] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 328.334026][ T5187] usb 2-1: USB disconnect, device number 7 [ 328.489656][ T9011] netem: unknown loss type 0 [ 328.533544][ T9011] netem: change failed [ 328.587498][ T9013] dlm: Unknown command passed to DLM device : 0 [ 328.587498][ T9013] [ 328.606692][ T5187] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 328.757207][ T25] gp8psk: usb in 128 operation failed. [ 328.764242][ T25] gp8psk: usb in 137 operation failed. [ 328.781375][ T25] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver error while loading driver (-22) [ 328.834598][ T25] dvb_usb_gp8psk 3-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 328.898926][ T25] usb 3-1: USB disconnect, device number 7 [ 328.922852][ T9015] loop4: detected capacity change from 0 to 764 [ 329.052442][ T9015] Symlink component flag not implemented [ 329.059204][ T5187] usb 1-1: USB disconnect, device number 10 [ 329.082666][ T9015] Symlink component flag not implemented (129) [ 329.252670][ T9025] loop1: detected capacity change from 0 to 1024 [ 329.308140][ T9025] ext4: Unknown parameter 'nouser_xattr' [ 329.701174][ T9032] loop1: detected capacity change from 0 to 256 [ 330.353261][ T9031] netlink: 'syz.4.1016': attribute type 29 has an invalid length. [ 330.451272][ T9034] netlink: 'syz.4.1016': attribute type 29 has an invalid length. [ 332.905823][ T5156] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 333.150724][ T9042] loop4: detected capacity change from 0 to 4096 [ 333.212194][ T9042] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 333.255964][ T5156] usb 4-1: Using ep0 maxpacket: 16 [ 333.275979][ T5156] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 333.285081][ T5156] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.305928][ T5156] usb 4-1: Product: syz [ 333.310457][ T5156] usb 4-1: Manufacturer: syz [ 333.315101][ T5156] usb 4-1: SerialNumber: syz [ 333.339415][ T5156] usb 4-1: config 0 descriptor?? [ 333.392443][ T9055] loop2: detected capacity change from 0 to 4096 [ 333.475200][ T29] audit: type=1800 audit(2000000024.410:32): pid=9042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1019" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 333.564704][ T29] audit: type=1800 audit(2000000024.440:33): pid=9042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1019" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 333.585020][ C0] vkms_vblank_simulate: vblank timer overrun [ 333.627166][ T9055] ntfs3: loop2: ino=21, The size of extended attributes must not exceed 64KiB [ 334.022410][ T5156] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 334.037045][ T5156] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 334.051361][ T5156] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 334.060587][ T5156] usb 4-1: media controller created [ 334.094667][ T5156] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 334.115812][ T5110] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 334.154092][ T9064] random: crng reseeded on system resumption [ 334.842352][ T5156] zl10353_read_register: readreg error (reg=127, ret==0) [ 334.876305][ T5156] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 334.905986][ T5156] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 334.942633][ T5156] usb 4-1: USB disconnect, device number 5 [ 335.035813][ T5110] usb 1-1: Using ep0 maxpacket: 8 [ 335.047625][ T5110] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 335.059444][ T5156] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 335.086596][ T5110] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 335.134811][ T5110] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 335.166155][ T5110] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 335.198884][ T5110] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 335.215767][ T5110] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 335.223856][ T5110] usb 1-1: SerialNumber: syz [ 335.259486][ T5110] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 335.308772][ T5110] usb-storage 1-1:1.0: USB Mass Storage device detected [ 335.341101][ T5110] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 335.572378][ T9075] syz.1.1030[9075] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 335.572547][ T9075] syz.1.1030[9075] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 335.873811][ T9063] loop2: detected capacity change from 0 to 32768 [ 335.941054][ T9063] XFS: attr2 mount option is deprecated. [ 336.061456][ T9087] loop3: detected capacity change from 0 to 4096 [ 336.068961][ T9060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 336.095754][ T9087] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 336.114150][ T9086] loop4: detected capacity change from 0 to 4096 [ 336.122541][ T9086] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 336.131973][ T9063] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 336.151608][ T9060] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 336.365094][ T9087] ntfs3: loop3: failed to convert "c46c" to iso8859-14 [ 336.400781][ T29] audit: type=1800 audit(2000000027.340:34): pid=9086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1036" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 336.485184][ T29] audit: type=1800 audit(2000000027.340:35): pid=9098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1036" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 336.645592][ T9063] XFS (loop2): Ending clean mount [ 336.719678][ T9063] XFS (loop2): Quotacheck needed: Please wait. [ 336.826740][ T9063] XFS (loop2): Quotacheck: Done. [ 337.280490][ T7584] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 337.393843][ T9108] loop3: detected capacity change from 0 to 164 [ 337.421229][ T9108] iso9660: Bad value for 'mode' [ 337.557662][ T9112] loop3: detected capacity change from 0 to 1024 [ 337.615808][ T9112] hfsplus: request for non-existent node 3 in B*Tree [ 337.647359][ T9112] hfsplus: request for non-existent node 3 in B*Tree [ 337.842873][ T9101] loop1: detected capacity change from 0 to 40427 [ 337.862184][ T9101] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 337.879544][ T9101] F2FS-fs (loop1): heap/no_heap options were deprecated [ 338.253422][ T5187] usb 1-1: USB disconnect, device number 11 [ 338.976393][ T9137] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1042'. [ 338.989129][ T9119] loop4: detected capacity change from 0 to 32768 [ 339.013955][ T9119] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section [ 339.013955][ T9119] clean (size 2912): [ 339.013955][ T9119] flags: 0 [ 339.013955][ T9119] journal_seq: 8 [ 339.013955][ T9119] prio_ptrs: [ 339.013955][ T9119] usage: type=key_version v=0 [ 339.013955][ T9119] usage: type=reserved v=0 [ 339.013955][ T9119] usage: type=reserved v=0 [ 339.013955][ T9119] usage: type=reserved v=0 [ 339.013955][ T9119] usage: type=reserved v=0 [ 339.013955][ T9119] data_usage: btree: 1/1 [0]=2816 [ 339.013955][ T9119] data_usage: journal: 1/1 [0]=0 [ 339.013955][ T9119] data_usage: user: 1/1 [0]=32 [ 339.013955][ T9119] dev_usage: dev=0 [ 339.013955][ T9119] free: buckets=83 sectors=0 fragmented=0 [ 339.013955][ T9119] sb: buckets=25 sectors=6152 fragmented=248 [ 339.013955][ T9119] journal: buckets=8 sectors=2048 fragmented=0 [ 339.013955][ T9119] btree: buckets=11 sectors=2816 fragmented=0 [ 339.013955][ T9119] user: buckets=1 sectors=32 fragmented=224 [ 339.013955][ T9119] cached: buckets=0 sectors=0 fragmented=0 [ 339.013955][ T9119] parity: buckets=0 sectors=0 fragmented=0 [ 339.013955][ T9119] stripe: buckets=0 sectors=0 fragmented=0 [ 339.013955][ T9119] need_gc_gens: buckets=0 sectors=0 fragmented=0 [ 339.013955][ T9119] need_discard: buckets=0 sectors=0 fragmented=0 [ 339.013955][ T9119] clock: read=0 [ 339.013955][ T9119] clock: write=1288 [ 339.013955][ T9119] btree_root: btree=extents l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 w [ 339.014239][ T9119] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean [ 339.785806][ T5149] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 339.801073][ T9130] loop3: detected capacity change from 0 to 32768 [ 339.816539][ T9130] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1051 (9130) [ 339.846905][ T9130] BTRFS info (device loop3): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 339.860653][ T9130] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 339.881011][ T9152] loop2: detected capacity change from 0 to 512 [ 339.892784][ T9130] BTRFS info (device loop3): using free-space-tree [ 339.933219][ T9152] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 339.985852][ T5149] usb 1-1: Using ep0 maxpacket: 8 [ 339.991898][ T9152] nullb0: [POWERTEC] p1 p2 p3 p4 [ 340.012725][ T5149] usb 1-1: New USB device found, idVendor=07c4, idProduct=a109, bcdDevice= f.59 [ 340.024199][ T9152] nullb0: p1 start 1986356271 is beyond EOD, truncated [ 340.031682][ T5149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.063355][ T5149] usb 1-1: Product: syz [ 340.080422][ T5149] usb 1-1: Manufacturer: syz [ 340.089842][ T5149] usb 1-1: SerialNumber: syz [ 340.109890][ T5149] usb 1-1: config 0 descriptor?? [ 340.111478][ T9152] nullb0: p2 start 1068017860 is beyond EOD, [ 340.127201][ T5149] ums-datafab 1-1:0.0: USB Mass Storage device detected [ 340.143069][ T9152] truncated [ 340.163369][ T9152] nullb0: p3 start 2952576660 is beyond EOD, truncated [ 340.216033][ T29] audit: type=1800 audit(2000000031.150:36): pid=9130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1051" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 340.336320][ T5149] ums-sddr55 1-1:0.0: USB Mass Storage device detected [ 340.446912][ T9148] loop1: detected capacity change from 0 to 32768 [ 340.490654][ T9148] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1058 (9148) [ 340.530908][ T5149] usb 1-1: USB disconnect, device number 12 [ 340.547725][ T7395] BTRFS info (device loop3): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 340.571082][ T9148] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 