last executing test programs: 7.057990576s ago: executing program 5 (id=5712): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x20000000000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, 0x0) pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x0) epoll_create1(0x0) socket$unix(0x1, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x24, &(0x7f0000000200)=0x7, 0x4) bind$inet6(r4, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0xc4540, 0x0) r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000100)='./control\x00', 0x0) getdents64(r5, &(0x7f0000fc4fbe)=""/80, 0x50) unlink(&(0x7f00000001c0)='./control/file0\x00') unlinkat(r5, &(0x7f0000000140)='./control\x00', 0x200) rmdir(&(0x7f0000000040)='./control\x00') 6.995654162s ago: executing program 0 (id=5713): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x14507e, 0x0) r3 = eventfd2(0x0, 0x0) dup2(r3, r2) write$eventfd(r3, &(0x7f0000000000)=0xfffffffffffffffe, 0x8) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000000)={0x0, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000240)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f0000000500)=""/73, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000006c0)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000001c0)=0xffffffff) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f00000000c0)={0x0, r3}) close_range(r0, 0xffffffffffffffff, 0x0) 6.636590206s ago: executing program 3 (id=5714): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x54}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 6.365685938s ago: executing program 0 (id=5715): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r1 = socket(0x2, 0x80805, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x0, 0x3, &(0x7f0000000000)=@framed, 0x0}, 0x90) getsockopt$bt_hci(r1, 0x84, 0x7b, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007) 5.931737049s ago: executing program 2 (id=5716): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000100)={"9fcaa0504b38d5004b9277c079417ff857dc9b7ac770169aed764b4d2ada8bde", r1, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000080)={"fe0d1acc7f00001f0000000000000000000000fbffffff00", r2, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r3, 0xc0383e04, &(0x7f0000000280)={""/32, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000380)=[{}]}) 5.779600462s ago: executing program 3 (id=5719): syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000540)='./file0\x00', 0x204018, &(0x7f0000000140)=ANY=[@ANYBLOB="6f76657272696465726f636b7065726d2c6e6f636f6d70726573732c686964652c73657373696f6e3d3078303030303030303030303030303032312c756e686964652c696f636861727365743d63703433372c6f76657272696465726f636b7065726d2c626c6f636b3d3078303030303030303030303030303430302c005fb50aab29cf1d32d24be5ab2a6506aa524c8f1cd5781842ee1c86bee627767fee958f25bb6db8e631262ed8a59d337d730b6698271aeb8c31c1902a7e236e5dd878e6c1352c0c799d8e80d7346f8d2870acebe617c694bbb925d3ab4fb01784c564c03d88c81d2f84f58e8c6ba18548f09fa6"], 0xff, 0x544, &(0x7f0000000580)="$eJzs3W9v00YcwPGfSzuiTKqmMSFUFTjKJhWpBCeBoIgn85xLeuDYke2g9hGqaIoqUpgok9Y+YTxhm7S9CJ7uRewdob2ETbaT/qFNApQ2XfX9RHBX++z7XWr5JzfxWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFhuzbaLlnjGby+pwdxaGDR3f+xtfWCB3NhXDOlXxEr+SS4nl7JFl77ZXX0x+W9OZrOfZiWXFDnZ/vLiV/cuTE70tx8S8InY3Np+utLtdl6MO5BjdPn84HUN7ZsoME2noZWJAlWtVOxbi/VI1Y2no+Uo1k3lhtqJg1DNuzdUsVotK11YDtp+o+Z4ur/w7s2SbVfU/UJLO2EU+LfuFyJ30Xie8Rtpm2R10uZuciA+MLGKtdNUam292ymPGkDSqPghjUqjGpXsUqlYLJWKlTvVO3dte/LAAvs9cqDF+A9ajNdnPHsDRzPRy//iiRFf2rIk6tCXKzUJJZDmgPU9/fz/3S09tN+9+b+f5S/trp6RNP9fEZHvRa4Myv8DYjm516ZsybY8lRXpSlc68mLsEZ3sqyFafDESSSBGmuKkS1RviZKqVKQitjySRalLJErqYsQTLZEsSySx6PSIciUULY7EEkgoSubFlRuipChVqUpZlGgpyLIE0hZfGlITJ93Lmqyn73tZlDUoxp1GxYHDyPePu46UhoyW/I+j+9yncOCT/dvP/wAAAAAA4Myy0r++J9f/U3I5rdWNp+1xhwUAAAAAAD6j9JP/2aSYSmqXxeL6HwAAAACAs8ZK77GzRCQvV7Pamljp7VL8EQAAAAAAgDMi/fz/SlKkc6BcFWtnuhSu/wEAAAAAOCN+GznHftQ6b/39j4ThlPW6tfSttZHOzetsnMu2O/f+HuP6jDXd20laVLJictLVs1Yua7QzCea7XrE2Kg5rNwBnJ4BfPiaAC5Pyh1zL2lxbzcrV/pqsl3zdeLrgBt69ojjO9ESsl+Kfnq3/LOnwf/eb01ZO1rudwuPn3dU0ltfJXl5v9CZQPDCP4pBYXqbzLaT3XBw64qn0Roxev3lL1ta7HXvv+CeyzSf29/hqekifb2QuazXXm/E2v3/8uaTPYmHQ6HtRFI848jdyPWtzff56VhwSRWlUFKW9URz+Xhw9ivKoKMpHjAIAxmVtRBay5EDe/YSz3Kdld/nI7P5G5rM28zPpiXVy5pAzuj3qjG4fMbv9deAZSINybNLvn+9l1bfJBm8H9ht5JSt5C8+93PhRLm5ubd9c31h50nnSeVYqlSv2bdu+U5KpdBi9gtwDADhE9owdGfKMnZEtrNsjrqq/3vlKQUEey3PpyqospHcbpN84OHSv+T1fQ1gYcdWaT9Nk9oSXhSFXdV+kdzn091sa2nZ/DOXj/0UAAHCC5kbk4Q/J/wsjrrv35/LhV8f5PU9rAwAAx0OH76x8/KsVhqb1qFitFp14UaswcB+o0NQaWhk/1qG76PgNrVphEAdu4CWVh6amIxW1W60gjFU9CFUriMxSOn2g6j36PdJNx4+NG7U87URauYEfO26saiZyVav9g2eiRR2mG0ct7Zq6cZ3YBL6Kgnbo6oJSkdZ7Gpqa9mNTN0nVV63QNJ0wpx4GXrupVU1HbmhacZDtsN+X8etB2Ex3Wxj3mw0AwCmxubX9dKXb7bw4xsq4xwgAAPYjSwMAAAAAAAAAAAAAAAAAAAAAcPqdxP1/VI5YmTjlv6b+VNCnJZ4Pr5z/H8Z8QpWRp45Xx35yAnCs/gsAAP//YsVNsQ==") socket$qrtr(0x2a, 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="4400000010000507000000000000000000000006", @ANYRES32=0x0, @ANYBLOB="0000000000001a00240012800b00010062726964676500001400028005002b0003000000080004"], 0x44}}, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x43}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = accept(r0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240), 0xfe, 0x54b, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNF1Gk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvebNmaNGmXrZn5fOC259x70nNP7v2enpOTkACG1mT2oxDxakR8m0Qcajk2GvnByY1y6w+uzWVbEvX6Z38lkeT7muWT/Pd4nnklIn77OuJEYXO91dW1xVK5nC7n+ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dvbX3z3D8/fHrno9PfHFv//pd7h28lcSYO5sda2/EUrrdmJmMyf07G4swTBaf7UNkgSXb7BNiRkTzOxyLrAw7FSB71wP/fVxFRB4ZUIv5hSDXHAc25fZ/mwS+M+x9uTIA2tz/ZeG0k9jXmRgfWk8dmRtl8d6IP9Wd1/Prn7VvZFv17HQKgq+s3IuLU6Gjn/m/nTvVQ5sk69H/w/NzJxj9vtRv/FB6Of6LN+Ge8TezuRPf4L9zrQzUdZeO/D9qOfx8uWk2M5LmXGmO+seTCxXKa9W0vR8TxGNub5bdazzm9frfe6Vjr+C/bsvqbY8H8PO6N7n38MfOlWulp2tzq/o2I17qMf5M21z97Ps71WMfR9PbrnY51b/+zVf854o221//Rilay9frkVON+mGreFZv9ffPo753q3+32Z9f/wNbtn0ha12ur26/jp33/pp2OTSb5ouk27/89yeeN9J5839VSrbY8HbEn+WTz/plHj23mm+Wz9h8/tnX/1+7+3x8RX/TY/ptHbnYsOgjXf35b13/7ibsff/ljp/p76//ebqSO53t66f96PcGnee4AAAAAAABg0BQi4mAkheLDdKFQLG68v+NIHCiUK9XaiQuVlUvz0fis7ESMFZor3eMt74eYzt8P28zPPJGfjYjDEfHdyP5GvjhXKc/vduMBAAAAAAAAAAAAAAAAAABgQIx3+Px/5o+R3T474Jnzld8wvLrGfz++6QkYSP7/w/AS/zC8xD8ML/EPw0v8w/AS/zC8xD8ML/EPAAAAAAAAAAAAAAAAAAAAAAAAAAAAfXXu7Nlsq68/uDaX5eevrK4sVq6cnE+ri8WllbniXGX5cnGhUlkop8W5ylK3v1euVC5Pz8TK1alaWq1NVVfXzi9VVi7Vzl9cKi2k59Ox59IqAAAAAAAAAAAAAAAAAAAAeLFUV9cWS+VyuiwhsaPE6GCchkSfE7vdMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI/8FAAD//wZvNao=") r6 