340.617957][ T9148] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 340.666682][ T9148] BTRFS info (device loop1): using free-space-tree [ 340.811747][ T9181] loop2: detected capacity change from 0 to 4096 [ 342.154357][ T9224] loop3: detected capacity change from 0 to 512 [ 342.214754][ T9224] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 342.336362][ T9224] nullb0: [POWERTEC] p1 p2 p3 p4 [ 342.346119][ T9224] nullb0: p1 start 1986356271 is beyond EOD, truncated [ 342.353053][ T9224] nullb0: p2 start 1068017860 is beyond EOD, truncated [ 342.395612][ T9224] nullb0: p3 start 2952576660 is beyond EOD, truncated [ 348.598497][ T12] bridge_slave_1: left allmulticast mode [ 348.635734][ T12] bridge_slave_1: left promiscuous mode [ 348.641575][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.730066][ T12] bridge_slave_0: left allmulticast mode [ 348.763980][ T12] bridge_slave_0: left promiscuous mode [ 348.800790][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.090795][ T9237] loop3: detected capacity change from 0 to 4096 [ 349.707386][ T7952] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 350.024525][ T9257] loop4: detected capacity change from 0 to 128 [ 350.292910][ T5111] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 350.307004][ T5111] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 350.325337][ T5111] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 350.350807][ T5111] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 350.372820][ T5111] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 350.388865][ T5111] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 350.691681][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 350.708295][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 350.719944][ T12] bond0 (unregistering): Released all slaves [ 350.737910][ T9271] program syz.4.1091 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 351.645402][ T9291] loop4: detected capacity change from 0 to 128 [ 351.784418][ T9279] loop0: detected capacity change from 0 to 32768 [ 351.808501][ T9279] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1094 (9279) [ 351.845228][ T9279] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 351.882595][ T9279] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 351.937688][ T9279] BTRFS info (device loop0): using free-space-tree [ 351.990063][ T12] hsr_slave_0: left promiscuous mode [ 352.013040][ T12] hsr_slave_1: left promiscuous mode [ 352.166346][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 352.224941][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 352.253674][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 352.274072][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 352.342689][ T9320] loop3: detected capacity change from 0 to 512 [ 352.354906][ T12] veth1_macvtap: left promiscuous mode [ 352.363028][ T12] veth0_macvtap: left promiscuous mode [ 352.388911][ T12] veth1_vlan: left promiscuous mode [ 352.424060][ T9320] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1104: corrupted in-inode xattr: invalid ea_ino [ 352.444477][ T12] veth0_vlan: left promiscuous mode [ 352.446227][ T54] Bluetooth: hci5: command tx timeout [ 352.508066][ T9320] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1104: couldn't read orphan inode 15 (err -117) [ 352.550086][ T9320] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 353.059606][ T46] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 353.281755][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.293612][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.304092][ T46] usb 4-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 353.323879][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.363232][ T46] usb 4-1: config 0 descriptor?? [ 353.530499][ T9331] loop2: detected capacity change from 0 to 256 [ 353.859555][ T46] uclogic 0003:5543:0522.0008: No inputs registered, leaving [ 353.894545][ T46] uclogic 0003:5543:0522.0008: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.3-1/input0 [ 354.094116][ T9334] loop2: detected capacity change from 0 to 1024 [ 354.196539][ T9334] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 354.399180][ T12] team0 (unregistering): Port device team_slave_1 removed [ 354.415062][ T5956] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 354.492496][ T12] team0 (unregistering): Port device team_slave_0 removed [ 354.526802][ T54] Bluetooth: hci5: command tx timeout [ 354.798099][ T9338] loop0: detected capacity change from 0 to 512 [ 354.823275][ T9338] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 354.834414][ T9338] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 354.838324][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 354.856557][ T9338] EXT4-fs (loop0): group descriptors corrupted! [ 354.944577][ T9340] loop2: detected capacity change from 0 to 128 [ 355.387139][ T9343] No such timeout policy "syz0" [ 355.963130][ T9346] loop2: detected capacity change from 0 to 512 [ 356.030822][ T9346] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 ro without journal. Quota mode: writeback. [ 356.152636][ T9346] EXT4-fs: Ignoring sb option on remount [ 356.171457][ T9346] ext4: Unknown parameter 'obj_type' [ 356.201962][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 356.310165][ T9354] loop2: detected capacity change from 0 to 512 [ 356.337891][ T9354] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 356.367634][ T9354] nullb0: [POWERTEC] p1 p2 p3 p4 [ 356.387123][ T9354] nullb0: p1 start 1986356271 is beyond EOD, truncated [ 356.394005][ T9354] nullb0: p2 start 1068017860 is beyond EOD, truncated [ 356.428290][ T9354] nullb0: p3 start 2952576660 is beyond EOD, truncated [ 356.595963][ T54] Bluetooth: hci5: command tx timeout [ 356.627431][ T9325] batadv0: mtu less than device minimum [ 356.663900][ T5160] usb 4-1: USB disconnect, device number 6 [ 356.814901][ T9261] chnl_net:caif_netlink_parms(): no params data found [ 356.854697][ T7395] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.910401][ T9363] loop4: detected capacity change from 0 to 8 [ 356.921433][ T9363] squashfs: Unknown parameter '{PL' [ 356.997457][ T9365] loop2: detected capacity change from 0 to 128 [ 357.365205][ T9261] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.389841][ T9261] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.419243][ T9261] bridge_slave_0: entered allmulticast mode [ 357.443262][ T9261] bridge_slave_0: entered promiscuous mode [ 357.501109][ T9261] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.531863][ T9261] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.559933][ T9261] bridge_slave_1: entered allmulticast mode [ 357.599182][ T9261] bridge_slave_1: entered promiscuous mode [ 357.642389][ T9382] loop0: detected capacity change from 0 to 2048 [ 357.756908][ T9261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 357.774588][ T9382] hpfs: filesystem error: improperly stopped; already mounted read-only [ 357.810100][ T9261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 357.835717][ T9382] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 357.883426][ T9382] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2 [ 358.036440][ T9397] batadv0: mtu less than device minimum [ 358.081198][ T9261] team0: Port device team_slave_0 added [ 358.139288][ T9261] team0: Port device team_slave_1 added [ 358.384762][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.818204][ T54] Bluetooth: hci5: command tx timeout [ 359.387295][ T9404] loop3: detected capacity change from 0 to 8 [ 359.476751][ T9404] squashfs: Unknown parameter '{PL' [ 359.531241][ T9410] loop0: detected capacity change from 0 to 512 [ 359.571442][ T9410] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 359.618299][ T9410] EXT4-fs (loop0): orphan cleanup on readonly fs [ 359.659472][ T9410] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #3: comm syz.0.1132: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 359.695836][ T5187] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 359.718134][ T9410] EXT4-fs error (device loop0): ext4_quota_enable:7025: comm syz.0.1132: Bad quota inode: 3, type: 0 [ 359.772943][ T9417] loop3: detected capacity change from 0 to 128 [ 359.799808][ T9410] EXT4-fs warning (device loop0): ext4_enable_quotas:7066: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 359.813570][ T9415] loop2: detected capacity change from 0 to 4096 [ 359.828855][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.858447][ T9261] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 359.859717][ T9410] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 359.884707][ T9261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.934390][ T9410] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 359.950460][ T9261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 359.955977][ T5187] usb 5-1: Using ep0 maxpacket: 8 [ 359.978644][ T5187] usb 5-1: New USB device found, idVendor=07c4, idProduct=a109, bcdDevice= f.59 [ 359.995421][ T5187] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.013613][ T5187] usb 5-1: Product: syz [ 360.023929][ T5187] usb 5-1: Manufacturer: syz [ 360.031245][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 360.049368][ T5187] usb 5-1: SerialNumber: syz [ 360.068867][ T5187] usb 5-1: config 0 descriptor?? [ 360.076269][ T5187] ums-datafab 5-1:0.0: USB Mass Storage device detected [ 360.078872][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.123651][ T9422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1134'. [ 360.164423][ T5187] ums-sddr55 5-1:0.0: USB Mass Storage device detected [ 360.209050][ T9261] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.256675][ T9261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.359698][ T9426] loop2: detected capacity change from 0 to 2048 [ 360.363763][ T5187] usb 5-1: USB disconnect, device number 7 [ 360.372444][ T9261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.425408][ T9426] hpfs: filesystem error: improperly stopped; already mounted read-only [ 360.440554][ T9426] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 360.451848][ T9426] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2 [ 360.458023][ T9432] loop0: detected capacity change from 0 to 256 [ 360.512675][ T9432] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 360.554334][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.724179][ T9436] loop2: detected capacity change from 0 to 512 [ 360.759792][ T9436] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 360.792808][ T9261] hsr_slave_0: entered promiscuous mode [ 360.814971][ T9436] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 360.827810][ T9436] EXT4-fs (loop2): group descriptors corrupted! [ 360.840583][ T9261] hsr_slave_1: entered promiscuous mode [ 361.252051][ T9446] No such timeout policy "syz0" [ 361.399332][ T46] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 361.925911][ T12] bridge_slave_1: left allmulticast mode [ 361.928240][ T46] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 361.931595][ T12] bridge_slave_1: left promiscuous mode [ 361.931877][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.971389][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.018219][ T46] usb 4-1: config 0 descriptor?? [ 362.036042][ T12] bridge_slave_0: left allmulticast mode [ 362.041748][ T12] bridge_slave_0: left promiscuous mode [ 362.052405][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.221656][ T9453] loop0: detected capacity change from 0 to 512 [ 362.279498][ T9453] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 362.316950][ T9453] EXT4-fs (loop0): orphan cleanup on readonly fs [ 362.324147][ T9447] loop4: detected capacity change from 0 to 4096 [ 362.337498][ T9453] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #3: comm syz.0.1145: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 362.352130][ T9447] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 362.370556][ T9453] EXT4-fs error (device loop0): ext4_quota_enable:7025: comm syz.0.1145: Bad quota inode: 3, type: 0 [ 362.392241][ T9453] EXT4-fs warning (device loop0): ext4_enable_quotas:7066: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 362.407478][ T9453] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 362.415580][ T9453] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 362.541790][ T46] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 362.544466][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.558948][ T46] [drm] Initialized udl on minor 2 [ 362.575059][ T5160] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 362.731705][ T9435] loop3: detected capacity change from 0 to 512 [ 362.738662][ T9447] ntfs3: loop4: failed to convert "c46c" to iso8859-14 [ 362.785485][ T9435] ext3: Bad value for 'max_dir_size_kb' [ 362.808669][ T5160] usb 3-1: Using ep0 maxpacket: 16 [ 362.813800][ T46] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 362.824672][ T46] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 362.835224][ T25] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 362.876156][ T46] usb 4-1: USB disconnect, device number 7 [ 362.889893][ T5160] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.891139][ T25] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 362.934362][ T25] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 362.956606][ T5160] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 363.011201][ T5160] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 363.058863][ T5160] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.099535][ T5160] usb 3-1: config 0 descriptor?? [ 363.259408][ T9474] loop0: detected capacity change from 0 to 128 [ 363.550274][ T5160] microsoft 0003:045E:07DA.0009: No inputs registered, leaving [ 363.580461][ T5160] microsoft 0003:045E:07DA.0009: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 363.599628][ T5160] microsoft 0003:045E:07DA.0009: no inputs found [ 363.608651][ T5160] microsoft 0003:045E:07DA.0009: could not initialize ff, continuing anyway [ 363.657904][ T9480] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1149'. [ 363.712973][ C0] eth0: bad gso: type: 1, size: 1408 [ 363.814818][ T9484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 363.843955][ T9484] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 363.904161][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 363.926664][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 363.946760][ T12] bond0 (unregistering): Released all slaves [ 364.281807][ T9491] loop4: detected capacity change from 0 to 512 [ 364.315187][ T5187] usb 3-1: USB disconnect, device number 8 [ 364.341100][ T9491] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 364.379118][ T9491] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 364.413484][ T9491] EXT4-fs (loop4): group descriptors corrupted! [ 364.775181][ T9498] loop0: detected capacity change from 0 to 764 [ 364.925754][ T9501] No such timeout policy "syz0" [ 365.475950][ T5111] Bluetooth: hci4: command 0x0406 tx timeout [ 365.851194][ T9513] loop0: detected capacity change from 0 to 256 [ 365.866032][ T12] hsr_slave_0: left promiscuous mode [ 365.872356][ T9513] vfat: Bad value for 'fmask' [ 365.892058][ T12] hsr_slave_1: left promiscuous mode [ 365.922303][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.930750][ T9513] loop0: detected capacity change from 0 to 256 [ 365.942901][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.965957][ T9513] vfat: Unknown parameter 'n' [ 365.972921][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 365.999168][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.125278][ T12] veth1_macvtap: left promiscuous mode [ 366.135142][ T12] veth0_macvtap: left promiscuous mode [ 366.143088][ T12] veth1_vlan: left promiscuous mode [ 366.156695][ T12] veth0_vlan: left promiscuous mode [ 366.463291][ T9495] loop3: detected capacity change from 0 to 32768 [ 366.497766][ T9495] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1156 (9495) [ 366.565332][ T9495] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 366.606023][ T9495] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 366.628558][ T9495] BTRFS info (device loop3): using free-space-tree [ 367.499695][ T9529] loop2: detected capacity change from 0 to 32768 [ 367.588684][ T9529] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 367.623143][ T9529] XFS (loop2): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 367.725373][ T9529] XFS (loop2): Quotacheck needed: Please wait. [ 367.818023][ T9529] XFS (loop2): Quotacheck: Done. [ 367.964500][ T12] team0 (unregistering): Port device team_slave_1 removed [ 368.010713][ T7584] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 368.122198][ T12] team0 (unregistering): Port device team_slave_0 removed [ 369.576104][ T7395] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 370.584570][ T9562] Falling back ldisc for ptm0. [ 370.614887][ T54] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 370.625803][ T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.10.0-next-20240718-syzkaller #0 [ 370.635662][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 370.645925][ T54] Workqueue: hci0 hci_rx_work [ 370.650637][ T54] Call Trace: [ 370.653920][ T54] [ 370.656852][ T54] dump_stack_lvl+0x241/0x360 [ 370.661553][ T54] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.666765][ T54] ? __pfx__printk+0x10/0x10 [ 370.671375][ T54] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 370.676678][ T54] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 370.682246][ T54] sysfs_create_dir_ns+0x2ce/0x3a0 [ 370.687372][ T54] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 370.693029][ T54] kobject_add_internal+0x435/0x8d0 [ 370.698258][ T54] kobject_add+0x152/0x220 [ 370.702688][ T54] ? do_raw_spin_unlock+0x13c/0x8b0 [ 370.707906][ T54] ? device_add+0x3e7/0xbf0 [ 370.712459][ T54] ? __pfx_kobject_add+0x10/0x10 [ 370.717407][ T54] ? _raw_spin_unlock+0x28/0x50 [ 370.722269][ T54] ? get_device_parent+0x165/0x410 [ 370.727393][ T54] device_add+0x4e5/0xbf0 [ 370.731744][ T54] hci_conn_add_sysfs+0xe8/0x200 [ 370.736717][ T54] le_conn_complete_evt+0xc9f/0x12e0 [ 370.742035][ T54] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 370.747767][ T54] ? __mutex_unlock_slowpath+0x21d/0x750 [ 370.753483][ T54] ? __copy_skb_header+0x437/0x5b0 [ 370.758649][ T54] ? skb_pull_data+0x112/0x230 [ 370.763433][ T54] hci_le_enh_conn_complete_evt+0x185/0x420 [ 370.769349][ T54] hci_event_packet+0xa55/0x1540 [ 370.774306][ T54] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 370.779610][ T54] ? __pfx_hci_event_packet+0x10/0x10 [ 370.784992][ T54] ? do_raw_spin_unlock+0x13c/0x8b0 [ 370.790207][ T54] ? hci_send_to_monitor+0xd8/0x7f0 [ 370.795509][ T54] ? kcov_remote_start+0x9e/0x7e0 [ 370.800577][ T54] hci_rx_work+0x3e8/0xca0 [ 370.805025][ T54] ? process_scheduled_works+0x945/0x1830 [ 370.810936][ T54] process_scheduled_works+0xa2c/0x1830 [ 370.816525][ T54] ? __pfx_process_scheduled_works+0x10/0x10 [ 370.822528][ T54] ? assign_work+0x364/0x3d0 [ 370.827148][ T54] worker_thread+0x86d/0xd40 [ 370.831865][ T54] ? __kthread_parkme+0x169/0x1d0 [ 370.836911][ T54] ? __pfx_worker_thread+0x10/0x10 [ 370.842053][ T54] kthread+0x2f0/0x390 [ 370.846131][ T54] ? __pfx_worker_thread+0x10/0x10 [ 370.851265][ T54] ? __pfx_kthread+0x10/0x10 [ 370.855864][ T54] ret_from_fork+0x4b/0x80 [ 370.860330][ T54] ? __pfx_kthread+0x10/0x10 [ 370.864939][ T54] ret_from_fork_asm+0x1a/0x30 [ 370.869831][ T54] [ 370.882341][ T54] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 370.896891][ T54] Bluetooth: hci0: failed to register connection device [ 370.910556][ T9566] loop0: detected capacity change from 0 to 512 [ 370.946031][ T9566] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 371.003454][ T9566] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 371.014636][ T9566] EXT4-fs (loop0): group descriptors corrupted! [ 371.399714][ T9576] No such timeout policy "syz0" [ 372.966469][ T46] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 