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$tcp_congestion(r6, &(0x7f0000000100)='reno\x00', 0x4) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r7, 0x0) ftruncate(r7, 0x8001) write$tcp_congestion(r6, &(0x7f0000000080)='reno\x00', 0x5) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) recvfrom(r4, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x1f4, 0x0, 0x0) 5.678791235s ago: executing program 2 (id=5720): ioperm(0x0, 0x1, 0x8) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 5.540351742s ago: executing program 5 (id=5721): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000730136000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 5.301167851s ago: executing program 5 (id=5724): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000100)={0x3, r3, 0x0, 0x7ffffe02, 0xb, 0x1fd, 0x1}) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) socket$nl_route(0x10, 0x3, 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) close_range(r5, 0xffffffffffffffff, 0x0) 5.177230798s ago: executing program 3 (id=5725): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000380)={0xb, @raw_data="72d688e84be164cffd8bfd9529ebc9cfd9293655476fbc7c5e712a142533b26fdbe118eb784e79879e99ed325a00390ad0f9331c25cc50d19454a02a261fb3470a5f2c2e6b29718348c884c9fb9a037aa535c261b5e719bba264702103e89af5840d9f607734b1bf6a52560bb27e08ca679112b69ab2b7071154b32bbd1b84fdb1ead653ec401294d06ddf73d427957808ddc30535fb2b99ad8ce0e3e5fc4db64642bc7ea68f98a607206ec10a1a56d9471a406f3494ac5c1df1550ac4b3b648272102d816f521d0"}) 5.055962992s ago: executing program 1 (id=5727): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @private=0xa010101}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 4.93697657s ago: executing program 0 (id=5728): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xb, 0x3, &(0x7f0000000000)=@framed={{0x36, 0xa, 0x0, 0x0, 0x0, 0x61, 0x10, 0xb0}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 4.77135972s ago: executing program 3 (id=5730): prlimit64(0x0, 0xf, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x2, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0xd, 0x8, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001"}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r5, @ANYBLOB="08000300"], 0x44}}, 0x0) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_lsm={0x1d, 0x17, &(0x7f0000000400)=ANY=[@ANYRES16=r6, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005000000085000000060000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x3ff, 0x4d, &(0x7f00000004c0)=""/77, 0x40f00, 0x22, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x3, 0x5, 0x800, 0x7ff}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff, r1], &(0x7f00000005c0)=[{0x3, 0x1, 0x10, 0x8}], 0x10, 0x8}, 0x90) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@mcast2, 0x0, 0x1}, 0x0) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r9, 0x400452c8, &(0x7f0000000100)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r10, 0x0, r8, 0x0, 0x1, 0x0) ioctl$sock_SIOCINQ(r8, 0x541b, &(0x7f0000000000)) close_range(r8, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{0x1, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)='%+9llu \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x20, 0x2b, &(0x7f0000000940)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xddb}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}}, @generic={0x3, 0x2, 0x2}, @call={0x85, 0x0, 0x0, 0xbe}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0x85}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5a5a}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffb}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0xbf, &(0x7f0000000240)=""/191, 0x41000, 0x0, '\x00', r5, 0x10, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r7, 0x9, &(0x7f0000000780)=[r8, r11, r1], &(0x7f00000007c0)=[{0x2, 0x3, 0x7, 0x9}, {0x3, 0x3, 0x2, 0x9}, {0x3, 0x1, 0xa}, {0x5, 0x5, 0x1, 0xa}, {0x4, 0x2, 0x8, 0x4}, {0x4, 0x3, 0x8, 0xa}, {0x2, 0x2, 0x2, 0xa}, {0x4, 0x5, 0xe, 0x7}, {0x0, 0x5, 0x3, 0xc}], 0x10, 0xff}, 0x90) r12 = syz_open_dev$vim2m(&(0x7f0000000340), 0x4000000000001, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r12, 0xc0585609, &(0x7f0000000140)={0x0, 0x9, 0x0, "18e889d15b38429faa8ff62438eaed752e68f3a6d09382b392b049e33958b16c"}) 4.693137702s ago: executing program 0 (id=5731): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x34000840) socket$kcm(0x10, 0x0, 0x0) sendmsg(r0, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001940)=[{0x0, 0xeffdffff}], 0x1}, 0x0) close(r0) 4.659710469s ago: executing program 1 (id=5732): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000100)={"9fcaa0504b38d5004b9277c079417ff857dc9b7ac770169aed764b4d2ada8bde", r1, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000080)={"fe0d1acc7f00001f0000000000000000000000fbffffff00", r2, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r3, 0xc0383e04, &(0x7f0000000280)={""/32, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000380)=[{}]}) 4.405407121s ago: executing program 0 (id=5733): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1a0cc10, &(0x7f0000006080)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b043ebd000000000072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a73c3ffde033b57941ba92cbeb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f037f0b3c3b61f1f6d388072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a4995a430ca7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd7898eda864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4c191d0000000000140000000000c816bbeaa7c8efa7a7e5ee519013434e208fff9bac45b8fc653f68de8e581952e9f6f7284cd39925a9e2515c162d77f2ce25168bbad79ed034bba9226aeb33de4aa528e8f0f53bb9621147355a8ec1f0d67392f340f9f00364defbe60165252a82d1e94719a80a82306b3539a3a936463bac5ab9fdb75ef8b2747dd923fb9d703b02a9aa90490aab821449db6db447af297718481aae1e5a81a4ce5fe116dee0ee21fb6e21460dd11a351e50ae1dfe8190d221d94aa5dc7e9873863c57bc4aa81b993066770f4fd01fba00fd02dd28f9ea0d5857b29bc385700638f2722c0835945a49c2a1c696e0da61b2ecccd16011b842b0fbc49672dbfb53464fe22e78aa3ffad220909db66e951a7bbee66fc605dc5c7ff3481b870e61d88a3b6880e6cee7fbfe9fcd72f2e64d64060152460cea09e5c9b7b55fb87e397a1ea49be53bb1c8ac70192d311d2c08a09b8c9916eec7454f0948ff5dd11ad0c46ca603fd3e4aaf7eb636361ee32bd3058f6fdd5f735c743a0f21d770cbd0dd9f4ece37f78611d3fae73136d6f3555533d50b53e04d880c4f2a11b4406cf344e4c9c326288279584a7dcc3f560bfb3b07e5fd7ca24e8f9c4234a3d361165b746475990189e34415bde43d1f31c1552cd554d20a1d7ed4f5a14b81b427bb39aca2c2cee5b48daaddbdb49e7b26ff773335b8f88e88b919c6d445f5f3ef2926ab35bc9dfba18a51c36685d47066e8b454ae009562f1b4118ffcd517a2ff4e78e22224aff677dcf723ff8f3d92129209205a9e89ad6fc5933ed3384889847932cb29c85c761137ad16bca2743c09dfbc7983ea", @ANYBLOB="a93e1cbfeea088b9cb059ce91c144fd901b2d208e6ec16e9c0bdf78cda5604babe81021bae593d8bf404d46fe9ae1e8a141739e9717566c21648e8f46b4fc9d9ed89ada6f7a6e22947e95e9ce126eb0a646a28283f6f61bd31a6a5c909f53dcaf2e8a1914f6cbd8d230587eb6c11457973c0dd3e81487e464b9536ca11862216e1a7ea1aaca778c2b5eea4e08eeb7bbbfd55e1ba9fbcb378636cca2dcb46a029961a41e272c878b929b276ac2741c8f3b77e7850100e289c3b6edbf5d0377206c0bc212cf6a42ececcd4e98747c0423cc4b304569431e8b3020000000000000013de6e27d28126d9a4988919"], 0x1, 0x559f, &(0x7f0000000400)="$eJzs3M2LG2UYAPBnkm6/rYt48NaBIuxCE5rtB3qyaosf2FL8OHjSbJKGtElm2aTp2lMPHsWD/4koePLo3+BBj3oTD4o3oZKZWWn6/ZFmtf39YPLMPHnzzPsOYeGZWRLAM2s5/euPJA7FvoioRsTBJPL9pNwirkecLsa+FBGHI6Jy05aU+X8TuyNif0QcmhYvaiblW18dnRw5+fu7f37/455dB77+7qcdXTiwo16OiMFGsX91UMSsm4cb1TLfnPTyODgxKePGTI1BVuSvdtbzCleb2+OaeTzeLcZnG1dG03ix32xNY7d3Mc9vDIsTjibd7TrTD6SXmpv5cbuznsfeKMtj91px3q1rxd+2a6NxUadd1vssLx/j8XYs8p2tTrGejct5bA3HZb6om7U7W9M4KWN5umhl/XY+j/VHvcr/fe/1hle20klnc9TLhunJeuOVeuNUrbGZtTvjzolac9A+dSJd6fanw2rjTnNwuptl3X6n3soGq+lKt9WqNRrpypnOeq85TBuN+vH6sdrJ1XLvaPrW+Y/SfjtdmcY3esMr415/lF7MNtPiE6vpWv34q6vpkUb6wbkL6YX3z549d+HDT858fP71c++8WQ66bVrpytqxtbVa41htrbH6DK3/83LSD7H+5M7pX35+vMsGADyi2/r/uLX/D/0/MHf36P/j0n36/8Hl8vjJ9P9xx/6/Mtv/xzz7/2lLpf+/f/9b2YH+dyn0/w+8/upjfhvgId3lBtN97J77PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWLhfl755O99ZLo4PlPnnytQL5XESEZWIuHEH1dg9U7Na1lm6y/ilW+bwQxJ5hek59pTb/og4XW5/P/+krwIAAAA8vb69fvjLolsvXpZ3ekIsUnHTpnLw0znVSyJiafm3OVWrTF9enFOx/Pu9K7bmVC2/gbV3TsWKW2675lXtgVRnwt6bQlKEykKnAwAALMRsJ7DYLgQAAIBF+uKe7762sHmwYElsP8rcfhac/+d9xL7ygeC+mfcAAACA/6FkpycAAAAAPHF5/+/3/wAAAODpVvz+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/7NxdrtJAFADg0/YW/I3E+O5WfINluAQffRQW4CZYAq7AxA2wBkx8cAcqGDojSRUSYltQ7vclnd6ZC2dOgZczbQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCF9rlezD+9evu8Y5uOPXTd/N+32rmPeAAAAcC9s6tWs+WOS+o/z+NM89Dz3i4goI+JY7V7FqBWzynHqE6+vf8vhU0QTYT8+zsejiHiVj+/Phv4UAAAA4HatF8tpqtZTk5cAvpz37m8DZsYFpEWb8snrnuIVEVFPvvYUrdw3Lw7debdo+9/3XbztnFXSLGA96ClYWnI78SDLqK9J2qrW6deVzJsvsemVw8wLAABcU7sS8Dg9AADA7Xpz7QS4hD9L++LQHO4zjtMp3xB82OoBAAAA/6Hi2gkAAAAAfaqODTb1/7+0/19h/z8AAADoXdr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCFt6tVsvVhOT/1/fmac7a6b/q4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAn+/OOAiEQBmGwd31nMvc/rDRoaGxSBcLH3xgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzsz0sKhEAQRMGc8b+Tvv9hJUHPIEIENDyqqEUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzs27FvG1UYAPDPvthtCogQUCQCKEgdYKGpW1o6ghAoYuBPQIpSpwRSCm0GWkWULGwocxcEI0JIoLDlf+jcSF3K1iFDkJgYgu5855xjQ6MSnU39+0nP77vn67vvzlaV794ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjsvhMv1/M4SV+mOnExdm9vfSntdw71qe3N+7NpS+NaxXmPnonDA6+UN+ZmKk0GAACAMZUU9f3bB2P1qaz+b3S3I+L7ZzpxUc8frvt39tZP5m/NFvX/b78+fKE76VSSHSeddHlltX22P5W+QnlcPPvIPSayK5/de0myD6T+wcbzu43seta+vXv3vWYWnqgiWwDgcZwp+jwo/h5K+9YwEwNgbEyUCu8Hja2FtE+mhpsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBV2N+KpIq5FxOzEQZza2VtfGtR/vXl/djtvF+/c2SzPmU7RiIjlldX22QrPZXQVV/PWp4urq+3rN25WHcxFxIC3bh/tnyd5+v+4TzMiekZOvzhgno+OcKxD8/QF+dczqr2Gk+n5PXLnWs9Ire+Cv7vfMYwvwPEFc/knMHifev7uSKR6zEHx3Tv+mSv8rwgAgLHQyFtaiT5obC2kY7XpiP0feuv/10px9NT9+7c7I53t7VL9//Dji/fKxyrX/62Kzu//YH7t6ufzN27eemPl6uKV9pX2Z2+ea73VOn/pwoVL89m9kvnlqLtjAgAAwH/QzFu5/q9P96//nyrF8S/r/+X6/4vvWl+Vj5Wo/wc6WPQbdiYAAADjqNmNnnv1zz9qA/aoNZvx5eLa2vVW57W7fa7zWmm6j+lE3sr1fzI97KwAAACAKuxu1HrW/y+X4jji+v/TP770c3nOJCImI65FRPvM0rXVy9Wdzkir4ofK2YGawz5TAAAAhmUyb+X1/0b2/H+9+8hDPSJePx3xV/4b/jhi/Z+8/81P5WOVn/8/X+lZjp76TOd6ZP1MxMTMsDMCAADgSXYyb2mx/3tja+GTX0592PT8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDV/g4AAP//kF4wGA==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) truncate(&(0x7f0000000100)='./file1\x00', 0xc88) truncate(&(0x7f0000000080)='./file1\x00', 0xc00) 4.088884013s ago: executing program 5 (id=5734): r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000100)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000280)=@assoc_value, &(0x7f0000000200)=0x8) 4.021385285s ago: executing program 1 (id=5735): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000006400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="2400000000000000290020003200000000000000000000000000ffffffff", @ANYRES32=0x0, @ANYBLOB="000000002400000000000000290000003200000000000000000000000000000000000001"], 0x50}}], 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000040)={'filter\x00', 0x104, 0x4, 0x3c8, 0x0, 0x110, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@private, @private, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip_vti0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @mac=@remote, @multicast2, @loopback}}}, {{@arp={@loopback, @remote, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'vlan1\x00', 'xfrm0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) 3.793057475s ago: executing program 2 (id=5736): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="070000000000000000001b22004018000180140002"], 0x2c}}, 0x0) 3.543976317s ago: executing program 2 (id=5738): ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42802, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000023896) 3.481776035s ago: executing program 4 (id=5739): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)={0x20, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x4}]]}, 0x20}}, 0x0) 3.222724303s ago: executing program 4 (id=5740): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000100)=0xffffffff, 0x4) 3.019582357s ago: executing program 5 (id=5741): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x6, &(0x7f0000000400)=[{0x6, 0x3, 0x7, 0x7613}, {0x6, 0x2, 0x8, 0x2b52}, {0x401, 0x9, 0x9, 0x3ff}, {0x825b, 0x81, 0x2, 0x634}, {0xc0e, 0x3f, 0x55, 0x1f}, {0x7fff, 0x0, 0x7, 0x2}]}) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89001) fchdir(r0) prlimit64(0x0, 0xe, &(0x7f0000000140), 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000)) io_uring_setup(0x0, &(0x7f0000000180)={0x0, 0xfffffffb, 0x2, 0x10000, 0xf6}) fcntl$lock(0xffffffffffffffff, 0x25, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x7, &(0x7f0000000000)={0x0, 0x0, 0xd4a4}) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @private1}, 0x1c) r3 = socket$qrtr(0x2a, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000002030102000000000000000000000010080001000100000016c798a7a8be429f266aaa9fc26d5d401e00572f6bbf0e38b11b74fb052adbead0994c7e8c6a24cc5be3479fc2117ee54cc3b0a38ad3b7f90b31dfae64b66dd684f56214dcdc8185e581b1c33f5ad671e8ac18454066395c8eec06f484df86911de70a9410dc9f2a63839212062db703bd9a386bb2ca210a712924631d3923da233f43ce65cff9022548853c33ff260bfd4ca4580f8a1c80d4548497e4b492b934d2052345915c29838b78932aa8abe8c36f053711e5dc0b6a0812"], 0x1c}}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000380)=@assoc_value, &(0x7f00000003c0)=0x8) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000140)={'virt_wifi0\x00', 0x1}) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'virt_wifi0\x00'}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x5, &(0x7f0000000080)=[{0x44, 0x0, 0x0, 0xffffffff}, {0xc}, {}, {0x20, 0x0, 0x0, 0x20}, {0x6}]}) syz_open_dev$vcsn(&(0x7f0000000000), 0x1ff, 0x800002) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10065, 0x0) close_range(r4, 0xffffffffffffffff, 0x2) 3.0041807s ago: executing program 4 (id=5742): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xa}, @generic, @initr0, @exit, @alu={0x0, 0x0, 0x2}]}, &(0x7f0000000000)='GPL\x00', 0x8, 0xde, &(0x7f0000000340)=""/222}, 0x90) 2.964468618s ago: executing program 2 (id=5743): syz_emit_ethernet(0xae, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x18, 0xb, '\x00\x00\x00\x00\x00\x00'}, {0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "005ff9297d00001392000100"}]}}}}}}, 0x0) 2.830339196s ago: executing program 4 (id=5744): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000580)='debugfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000300)=""/132, 0x84) lseek(r0, 0x0, 0x0) 2.682356686s ago: executing program 1 (id=5745): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x34000840) socket$kcm(0x10, 0x0, 0x0) sendmsg(r0, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001940)=[{0x0, 0xeffdffff}], 0x1}, 0x0) close(r0) 2.64118s ago: executing program 2 (id=5746): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000007112370000000000950000000000000089e2d90aa1795cc26efb1dacf01150510936875c66d6a7d6eb12d4cdbc5c0ce0d29df91940d8ca08008e7aa5b3c9a10909d6e18b263131bf965f55746df5189a2e23905ae4dc5340e0eb74eb523d5b77a763cccb768b4453c8b1b1dd0a71983b5c2cfe11f3d30228772b0b798ebaf5abde2ce3ec34f8c6f13ee1f181ac563ba7a7edc9be94452da6d7eb67ae3243cb393245efd0dd21de9553cbd1a8516282de458c44d1ddae97af584de743d44ed18d20dd3b2c42cf1e8b27788dfc562367d46197198cd19fda89a6feca6c738b1d4b2522"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f010400000009058303"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f0000000300)={0x50, 0xffff, 0x0, {}, {}, @cond}) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000440)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)={0xbc, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @remote}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @private}}}}]}, @CTA_EXPECT_MASK={0x3c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}]}]}, 0xbc}}, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d0, 0x0, 0x4c, 0x1a, 0x0, 0x25, 0x228, 0x258, 0x258, 0x228, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'wg2\x00', 'macvlan1\x00'}, 0x0, 0xe0, 0x128, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'team_slave_1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330) setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) lseek(r4, 0xc, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.351626737s ago: executing program 4 (id=5747): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) 2.318778746s ago: executing program 1 (id=5748): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x1210020, &(0x7f0000000000)={[{@gid={'gid', 0x3d, r1}}]}) 2.093477785s ago: executing program 4 (id=5749): ioperm(0x0, 0x1, 0x8) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 2.003759985s ago: executing program 3 (id=5750): r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000640), 0xaa80, 0x0) ioctl$CAPI_MANUFACTURER_CMD(r0, 0xc0404309, &(0x7f0000000040)={0x43, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_CREATE(r4, 0x541b) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_int(r5, 0x1, 0x1, &(0x7f0000000180)=0x8001, 0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}}, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x90) syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r7, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0}, 0x48000) 385.254697ms ago: executing program 1 (id=5751): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x13, &(0x7f00000009c0)=@framed={{}, [@printk={@p, {0x3, 0x0, 0x3, 0xa, 0x0}, {0x5}, {0x6, 0x0, 