373.230944][ T46] usb 4-1: Using ep0 maxpacket: 16 [ 373.278307][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 373.388371][ T46] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 373.416781][ T46] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 373.456127][ T9588] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1173'. [ 373.556463][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.646952][ T46] usb 4-1: config 0 descriptor?? [ 373.906550][ T9261] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 374.035496][ T9261] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 374.125035][ T9261] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 374.144988][ T46] microsoft 0003:045E:07DA.000A: No inputs registered, leaving [ 374.209810][ T46] microsoft 0003:045E:07DA.000A: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 374.230904][ T9261] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 374.244152][ T46] microsoft 0003:045E:07DA.000A: no inputs found [ 375.010392][ T46] microsoft 0003:045E:07DA.000A: could not initialize ff, continuing anyway [ 375.245117][ T9583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 375.254040][ T9583] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 375.454951][ T9611] loop2: detected capacity change from 0 to 2048 [ 377.594816][ T9611] EXT4-fs: Ignoring removed bh option [ 378.772979][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.779436][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.708223][ T9611] EXT4-fs warning (device loop2): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop2. [ 379.814974][ T5110] usb 4-1: USB disconnect, device number 8 [ 379.845483][ T9261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 379.960483][ T9261] 8021q: adding VLAN 0 to HW filter on device team0 [ 380.078707][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.085982][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 380.143868][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.151113][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 380.479795][ T5111] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 380.490207][ T5111] CPU: 0 UID: 0 PID: 5111 Comm: kworker/u9:2 Not tainted 6.10.0-next-20240718-syzkaller #0 [ 380.500341][ T5111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 380.510445][ T5111] Workqueue: hci2 hci_rx_work [ 380.515181][ T5111] Call Trace: [ 380.518493][ T5111] [ 380.521460][ T5111] dump_stack_lvl+0x241/0x360 [ 380.526204][ T5111] ? __pfx_dump_stack_lvl+0x10/0x10 [ 380.531515][ T5111] ? __pfx__printk+0x10/0x10 [ 380.536129][ T5111] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 380.541431][ T5111] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 380.546999][ T5111] sysfs_create_dir_ns+0x2ce/0x3a0 [ 380.552131][ T5111] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 380.557782][ T5111] kobject_add_internal+0x435/0x8d0 [ 380.562989][ T5111] kobject_add+0x152/0x220 [ 380.567421][ T5111] ? do_raw_spin_unlock+0x13c/0x8b0 [ 380.572646][ T5111] ? device_add+0x3e7/0xbf0 [ 380.577174][ T5111] ? __pfx_kobject_add+0x10/0x10 [ 380.582123][ T5111] ? _raw_spin_unlock+0x28/0x50 [ 380.586987][ T5111] ? get_device_parent+0x165/0x410 [ 380.592117][ T5111] device_add+0x4e5/0xbf0 [ 380.596468][ T5111] hci_conn_add_sysfs+0xe8/0x200 [ 380.601427][ T5111] le_conn_complete_evt+0xc9f/0x12e0 [ 380.606768][ T5111] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 380.612506][ T5111] ? __mutex_unlock_slowpath+0x21d/0x750 [ 380.618173][ T5111] ? __copy_skb_header+0x437/0x5b0 [ 380.623293][ T5111] ? skb_pull_data+0x112/0x230 [ 380.628074][ T5111] hci_le_enh_conn_complete_evt+0x185/0x420 [ 380.634332][ T5111] hci_event_packet+0xa55/0x1540 [ 380.639283][ T5111] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 380.644585][ T5111] ? __pfx_hci_event_packet+0x10/0x10 [ 380.649989][ T5111] ? do_raw_spin_unlock+0x13c/0x8b0 [ 380.655209][ T5111] ? hci_send_to_monitor+0xd8/0x7f0 [ 380.660425][ T5111] ? kcov_remote_start+0x9e/0x7e0 [ 380.665477][ T5111] hci_rx_work+0x3e8/0xca0 [ 380.669926][ T5111] ? process_scheduled_works+0x945/0x1830 [ 380.675707][ T5111] process_scheduled_works+0xa2c/0x1830 [ 380.681329][ T5111] ? __pfx_process_scheduled_works+0x10/0x10 [ 380.687333][ T5111] ? assign_work+0x364/0x3d0 [ 380.691941][ T5111] worker_thread+0x86d/0xd40 [ 380.696563][ T5111] ? __kthread_parkme+0x169/0x1d0 [ 380.701602][ T5111] ? __pfx_worker_thread+0x10/0x10 [ 380.706725][ T5111] kthread+0x2f0/0x390 [ 380.710797][ T5111] ? __pfx_worker_thread+0x10/0x10 [ 380.715949][ T5111] ? __pfx_kthread+0x10/0x10 [ 380.720557][ T5111] ret_from_fork+0x4b/0x80 [ 380.724987][ T5111] ? __pfx_kthread+0x10/0x10 [ 380.729580][ T5111] ret_from_fork_asm+0x1a/0x30 [ 380.734370][ T5111] [ 380.749454][ T5111] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 380.770576][ T5111] Bluetooth: hci2: failed to register connection device [ 380.846651][ T9633] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1185'. [ 381.464950][ T9261] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 381.549878][ T9261] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 381.620915][ T9643] batadv0: mtu less than device minimum [ 381.743434][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 381.756170][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 381.774562][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 381.786897][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 381.808104][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 381.815718][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 382.129880][ T9659] loop4: detected capacity change from 0 to 1024 [ 382.180396][ T9659] EXT4-fs: Ignoring removed oldalloc option [ 382.226662][ T9659] ext4: Unknown parameter 'fsuuid' [ 383.768055][ T9261] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 384.018820][ T5111] Bluetooth: hci1: command tx timeout [ 384.078890][ T9693] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1194'. [ 384.663824][ T5156] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 384.820051][ T5111] Bluetooth: hci4: unexpected event for opcode 0x0c46 [ 384.833940][ T5111] Bluetooth: hci4: Malformed HCI Event: 0x22 [ 384.877765][ T5156] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 384.898770][ T9261] veth0_vlan: entered promiscuous mode [ 384.955868][ T5156] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 384.965194][ T9645] chnl_net:caif_netlink_parms(): no params data found [ 384.987393][ T5156] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.007598][ T9705] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 385.009401][ T9261] veth1_vlan: entered promiscuous mode [ 385.020676][ T5156] usb 1-1: Product: syz [ 385.033782][ T5156] usb 1-1: Manufacturer: syz [ 385.052130][ T5156] usb 1-1: SerialNumber: syz [ 385.144949][ T9701] input: syz1 as /devices/virtual/input/input31 [ 385.291907][ T9645] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.308021][ T9645] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.315422][ T9645] bridge_slave_0: entered allmulticast mode [ 385.341381][ T9645] bridge_slave_0: entered promiscuous mode [ 385.371314][ T9645] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.393935][ T9645] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.435964][ T9645] bridge_slave_1: entered allmulticast mode [ 385.468124][ T9645] bridge_slave_1: entered promiscuous mode [ 385.486452][ T5158] usb 1-1: USB disconnect, device number 13 [ 385.661418][ T9645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 385.708912][ T9645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 385.776040][ T9261] veth0_macvtap: entered promiscuous mode [ 385.822495][ T9645] team0: Port device team_slave_0 added [ 385.860568][ T9261] veth1_macvtap: entered promiscuous mode [ 385.881027][ T9645] team0: Port device team_slave_1 added [ 386.023474][ T9645] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 386.038641][ T9645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.065053][ T5111] Bluetooth: hci1: command tx timeout [ 386.072183][ T9645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 386.095450][ T9645] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 386.117403][ T9645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.144356][ T9645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 386.197735][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.241423][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.262943][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.275364][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.305450][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.361797][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.391257][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.432864][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.507639][ T9261] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 386.512252][ T9715] loop4: detected capacity change from 0 to 32768 [ 386.640520][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.693646][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.703878][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.715741][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.726362][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.736954][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.747777][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.782388][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.805038][ T9715] syz.4.1197: attempt to access beyond end of device [ 386.805038][ T9715] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 386.823413][ T9261] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 386.833861][ T9715] lbmIODone: I/O error in JFS log [ 386.843042][ T9645] hsr_slave_0: entered promiscuous mode [ 386.855232][ T9715] *** Log Format Error ! *** [ 386.863647][ T9715] lmLogInit: exit(-22) [ 386.867922][ T9715] lmLogOpen: exit(-22) [ 386.882360][ T9645] hsr_slave_1: entered promiscuous mode [ 386.889769][ T9729] jfs: Unrecognized mount option "00000000000000000000000cXcv:Q"Co"'ή_0-%+ t6P'k;/|%T9i(%Z@G~ͱ\%S:UVTOvO7MfOJjN"Bn]XZ [ 386.889769][ T9729] հ84bL*" or missing value [ 386.945874][ T9645] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 386.954376][ T9645] Cannot create hsr debugfs directory [ 387.083106][ T9261] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.105325][ T9261] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.117049][ T9261] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.126968][ T9261] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.757923][ T9645] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 387.774558][ T9645] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.861681][ T127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 387.935777][ T127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.120263][ T5111] Bluetooth: hci1: command tx timeout [ 388.133198][ T9645] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 388.346466][ T9645] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.640353][ T9741] loop0: detected capacity change from 0 to 1024 [ 388.720640][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.784219][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.890927][ T9645] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 388.936551][ T9645] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.953799][ T9749] loop4: detected capacity change from 0 to 256 [ 388.968522][ T9749] vfat: Bad value for 'fmask' [ 389.027640][ T9749] loop4: detected capacity change from 0 to 256 [ 389.034875][ T9749] vfat: Unknown parameter 'n' [ 389.290974][ T9755] loop2: detected capacity change from 0 to 1024 [ 389.301217][ T9645] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 389.340352][ T9645] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.196028][ T54] Bluetooth: hci1: command tx timeout [ 390.645194][ T35] hfsplus: b-tree write err: -5, ino 4 [ 390.740658][ T9645] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 390.745195][ T9762] loop2: detected capacity change from 0 to 2048 [ 390.804936][ T9762] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 390.816697][ T9645] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 390.857293][ T9496] udevd[9496]: incorrect nilfs2 checksum on /dev/loop2 [ 390.903259][ T9767] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 390.922898][ T9645] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 390.931231][ T9762] NILFS (loop2): corrupt root inode [ 390.968108][ T9430] udevd[9430]: incorrect nilfs2 checksum on /dev/loop2 [ 391.160229][ T9645] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 391.167848][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 392.258178][ T9762] loop2: detected capacity change from 0 to 1024 [ 392.295984][ T5111] Bluetooth: hci1: command tx timeout [ 392.311422][ T9762] hfsplus: part requires an argument [ 392.352253][ T9762] hfsplus: unable to parse mount options [ 392.417925][ T9783] loop2: detected capacity change from 0 to 1024 [ 392.686622][ T9645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 392.727906][ T5111] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 392.738631][ T5111] CPU: 0 UID: 0 PID: 5111 Comm: kworker/u9:2 Not tainted 6.10.0-next-20240718-syzkaller #0 [ 392.748641][ T5111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 392.758794][ T5111] Workqueue: hci5 hci_rx_work [ 392.763491][ T5111] Call Trace: [ 392.766783][ T5111] [ 392.769721][ T5111] dump_stack_lvl+0x241/0x360 [ 392.774423][ T5111] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.779641][ T5111] ? __pfx__printk+0x10/0x10 [ 392.784244][ T5111] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 392.789543][ T5111] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 392.795110][ T5111] sysfs_create_dir_ns+0x2ce/0x3a0 [ 392.800239][ T5111] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 392.805906][ T5111] kobject_add_internal+0x435/0x8d0 [ 392.811123][ T5111] kobject_add+0x152/0x220 [ 392.815559][ T5111] ? do_raw_spin_unlock+0x13c/0x8b0 [ 392.820768][ T5111] ? device_add+0x3e7/0xbf0 [ 392.825300][ T5111] ? __pfx_kobject_add+0x10/0x10 [ 392.830275][ T5111] ? _raw_spin_unlock+0x28/0x50 [ 392.835159][ T5111] ? get_device_parent+0x165/0x410 [ 392.840299][ T5111] device_add+0x4e5/0xbf0 [ 392.844664][ T5111] hci_conn_add_sysfs+0xe8/0x200 [ 392.849636][ T5111] le_conn_complete_evt+0xc9f/0x12e0 [ 392.854956][ T5111] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 392.860697][ T5111] ? __mutex_unlock_slowpath+0x21d/0x750 [ 392.866360][ T5111] ? __copy_skb_header+0x437/0x5b0 [ 392.871496][ T5111] ? skb_pull_data+0x112/0x230 [ 392.876280][ T5111] hci_le_enh_conn_complete_evt+0x185/0x420 [ 392.882202][ T5111] hci_event_packet+0xa55/0x1540 [ 392.887168][ T5111] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 392.892566][ T5111] ? __pfx_hci_event_packet+0x10/0x10 [ 392.897949][ T5111] ? do_raw_spin_unlock+0x13c/0x8b0 [ 392.903165][ T5111] ? hci_send_to_monitor+0xd8/0x7f0 [ 392.908374][ T5111] ? kcov_remote_start+0x9e/0x7e0 [ 392.913418][ T5111] hci_rx_work+0x3e8/0xca0 [ 392.917845][ T5111] ? process_scheduled_works+0x945/0x1830 [ 392.923569][ T5111] process_scheduled_works+0xa2c/0x1830 [ 392.929153][ T5111] ? __pfx_process_scheduled_works+0x10/0x10 [ 392.935153][ T5111] ? assign_work+0x364/0x3d0 [ 392.939757][ T5111] worker_thread+0x86d/0xd40 [ 392.944366][ T5111] ? __kthread_parkme+0x169/0x1d0 [ 392.949406][ T5111] ? __pfx_worker_thread+0x10/0x10 [ 392.954530][ T5111] kthread+0x2f0/0x390 [ 392.958598][ T5111] ? __pfx_worker_thread+0x10/0x10 [ 392.963717][ T5111] ? __pfx_kthread+0x10/0x10 [ 392.968398][ T5111] ret_from_fork+0x4b/0x80 [ 392.972829][ T5111] ? __pfx_kthread+0x10/0x10 [ 392.977421][ T5111] ret_from_fork_asm+0x1a/0x30 [ 392.982204][ T5111] [ 392.997316][ T5111] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 393.011453][ T5111] Bluetooth: hci5: failed to register connection device [ 393.148923][ T9645] 8021q: adding VLAN 0 to HW filter on device team0 [ 393.392187][ T9796] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 393.393197][ T5113] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.406736][ T5113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 393.460923][ T5113] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.468250][ T5113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.207053][ T9645] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.392347][ T9789] loop4: detected capacity change from 0 to 32768 [ 394.424490][ T9789] XFS: ikeep mount option is deprecated. [ 394.425454][ T9645] veth0_vlan: entered promiscuous mode [ 394.453135][ T9789] XFS: noikeep mount option is deprecated. [ 394.493932][ T9645] veth1_vlan: entered promiscuous mode [ 394.533043][ T9789] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 394.643383][ T9645] veth0_macvtap: entered promiscuous mode [ 394.647490][ T9789] XFS (loop4): Ending clean mount [ 394.684410][ T9645] veth1_macvtap: entered promiscuous mode [ 394.700849][ T9789] XFS (loop4): Quotacheck needed: Please wait. [ 394.753074][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.785691][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.805726][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.834147][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.875682][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.896921][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.917201][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.936078][ T9789] XFS (loop4): Quotacheck: Done. [ 394.961414][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.985687][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.018734][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.068390][ T9645] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 395.108245][ T8009] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 395.164019][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.185807][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.221795][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.264799][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.301040][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.355748][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.396146][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.407629][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.417535][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 395.428395][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.440156][ T9645] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.453186][ T9645] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.461984][ T9645] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.470833][ T9645] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.481297][ T9645] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.615895][ T9823] loop1: detected capacity change from 0 to 32768 [ 395.659491][ T9823] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1235 (9823) [ 395.785808][ T9823] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 395.818073][ T9823] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 395.823467][ T9822] loop2: detected capacity change from 0 to 32768 [ 395.848304][ T127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.865369][ T9823] BTRFS info (device loop1): using free-space-tree [ 395.874385][ T127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.945037][ T9840] loop4: detected capacity change from 0 to 512 [ 395.976947][ T9822] syz.2.1234: attempt to access beyond end of device [ 395.976947][ T9822] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 395.999125][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.003844][ T9822] lbmIODone: I/O error in JFS log [ 396.014140][ T9822] *** Log Format Error ! *** [ 396.019283][ T9822] lmLogInit: exit(-22) [ 396.023415][ T9822] lmLogOpen: exit(-22) [ 396.069111][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.078422][ T9847] jfs: Unrecognized mount option "00000000000000000000000cXcv:Q"Co"'ή_0-%+ t6P'k;/|%T9i(%Z@G~ͱ\%S:UVTOvO7MfOJjN"Bn]XZ [ 396.078422][ T9847] հ84bL*" or missing value [ 396.112277][ T9840] loop4: detected capacity change from 0 to 512 [ 396.242252][ T9840] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 396.307914][ T9840] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 396.352353][ T9840] EXT4-fs (loop4): 1 truncate cleaned up [ 396.397878][ T9840] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 396.466489][ T927] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.545216][ T9840] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 396.556681][ T9261] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 396.844709][ T8009] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.870247][ T9897] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1251'. [ 398.351576][ T9898] loop0: detected capacity change from 0 to 256 [ 398.475333][ T9898] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 398.666394][ T9900] loop1: detected capacity change from 0 to 512 [ 398.783382][ T9900] loop1: detected capacity change from 0 to 512 [ 398.859283][ T9900] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 398.887931][ T9900] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 398.968181][ T9898] syz.0.1254 (9898) used greatest stack depth: 18736 bytes left [ 398.993760][ T9900] EXT4-fs (loop1): 1 truncate cleaned up [ 399.019562][ T9900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 399.037222][ T9888] loop2: detected capacity change from 0 to 32768 [ 399.067627][ T9884] loop3: detected capacity change from 0 to 32768 [ 399.095159][ T9900] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 399.144289][ T9888] syz.2.1250: attempt to access beyond end of device [ 399.144289][ T9888] loop14: rw=0, sector=8, nr_sectors = 8 limit=0 [ 399.147204][ T9884] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section [ 399.147204][ T9884] clean (size 2912): [ 399.147204][ T9884] flags: 0 [ 399.147204][ T9884] journal_seq: 8 [ 399.147204][ T9884] usage: type=inodes v=8 [ 399.147204][ T9884] usage: type=key_version v=0 [ 399.147204][ T9884] usage: type=reserved v=0 [ 399.147204][ T9884] usage: type=reserved v=0 [ 399.147204][ T9884] usage: type=reserved v=0 [ 399.147204][ T9884] usage: type=reserved v=0 [ 399.147204][ T9884] data_usage: btree: 1/1 [0]=2816 [ 399.147204][ T9884] data_usage: journal: 1/1 [0]=0 [ 399.147204][ T9884] btree_keys: btree=extents l=0 u64s 8 type deleted 0:2048:0 len 8 ver 1065151889408: [ 399.147204][ T9884] btree_keys: btree=extents l=0 u64s 1 type deleted POS_MIN len 224 ver 137438953472: [ 399.147204][ T9884] btree_keys: btree=extents l=0 u64s 32 type deleted POS_MIN len 0 ver 962072674304: [ 399.147204][ T9884] clock: read=0 [ 399.147204][ T9884] clock: write=1288 [ 399.147204][ T9884] btree_root: btree=extents l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 written 16 min_key POS_MIN ptr: 0:6912 gen 0 [ 399.147204][ T9884] btree_root: btree=inodes l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN ptr: 0:9728 gen 0 [ 399.147204][ T9884] btree_root: btree=dirents l=0 u64s 11 type btre [ 399.161412][ T9888] lbmIODone: I/O error in JFS log [ 399.202946][ T9884] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean [ 399.321874][ T9888] *** Log Format Error ! *** [ 399.386217][ T9888] lmLogInit: exit(-22) [ 399.390394][ T9888] lmLogOpen: exit(-22) [ 399.428594][ T9909] jfs: Unrecognized mount option "00000000000000000000000cXcv:Q"Co"'ή_0-%+ t6P'k;/|%T9i(%Z@G~ͱ\%S:UVTOvO7MfOJjN"Bn]XZ [ 399.428594][ T9909] հ84bL*" or missing value [ 399.468394][ T9261] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 400.238497][ T9926] loop1: detected capacity change from 0 to 2048 [ 400.395529][ T9934] loop0: detected capacity change from 0 to 256 [ 400.412038][ T9930] loop3: detected capacity change from 0 to 512 [ 400.434692][ T9926] loop1: detected capacity change from 0 to 256 [ 400.452435][ T9934] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 400.484495][ T9935] batadv0: mtu less than device minimum [ 400.526752][ T9930] EXT4-fs (loop3): blocks per group (33) and clusters per group (32768) inconsistent [ 400.618790][ T9926] loop1: detected capacity change from 0 to 1764 [ 401.321509][ T9945] loop2: detected capacity change from 0 to 512 [ 401.498979][ T9945] loop2: detected capacity change from 0 to 512 [ 401.564036][ T9945] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 401.587267][ T9945] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 401.658911][ T9956] netlink: 'syz.3.1274': attribute type 1 has an invalid length. [ 401.709752][ T9945] EXT4-fs (loop2): 1 truncate cleaned up [ 401.724074][ T9956] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1274'. [ 401.749206][ T9945] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 401.926473][ T9943] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 401.936279][ T9940] loop4: detected capacity change from 0 to 40427 [ 401.970528][ T9940] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 401.993318][ T9940] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 402.081637][ T9940] F2FS-fs (loop4): Found nat_bits in checkpoint [ 402.173481][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 402.312679][ T9940] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 402.344007][ T9940] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 402.407767][ T9976] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 402.442934][ T5111] Bluetooth: hci4: unexpected event for opcode 0x0c56 [ 402.639437][ T9981] overlayfs: failed to create directory ./bus/work (errno: 28); mounting read-only [ 402.672869][ T9981] overlayfs: failed to set uuid (/file1, err=-28); falling back to uuid=null. [ 403.280860][ T9993] netlink: 'syz.3.1288': attribute type 1 has an invalid length. [ 403.315201][ T9993] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1288'. [ 403.316916][ T9978] could not allocate digest TFM handle rmd256-generic [ 403.764210][ T5111] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 403.812108][T10009] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 403.833878][ T5111] Bluetooth: hci2: Malformed HCI Event: 0x22 [ 404.047750][T10013] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 404.170145][T10013] input: syz1 as /devices/virtual/input/input32 [ 404.277994][ T5111] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 404.288619][ T5111] Bluetooth: hci1: Injecting HCI hardware error event [ 404.300364][ T54] Bluetooth: hci1: hardware error 0x00 [ 404.661412][T10015] loop4: detected capacity change from 0 to 32768 [ 404.671302][T10015] btrfs: Deprecated parameter 'usebackuproot' [ 404.682100][T10015] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 404.703564][T10015] btrfs: Unknown parameter 'noinode_cache' [ 404.756462][ T5111] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 404.767645][ T5111] Bluetooth: hci5: Injecting HCI hardware error event [ 404.777486][ T5122] Bluetooth: hci5: hardware error 0x00 [ 404.843258][ T9996] loop3: detected capacity change from 0 to 32768 [ 404.882675][ T9996] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1290 (9996) [ 404.968246][ T9996] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 404.986765][ T9996] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 405.096747][ T9996] BTRFS info (device loop3): using free-space-tree [ 405.440003][T10028] loop4: detected capacity change from 0 to 512 [ 405.501895][T10028] EXT4-fs (loop4): can't mount with data=, fs mounted w/o journal [ 405.699309][T10030] kvm: emulating exchange as write [ 405.723455][T10059] batadv0: mtu less than device minimum [ 405.784748][T10061] overlayfs: failed to create directory ./bus/work (errno: 28); mounting read-only [ 405.831795][T10061] overlayfs: failed to set uuid (/file1, err=-28); falling back to uuid=null. [ 406.072543][T10065] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 406.263246][ T29] audit: type=1326 audit(2000000097.200:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10072 comm="syz.0.1311" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc048d75a99 code=0x0 [ 406.461579][ T9645] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 406.776095][ T5113] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 406.998307][ T5113] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 407.053175][ T5113] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 407.085660][ T5113] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 407.098860][ T5113] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 407.133530][ T5113] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 407.161448][ T5113] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.206826][ T5113] usb 1-1: config 0 descriptor?? [ 407.212609][T10074] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 407.235978][ T5122] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 407.236142][ T54] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 407.651951][T10102] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 407.769666][ T5113] plantronics 0003:047F:FFFF.000B: unknown main item tag 0xd [ 407.791949][ T5113] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 407.846445][ T5113] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 408.018204][T10090] loop3: detected capacity change from 0 to 32768 [ 408.065440][T10090] btrfs: Deprecated parameter 'usebackuproot' [ 408.073908][T10110] x_tables: duplicate underflow at hook 4 [ 408.085463][T10090] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 408.130527][T10090] btrfs: Unknown parameter 'noinode_cache' [ 408.633294][T10098] loop2: detected capacity change from 0 to 32768 [ 408.662755][T10098] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1322 (10098) [ 408.677344][T10121] loop4: detected capacity change from 0 to 256 [ 408.700359][T10121] exfat: Deprecated parameter 'namecase' [ 408.723507][T10121] exfat: Deprecated parameter 'utf8' [ 408.743861][T10121] exfat: Deprecated parameter 'namecase' [ 408.755303][T10098] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 