0x2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, @printk={@p, {0x5, 0x3, 0x6, 0xa, 0x1, 0xfff5}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 146.483954ms ago: executing program 3 (id=5752): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)={0x20, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x4}]]}, 0x20}}, 0x0) 144.069506ms ago: executing program 5 (id=5753): r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000100)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000280)=@assoc_value, &(0x7f0000000200)=0x8) 0s ago: executing program 0 (id=5754): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000100)=0xffffffff, 0x4) kernel console output (not intermixed with test programs): detected [ 1211.640516][T12672] hsr_slave_0: left promiscuous mode [ 1211.673392][T12672] hsr_slave_1: left promiscuous mode [ 1211.694326][T10344] bio_check_eod: 8956 callbacks suppressed [ 1211.699074][T10344] syz.1.1722: attempt to access beyond end of device [ 1211.699074][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1211.734207][T10344] syz.1.1722: attempt to access beyond end of device [ 1211.734207][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1211.756261][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1211.770668][T12672] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1211.790242][T10344] syz.1.1722: attempt to access beyond end of device [ 1211.790242][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1211.816519][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1211.843331][T10344] syz.1.1722: attempt to access beyond end of device [ 1211.843331][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1211.863374][T12672] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1211.882597][T10344] syz.1.1722: attempt to access beyond end of device [ 1211.882597][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1211.935014][T10344] syz.1.1722: attempt to access beyond end of device [ 1211.935014][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1211.975923][T10344] syz.1.1722: attempt to access beyond end of device [ 1211.975923][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1212.003155][T12672] hsr_slave_0: left promiscuous mode [ 1212.030845][T12672] hsr_slave_1: left promiscuous mode [ 1212.045950][T10344] syz.1.1722: attempt to access beyond end of device [ 1212.045950][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1212.064388][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1212.078209][T10344] syz.1.1722: attempt to access beyond end of device [ 1212.078209][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1212.083201][T12672] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1212.106749][T10344] syz.1.1722: attempt to access beyond end of device [ 1212.106749][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1212.133601][T15069] Bluetooth: hci6: command tx timeout [ 1212.143564][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1212.150948][T12672] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1212.354219][T12672] veth1_macvtap: left promiscuous mode [ 1212.403253][T12672] veth0_macvtap: left promiscuous mode [ 1212.430388][T12672] veth1_vlan: left promiscuous mode [ 1212.459679][T12672] veth0_vlan: left promiscuous mode [ 1212.491192][T12672] veth1_macvtap: left promiscuous mode [ 1212.514341][T12672] veth0_macvtap: left promiscuous mode [ 1212.520050][T12672] veth1_vlan: left promiscuous mode [ 1212.537878][T12672] veth0_vlan: left promiscuous mode [ 1213.333665][T15069] Bluetooth: hci3: command tx timeout [ 1214.213373][T15069] Bluetooth: hci6: command tx timeout [ 1215.317080][T12672] team0 (unregistering): Port device team_slave_1 removed [ 1215.413257][T15069] Bluetooth: hci3: command tx timeout [ 1215.458306][T12672] team0 (unregistering): Port device team_slave_0 removed [ 1216.293215][T15069] Bluetooth: hci6: command tx timeout [ 1216.723093][T10344] bio_check_eod: 12385 callbacks suppressed [ 1216.724699][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.724699][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1216.754861][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.754861][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1216.784259][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.784259][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1216.823111][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.823111][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1216.863652][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.863652][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1216.883240][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.883240][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1216.919430][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.919430][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1216.954113][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.954113][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1216.990540][T10344] syz.1.1722: attempt to access beyond end of device [ 1216.990540][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1217.025083][T10344] syz.1.1722: attempt to access beyond end of device [ 1217.025083][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1217.369673][T20314] loop2: detected capacity change from 0 to 2048 [ 1218.186859][T20320] loop2: detected capacity change from 0 to 32768 [ 1218.194906][T20320] bcachefs (/dev/loop2): error reading superblock: error opening /dev/loop2: EACCES [ 1219.590525][T12672] team0 (unregistering): Port device team_slave_1 removed [ 1219.747436][T12672] team0 (unregistering): Port device team_slave_0 removed [ 1219.958362][T20332] loop2: detected capacity change from 0 to 256 [ 1221.160988][T20312] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1221.223245][T20312] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1221.707089][T20264] chnl_net:caif_netlink_parms(): no params data found [ 1221.717785][ T5099] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1221.742296][T10344] bio_check_eod: 17771 callbacks suppressed [ 1221.742317][T10344] syz.1.1722: attempt to access beyond end of device [ 1221.742317][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1221.753655][ T5099] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1221.784897][ T5099] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1221.807848][T10344] syz.1.1722: attempt to access beyond end of device [ 1221.807848][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1221.823681][T10344] syz.1.1722: attempt to access beyond end of device [ 1221.823681][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1221.838436][T10344] syz.1.1722: attempt to access beyond end of device [ 1221.838436][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1221.856524][T10344] syz.1.1722: attempt to access beyond end of device [ 1221.856524][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1221.856875][ T5099] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1221.870420][T10344] syz.1.1722: attempt to access beyond end of device [ 1221.870420][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1221.887286][ T5099] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1221.897760][ T5099] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1221.932308][T20043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1221.976718][T10344] syz.1.1722: attempt to access beyond end of device [ 1221.976718][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1222.009596][T20023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1222.033442][T10344] syz.1.1722: attempt to access beyond end of device [ 1222.033442][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1222.083298][T10344] syz.1.1722: attempt to access beyond end of device [ 1222.083298][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1222.097106][T10344] syz.1.1722: attempt to access beyond end of device [ 1222.097106][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1222.236136][T20340] lo speed is unknown, defaulting to 1000 [ 1222.280093][T20270] chnl_net:caif_netlink_parms(): no params data found [ 1222.683943][T10443] usb 6-1: USB disconnect, device number 41 [ 1222.811129][T20264] bridge0: port 1(bridge_slave_0) entered blocking state [ 1222.833397][T20264] bridge0: port 1(bridge_slave_0) entered disabled state [ 1222.851049][T20264] bridge_slave_0: entered allmulticast mode [ 1222.875333][T20264] bridge_slave_0: entered promiscuous mode [ 1222.925924][T20043] 8021q: adding VLAN 0 to HW filter on device team0 [ 1223.012563][T20264] bridge0: port 2(bridge_slave_1) entered blocking state [ 1223.039759][T20264] bridge0: port 2(bridge_slave_1) entered disabled state [ 1223.086243][T20264] bridge_slave_1: entered allmulticast mode [ 1223.127033][T20264] bridge_slave_1: entered promiscuous mode [ 1223.185665][T10444] bridge0: port 1(bridge_slave_0) entered blocking state [ 1223.192821][T10444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1223.438758][T10444] bridge0: port 2(bridge_slave_1) entered blocking state [ 1223.445993][T10444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1223.495625][T20264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1223.531375][T20264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1223.612451][T20270] bridge0: port 1(bridge_slave_0) entered blocking state [ 1223.632573][T20270] bridge0: port 1(bridge_slave_0) entered disabled state [ 1223.642522][T20270] bridge_slave_0: entered allmulticast mode [ 1223.668427][T20270] bridge_slave_0: entered promiscuous mode [ 1223.698970][T20270] bridge0: port 2(bridge_slave_1) entered blocking state [ 1223.707313][T20270] bridge0: port 2(bridge_slave_1) entered disabled state [ 1223.714690][T20270] bridge_slave_1: entered allmulticast mode [ 1223.722288][T20270] bridge_slave_1: entered promiscuous mode [ 1223.905560][T10444] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1223.960433][T20270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1223.983981][ T5099] Bluetooth: hci7: command tx timeout [ 1224.036137][T20264] team0: Port device team_slave_0 added [ 1224.070782][T20270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1224.125541][T10444] usb 3-1: Using ep0 maxpacket: 8 [ 1224.140560][T10444] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1224.157343][T20023] veth0_vlan: entered promiscuous mode [ 1224.164642][T10444] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 1224.180635][T10444] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1224.212979][T20264] team0: Port device team_slave_1 added [ 1224.288969][T20270] team0: Port device team_slave_0 added [ 1224.322381][T20023] veth1_vlan: entered promiscuous mode [ 1224.441061][T20270] team0: Port device team_slave_1 added [ 1224.514200][T20264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1224.543616][T20264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1224.609500][T20264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1224.647227][T20264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1224.665294][T20264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1224.708275][T20264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1224.806601][T20270] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1224.833247][T20270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1224.859680][T20270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1224.930117][T20270] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1224.941545][T20270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1224.957889][T10444] usb 3-1: string descriptor 0 read error: -71 [ 1224.980358][T20270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1225.013516][T10444] hub 3-1:32.0: USB hub found [ 1225.034958][T10444] hub 3-1:32.0: config failed, can't read hub descriptor (err -22) [ 1225.143905][T10444] usb 3-1: USB disconnect, device number 22 [ 1225.396083][T20264] hsr_slave_0: entered promiscuous mode [ 1225.402698][T20264] hsr_slave_1: entered promiscuous mode [ 1225.426086][T20264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1225.443116][T20264] Cannot create hsr debugfs directory [ 1225.650790][T20270] hsr_slave_0: entered promiscuous mode [ 1225.683524][T20270] hsr_slave_1: entered promiscuous mode [ 1225.703155][T20270] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1225.710745][T20270] Cannot create hsr debugfs directory [ 1226.048399][T20376] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5267'. [ 1226.058813][T20376] unsupported nlmsg_type 40 [ 1226.071445][T20376] loop2: detected capacity change from 0 to 256 [ 1226.079753][ T5099] Bluetooth: hci7: command tx timeout [ 1226.834931][T10344] bio_check_eod: 15306 callbacks suppressed [ 1226.834954][T10344] syz.1.1722: attempt to access beyond end of device [ 1226.834954][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1226.870502][T20043] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1226.883253][T10344] syz.1.1722: attempt to access beyond end of device [ 1226.883253][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1226.899925][T10344] syz.1.1722: attempt to access beyond end of device [ 1226.899925][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1226.933283][T10344] syz.1.1722: attempt to access beyond end of device [ 1226.933283][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1226.946140][T20023] veth0_macvtap: entered promiscuous mode [ 1226.960024][T10344] syz.1.1722: attempt to access beyond end of device [ 1226.960024][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1226.967189][T20023] veth1_macvtap: entered promiscuous mode [ 1227.023369][T10344] syz.1.1722: attempt to access beyond end of device [ 1227.023369][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1227.059223][T10344] syz.1.1722: attempt to access beyond end of device [ 1227.059223][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1227.091639][T10344] syz.1.1722: attempt to access beyond end of device [ 1227.091639][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1227.134552][T10344] syz.1.1722: attempt to access beyond end of device [ 1227.134552][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1227.169790][T20340] chnl_net:caif_netlink_parms(): no params data found [ 1227.177655][T10344] syz.1.1722: attempt to access beyond end of device [ 1227.177655][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1227.341494][T20023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.364515][T20023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.393128][T20023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.413369][T20023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.433176][T20023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.453259][T20023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.468974][T20385] loop2: detected capacity change from 0 to 2048 [ 1227.474519][T20023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.494102][T20023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.515723][T20023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1227.583384][T20385] loop2: p1 < > p3 p4 < > [ 1227.606399][T20385] loop2: p3 start 4259840 is beyond EOD, truncated [ 1227.756240][T20023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1227.773136][T20023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.782967][T20023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1227.811597][T20023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.833942][T20023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1227.857225][T20023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.869480][T20023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1228.080241][T20023] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1228.103163][T20023] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1228.111975][T20023] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1228.131263][T20023] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1228.144375][ T5099] Bluetooth: hci7: command tx timeout [ 1228.360760][T20340] bridge0: port 1(bridge_slave_0) entered blocking state [ 1228.370781][T20340] bridge0: port 1(bridge_slave_0) entered disabled state [ 1228.378932][T20340] bridge_slave_0: entered allmulticast mode [ 1228.387220][T20340] bridge_slave_0: entered promiscuous mode [ 1228.469790][T20340] bridge0: port 2(bridge_slave_1) entered blocking state [ 1228.485341][T20340] bridge0: port 2(bridge_slave_1) entered disabled state [ 1228.494781][T20340] bridge_slave_1: entered allmulticast mode [ 1228.504332][T20340] bridge_slave_1: entered promiscuous mode [ 1228.670331][T20340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1228.747346][T20043] veth0_vlan: entered promiscuous mode [ 1228.782135][T20340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1229.042426][T20340] team0: Port device team_slave_0 added [ 1229.077442][T20340] team0: Port device team_slave_1 added [ 1229.126444][T20043] veth1_vlan: entered promiscuous mode [ 1229.393524][T20340] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1229.403920][T20340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1229.444859][T20340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1229.471442][T20340] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1229.478800][T20340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1229.506337][T20340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1229.521682][T12672] bridge_slave_1: left allmulticast mode [ 1229.530765][T12672] bridge_slave_1: left promiscuous mode [ 1229.544907][T12672] bridge0: port 2(bridge_slave_1) entered disabled state [ 1229.564296][T12672] bridge_slave_0: left allmulticast mode [ 1229.574558][T12672] bridge_slave_0: left promiscuous mode [ 1229.587013][T12672] bridge0: port 1(bridge_slave_0) entered disabled state [ 1229.610037][T12672] bridge_slave_1: left allmulticast mode [ 1229.623403][T12672] bridge_slave_1: left promiscuous mode [ 1229.639915][T12672] bridge0: port 2(bridge_slave_1) entered disabled state [ 1229.662356][T12672] bridge_slave_0: left allmulticast mode [ 