408.795291][T10121] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 408.815728][T10098] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 408.835218][T10098] BTRFS info (device loop2): using free-space-tree [ 409.189677][ T54] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 409.256823][ T5110] usb 1-1: reset high-speed USB device number 14 using dummy_hcd [ 409.643718][T10150] input: syz0 as /devices/virtual/input/input34 [ 409.667470][ T7584] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 410.415899][T10154] x_tables: duplicate underflow at hook 4 [ 410.638881][ T5113] usb 1-1: USB disconnect, device number 14 [ 411.092911][ C0] eth0: bad gso: type: 1, size: 1408 [ 411.193212][T10176] loop2: detected capacity change from 0 to 512 [ 411.240409][T10176] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 411.299819][T10176] EXT4-fs (loop2): orphan cleanup on readonly fs [ 411.309955][T10174] loop4: detected capacity change from 0 to 8192 [ 411.337527][T10185] loop0: detected capacity change from 0 to 524288000 [ 411.351731][T10176] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 411.366871][T10176] EXT4-fs warning (device loop2): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 411.392655][T10176] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 411.424027][T10176] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #16: comm syz.2.1337: iget: immutable or append flags not allowed on symlinks [ 411.480372][T10187] loop1: detected capacity change from 0 to 256 [ 411.496948][T10176] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1337: couldn't read orphan inode 16 (err -117) [ 411.543787][T10187] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x6842f4db, utbl_chksum : 0xe619d30d) [ 411.577317][T10176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 411.669653][T10193] loop3: detected capacity change from 0 to 256 [ 411.684932][T10195] loop4: detected capacity change from 0 to 256 [ 412.220730][T10203] 9pnet_fd: Insufficient options for proto=fd [ 412.259613][T10204] loop0: detected capacity change from 0 to 1024 [ 413.341956][T10204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 413.514524][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 413.585967][T10193] FAT-fs (loop3): Directory bread(block 64) failed [ 413.738439][T10193] FAT-fs (loop3): Directory bread(block 65) failed [ 413.745158][T10193] FAT-fs (loop3): Directory bread(block 66) failed [ 413.803019][T10193] FAT-fs (loop3): Directory bread(block 67) failed [ 413.813779][T10193] FAT-fs (loop3): Directory bread(block 68) failed [ 413.820790][T10193] FAT-fs (loop3): Directory bread(block 69) failed [ 413.876575][T10193] FAT-fs (loop3): Directory bread(block 70) failed [ 413.884029][T10193] FAT-fs (loop3): Directory bread(block 71) failed [ 413.905891][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 413.985548][T10193] FAT-fs (loop3): Directory bread(block 72) failed [ 413.993603][T10193] FAT-fs (loop3): Directory bread(block 73) failed [ 414.066049][T10211] blktrace: Concurrent blktraces are not allowed on sg0 [ 414.291403][T10219] loop0: detected capacity change from 0 to 524288000 [ 414.653867][T10218] loop2: detected capacity change from 0 to 8192 [ 414.790659][ C0] eth0: bad gso: type: 1, size: 1408 [ 415.027339][T10241] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1375'. [ 415.084174][T10244] loop3: detected capacity change from 0 to 128 [ 415.167361][T10244] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 415.212615][T10244] ext4 filesystem being mounted at /30/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 415.475548][T10250] netlink: 'syz.1.1378': attribute type 1 has an invalid length. [ 415.504689][T10250] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1378'. [ 416.219846][T10258] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 416.282301][ T9645] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 416.757823][T10276] netlink: 'syz.0.1389': attribute type 1 has an invalid length. [ 416.767178][T10276] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1389'. [ 416.794312][T10248] loop2: detected capacity change from 0 to 32768 [ 416.948781][T10278] bridge_slave_1: left allmulticast mode [ 416.954726][T10278] bridge_slave_1: left promiscuous mode [ 416.961794][T10278] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.201548][T10248] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section [ 417.201548][T10248] clean (size 2912): [ 417.201548][T10248] flags: 0 [ 417.201548][T10248] journal_seq: 8 [ 417.201548][T10248] usage: type=inodes v=8 [ 417.201548][T10248] usage: type=key_version v=0 [ 417.201548][T10248] usage: type=reserved v=0 [ 417.201548][T10248] usage: type=reserved v=0 [ 417.201548][T10248] usage: type=reserved v=0 [ 417.201548][T10248] usage: type=reserved v=0 [ 417.201548][T10248] data_usage: btree: 1/1 [0]=2816 [ 417.201548][T10248] data_usage: journal: 1/1 [0]=0 [ 417.201548][T10248] btree_keys: btree=extents l=0 u64s 8 type deleted 0:2048:0 len 8 ver 1065151889408: [ 417.201548][T10248] btree_keys: btree=extents l=0 u64s 1 type deleted POS_MIN len 224 ver 137438953472: [ 417.201548][T10248] btree_keys: btree=extents l=0 u64s 32 type deleted POS_MIN len 0 ver 962072674304: [ 417.201548][T10248] clock: read=0 [ 417.201548][T10248] clock: write=1288 [ 417.201548][T10248] btree_root: btree=extents l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 written 16 min_key POS_MIN ptr: 0:6912 gen 0 [ 417.201548][T10248] btree_root: btree=inodes l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN ptr: 0:9728 gen 0 [ 417.201548][T10248] btree_root: btree=dirents l=0 u64s 11 type btre [ 417.204250][T10248] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean [ 417.607695][ C0] eth0: bad gso: type: 1, size: 1408 [ 418.841519][T10303] blktrace: Concurrent blktraces are not allowed on sg0 [ 419.353358][T10317] bridge_slave_1: left allmulticast mode [ 419.359230][T10317] bridge_slave_1: left promiscuous mode [ 419.365803][T10317] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.158677][T10327] loop1: detected capacity change from 0 to 64 [ 420.624862][T10332] loop3: detected capacity change from 0 to 32768 [ 420.635367][T10332] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1410 (10332) [ 420.673348][T10332] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 420.683702][T10332] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 420.692459][T10332] BTRFS info (device loop3): using free-space-tree [ 424.094088][ T9645] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 424.414503][T10387] ieee802154 phy0 wpan0: encryption failed: -22 [ 424.617983][T10389] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.1425'. [ 424.704630][T10393] loop4: detected capacity change from 0 to 1024 [ 424.943960][T10393] EXT4-fs: Ignoring removed orlov option [ 424.961861][T10393] EXT4-fs (loop4): Test dummy encryption mode enabled [ 424.984720][T10393] EXT4-fs (loop4): Encoding requested by superblock is unknown [ 426.229031][T10398] syz.3.1418 (10398) used greatest stack depth: 18680 bytes left [ 426.268903][T10417] loop0: detected capacity change from 0 to 256 [ 426.321244][T10417] FAT-fs (loop0): Directory bread(block 64) failed [ 426.345844][T10417] FAT-fs (loop0): Directory bread(block 65) failed [ 426.361332][T10423] loop1: detected capacity change from 0 to 1024 [ 426.365067][T10417] FAT-fs (loop0): Directory bread(block 66) failed [ 426.416087][T10417] FAT-fs (loop0): Directory bread(block 67) failed [ 426.427501][T10417] FAT-fs (loop0): Directory bread(block 68) failed [ 426.437063][T10417] FAT-fs (loop0): Directory bread(block 69) failed [ 426.446647][T10417] FAT-fs (loop0): Directory bread(block 70) failed [ 426.463431][T10417] FAT-fs (loop0): Directory bread(block 71) failed [ 426.496022][T10417] FAT-fs (loop0): Directory bread(block 72) failed [ 426.535084][T10417] FAT-fs (loop0): Directory bread(block 73) failed [ 429.139710][T10478] loop3: detected capacity change from 0 to 32768 [ 429.150340][T10478] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1458 (10478) [ 429.191556][T10478] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 429.204224][T10478] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 429.215672][T10478] BTRFS info (device loop3): using free-space-tree [ 429.248362][T10502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1467'. [ 429.820534][T10502] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 429.830051][T10502] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 429.838860][T10502] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 429.847750][T10502] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 429.994653][T10502] vxlan0: entered promiscuous mode [ 430.089579][T10516] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1468'. [ 431.129035][T10478] BTRFS info (device loop3): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 431.408233][T10549] loop0: detected capacity change from 0 to 128 [ 431.519024][ T9645] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 431.569267][T10206] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.719725][T10552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1482'. [ 431.778152][T10552] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 431.787257][T10552] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 431.796131][T10552] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 431.805083][T10552] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 431.850186][T10552] vxlan0: entered promiscuous mode [ 431.986116][T10206] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.152490][T10206] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.426453][ T5122] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 432.447124][ T5122] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 432.468357][ T5122] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 433.546913][ T5122] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 433.554969][ T5122] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 433.564738][ T5122] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 433.760535][T10570] netlink: 'syz.2.1487': attribute type 4 has an invalid length. [ 433.821488][T10555] ================================================================== [ 433.829618][T10555] BUG: KASAN: slab-use-after-free in handle_mm_fault+0x14f0/0x19a0 [ 433.837556][T10555] Read of size 8 at addr ffff88802baac118 by task syz.0.1484/10555 [ 433.845560][T10555] [ 433.847899][T10555] CPU: 1 UID: 0 PID: 10555 Comm: syz.0.1484 Not tainted 6.10.0-next-20240718-syzkaller #0 [ 433.857928][T10555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 433.867997][T10555] Call Trace: [ 433.871304][T10555] [ 433.874252][T10555] dump_stack_lvl+0x241/0x360 [ 433.879064][T10555] ? __pfx_dump_stack_lvl+0x10/0x10 [ 433.884473][T10555] ? __pfx__printk+0x10/0x10 [ 433.889094][T10555] ? _printk+0xd5/0x120 [ 433.893274][T10555] ? __virt_addr_valid+0x183/0x530 [ 433.898399][T10555] ? __virt_addr_valid+0x183/0x530 [ 433.903526][T10555] print_report+0x169/0x550 [ 433.908052][T10555] ? __virt_addr_valid+0x183/0x530 [ 433.913179][T10555] ? __virt_addr_valid+0x183/0x530 [ 433.918306][T10555] ? __virt_addr_valid+0x45f/0x530 [ 433.923439][T10555] ? __phys_addr+0xba/0x170 [ 433.927959][T10555] ? handle_mm_fault+0x14f0/0x19a0 [ 433.933098][T10555] kasan_report+0x143/0x180 [ 433.937625][T10555] ? handle_mm_fault+0x14f0/0x19a0 [ 433.942767][T10555] handle_mm_fault+0x14f0/0x19a0 [ 433.947831][T10555] ? __pfx_handle_mm_fault+0x10/0x10 [ 433.953151][T10555] ? lock_vma_under_rcu+0x592/0x6e0 [ 433.958377][T10555] ? exc_page_fault+0x113/0x8c0 [ 433.963247][T10555] exc_page_fault+0x459/0x8c0 [ 433.967959][T10555] asm_exc_page_fault+0x26/0x30 [ 433.972853][T10555] RIP: 0033:0x7fc048d3d5ab [ 433.977283][T10555] Code: fa 10 73 2d 83 fa 08 73 46 83 fa 04 73 16 83 fa 01 7c 10 8a 0e 74 0a 0f b7 74 16 fe 66 89 74 17 fe 88 0f c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 [ 433.996952][T10555] RSP: 002b:00007fc049aef038 EFLAGS: 00010246 [ 434.003040][T10555] RAX: 0000000020400000 RBX: 00007fc048f03f60 RCX: 0000000000000000 [ 434.011021][T10555] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000020400000 [ 434.019091][T10555] RBP: 00007fc048de4e5d R08: 0000000000000004 R09: 0000000000000000 [ 434.027081][T10555] R10: 0000000020400000 R11: 0000000020000080 R12: 0000000000000000 [ 434.035069][T10555] R13: 000000000000000b R14: 00007fc048f03f60 R15: 00007fff94a032e8 [ 434.043066][T10555] [ 434.046096][T10555] [ 434.048427][T10555] Allocated by task 10555: [ 434.052856][T10555] kasan_save_track+0x3f/0x80 [ 434.057571][T10555] __kasan_slab_alloc+0x66/0x80 [ 434.062435][T10555] kmem_cache_alloc_noprof+0x135/0x2a0 [ 434.067913][T10555] vm_area_alloc+0x24/0x1d0 [ 434.072540][T10555] mmap_region+0xc3d/0x2090 [ 434.077070][T10555] do_mmap+0x8f9/0x1010 [ 434.081248][T10555] vm_mmap_pgoff+0x1dd/0x3d0 [ 434.085852][T10555] do_syscall_64+0xf3/0x230 [ 434.090380][T10555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.096291][T10555] [ 434.098720][T10555] Freed by task 5111: [ 434.102712][T10555] kasan_save_track+0x3f/0x80 [ 434.107418][T10555] kasan_save_free_info+0x40/0x50 [ 434.112466][T10555] poison_slab_object+0xe0/0x150 [ 434.117418][T10555] __kasan_slab_free+0x37/0x60 [ 434.122194][T10555] kmem_cache_free+0x145/0x350 [ 434.126982][T10555] rcu_core+0xafd/0x1830 [ 434.131258][T10555] handle_softirqs+0x2c4/0x970 [ 434.136045][T10555] __irq_exit_rcu+0xf4/0x1c0 [ 434.140661][T10555] irq_exit_rcu+0x9/0x30 [ 434.144925][T10555] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 434.150601][T10555] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 434.156604][T10555] [ 434.158963][T10555] Last potentially related work creation: [ 434.164681][T10555] kasan_save_stack+0x3f/0x60 [ 434.169393][T10555] __kasan_record_aux_stack+0xac/0xc0 [ 434.174788][T10555] call_rcu+0x167/0xa70 [ 434.178978][T10555] vma_complete+0x98a/0xb60 [ 434.183494][T10555] vma_merge+0x1d9b/0x2690 [ 434.187927][T10555] vma_modify+0xb8/0x350 [ 434.192189][T10555] userfaultfd_release+0x413/0x900 [ 434.197327][T10555] __fput+0x24a/0x8a0 [ 434.201337][T10555] task_work_run+0x24f/0x310 [ 434.205962][T10555] syscall_exit_to_user_mode+0x168/0x370 [ 434.211709][T10555] do_syscall_64+0x100/0x230 [ 434.216336][T10555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.222277][T10555] [ 434.224643][T10555] The buggy address belongs to the object at ffff88802baac0f8 [ 434.224643][T10555] which belongs to the cache vm_area_struct of size 184 [ 434.238982][T10555] The buggy address is located 32 bytes inside of [ 434.238982][T10555] freed 184-byte region [ffff88802baac0f8, ffff88802baac1b0) [ 434.252719][T10555] [ 434.255062][T10555] The buggy address belongs to the physical page: [ 434.261495][T10555] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2baac SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 434.270276][T10555] memcg:ffff88807b9af001 [ 434.274535][T10555] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 434.281676][T10555] page_type: 0xfdffffff(slab) [ 434.286381][T10555] raw: 00fff00000000000 ffff888015eefb40 ffffea0001f46f00 dead000000000008 [ 434.294991][T10555] raw: 0000000000000000 0000000000100010 00000001fdffffff ffff88807b9af001 [ 434.303606][T10555] page dumped because: kasan: bad access detected [ 434.310036][T10555] page_owner tracks the page as allocated [ 434.315765][T10555] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5106, tgid 5106 (syz-executor), ts 95500353579, free_ts 95451347470 [ 434.335001][T10555] post_alloc_hook+0x1f3/0x230 [ 434.339799][T10555] get_page_from_freelist+0x2ccb/0x2d80 [ 434.345373][T10555] __alloc_pages_noprof+0x256/0x6c0 [ 434.350630][T10555] alloc_slab_page+0x5f/0x120 [ 434.355341][T10555] allocate_slab+0x5a/0x2f0 [ 434.359912][T10555] ___slab_alloc+0xcd1/0x14b0 [ 434.364619][T10555] __slab_alloc+0x58/0xa0 [ 434.368976][T10555] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 434.374454][T10555] vm_area_dup+0x27/0x290 [ 434.378819][T10555] copy_mm+0xc7b/0x1f30 [ 434.383007][T10555] copy_process+0x186b/0x3d90 [ 434.387711][T10555] kernel_clone+0x226/0x8f0 [ 434.392244][T10555] __x64_sys_clone+0x258/0x2a0 [ 434.397215][T10555] do_syscall_64+0xf3/0x230 [ 434.401754][T10555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.407671][T10555] page last free pid 5352 tgid 5350 stack trace: [ 434.414016][T10555] free_unref_folios+0x103a/0x1b00 [ 434.419162][T10555] folios_put_refs+0x76e/0x860 [ 434.423955][T10555] free_pages_and_swap_cache+0x5c8/0x690 [ 434.429627][T10555] tlb_flush_mmu+0x3a3/0x680 [ 434.434248][T10555] tlb_finish_mmu+0xd4/0x200 [ 434.438878][T10555] exit_mmap+0x44f/0xc80 [ 434.443152][T10555] __mmput+0x115/0x390 [ 434.447255][T10555] exit_mm+0x220/0x310 [ 434.451349][T10555] do_exit+0x9b2/0x27f0 [ 434.455541][T10555] do_group_exit+0x207/0x2c0 [ 434.460639][T10555] get_signal+0x16a1/0x1740 [ 434.465174][T10555] arch_do_signal_or_restart+0x96/0x830 [ 434.470749][T10555] syscall_exit_to_user_mode+0xc9/0x370 [ 434.476330][T10555] do_syscall_64+0x100/0x230 [ 434.480953][T10555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.486868][T10555] [ 434.489303][T10555] Memory state around the buggy address: [ 434.494942][T10555] ffff88802baac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 434.503023][T10555] ffff88802baac080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa [ 434.511100][T10555] >ffff88802baac100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 434.519172][T10555] ^ [ 434.524030][T10555] ffff88802baac180: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb [ 434.532120][T10555] ffff88802baac200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 434.540227][T10555] ================================================================== [ 434.574239][T10555] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 434.581489][T10555] CPU: 1 UID: 0 PID: 10555 Comm: syz.0.1484 Not tainted 6.10.0-next-20240718-syzkaller #0 [ 434.591507][T10555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 434.601592][T10555] Call Trace: [ 434.604912][T10555] [ 434.607895][T10555] dump_stack_lvl+0x241/0x360 [ 434.612791][T10555] ? __pfx_dump_stack_lvl+0x10/0x10 [ 434.618030][T10555] ? __pfx__printk+0x10/0x10 [ 434.622667][T10555] ? preempt_schedule+0xe1/0xf0 [ 434.627555][T10555] ? vscnprintf+0x5d/0x90 [ 434.631918][T10555] panic+0x349/0x870 [ 434.635850][T10555] ? check_panic_on_warn+0x21/0xb0 [ 434.641004][T10555] ? __pfx_panic+0x10/0x10 [ 434.645459][T10555] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 434.651470][T10555] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 434.657827][T10555] ? print_report+0x502/0x550 [ 434.662529][T10555] check_panic_on_warn+0x86/0xb0 [ 434.667492][T10555] ? handle_mm_fault+0x14f0/0x19a0 [ 434.672654][T10555] end_report+0x77/0x160 [ 434.676925][T10555] kasan_report+0x154/0x180 [ 434.681541][T10555] ? handle_mm_fault+0x14f0/0x19a0 [ 434.686698][T10555] handle_mm_fault+0x14f0/0x19a0 [ 434.691694][T10555] ? __pfx_handle_mm_fault+0x10/0x10 [ 434.697019][T10555] ? lock_vma_under_rcu+0x592/0x6e0 [ 434.702257][T10555] ? exc_page_fault+0x113/0x8c0 [ 434.707140][T10555] exc_page_fault+0x459/0x8c0 [ 434.711856][T10555] asm_exc_page_fault+0x26/0x30 [ 434.716737][T10555] RIP: 0033:0x7fc048d3d5ab [ 434.721176][T10555] Code: fa 10 73 2d 83 fa 08 73 46 83 fa 04 73 16 83 fa 01 7c 10 8a 0e 74 0a 0f b7 74 16 fe 66 89 74 17 fe 88 0f c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 [ 434.740814][T10555] RSP: 002b:00007fc049aef038 EFLAGS: 00010246 [ 434.746922][T10555] RAX: 0000000020400000 RBX: 00007fc048f03f60 RCX: 0000000000000000 [ 434.754931][T10555] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000020400000 [ 434.762895][T10555] RBP: 00007fc048de4e5d R08: 0000000000000004 R09: 0000000000000000 [ 434.770867][T10555] R10: 0000000020400000 R11: 0000000020000080 R12: 0000000000000000 [ 434.778844][T10555] R13: 000000000000000b R14: 00007fc048f03f60 R15: 00007fff94a032e8 [ 434.786935][T10555] [ 434.790284][T10555] Kernel Offset: disabled [ 434.794629][T10555] Rebooting in 86400 seconds..