1229.673242][T12672] bridge_slave_0: left promiscuous mode [ 1229.679014][T12672] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.213812][ T5099] Bluetooth: hci7: command tx timeout [ 1231.065796][T12672] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1231.087328][T12672] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1231.123559][T12672] bond0 (unregistering): Released all slaves [ 1231.470845][T12672] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1231.483576][T12672] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1231.507443][T12672] bond0 (unregistering): Released all slaves [ 1231.696692][T20398] loop2: detected capacity change from 0 to 512 [ 1231.723610][ T2431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1231.743316][ T2431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1231.843400][T10344] bio_check_eod: 26784 callbacks suppressed [ 1231.843425][T10344] syz.1.1722: attempt to access beyond end of device [ 1231.843425][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1231.894606][T10344] syz.1.1722: attempt to access beyond end of device [ 1231.894606][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1231.896274][ T29] audit: type=1326 audit(2000000078.649:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20397 comm="syz.2.5275" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b45175bd9 code=0x0 [ 1231.920878][T10344] syz.1.1722: attempt to access beyond end of device [ 1231.920878][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1232.001073][T10344] syz.1.1722: attempt to access beyond end of device [ 1232.001073][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1232.011163][T20340] hsr_slave_0: entered promiscuous mode [ 1232.021942][T20340] hsr_slave_1: entered promiscuous mode [ 1232.072833][T10344] syz.1.1722: attempt to access beyond end of device [ 1232.072833][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1232.103305][T20340] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1232.113564][T10344] syz.1.1722: attempt to access beyond end of device [ 1232.113564][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1232.123114][T20340] Cannot create hsr debugfs directory [ 1232.193389][T10344] syz.1.1722: attempt to access beyond end of device [ 1232.193389][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1232.219478][T10344] syz.1.1722: attempt to access beyond end of device [ 1232.219478][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1232.242104][T10344] syz.1.1722: attempt to access beyond end of device [ 1232.242104][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1232.255760][T10344] syz.1.1722: attempt to access beyond end of device [ 1232.255760][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1232.284261][T20043] veth0_macvtap: entered promiscuous mode [ 1232.488804][T20043] veth1_macvtap: entered promiscuous mode [ 1232.548609][T20264] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1232.584191][T20264] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1232.783599][T12672] hsr_slave_0: left promiscuous mode [ 1232.789842][T12672] hsr_slave_1: left promiscuous mode [ 1232.821212][T12672] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1232.839124][T12672] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1232.872940][T12672] hsr_slave_0: left promiscuous mode [ 1232.893253][T12672] hsr_slave_1: left promiscuous mode [ 1232.899986][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1232.914071][T12672] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1232.943995][T12672] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1233.017639][T12672] veth1_macvtap: left promiscuous mode [ 1233.023301][T12672] veth0_macvtap: left promiscuous mode [ 1233.029159][T12672] veth1_vlan: left promiscuous mode [ 1233.034608][T12672] veth0_vlan: left promiscuous mode [ 1233.761648][T12672] team0 (unregistering): Port device team_slave_1 removed [ 1233.880490][T12672] team0 (unregistering): Port device team_slave_0 removed [ 1235.904707][T12672] team0 (unregistering): Port device team_slave_1 removed [ 1236.010348][T12672] team0 (unregistering): Port device team_slave_0 removed [ 1236.771127][T15069] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1236.793329][T15069] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1236.826928][T15069] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1236.874464][T10344] bio_check_eod: 22744 callbacks suppressed [ 1236.874488][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.874488][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1236.894815][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.894815][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1236.908819][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.908819][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1236.922571][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.922571][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1236.922798][T15069] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1236.936354][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.936354][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1236.936448][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.936448][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1236.936510][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.936510][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1236.936573][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.936573][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1236.967019][T15069] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1236.990382][T10344] syz.1.1722: attempt to access beyond end of device [ 1236.990382][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1237.014599][T15069] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1237.018775][T10344] syz.1.1722: attempt to access beyond end of device [ 1237.018775][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1237.474560][ T5320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1237.482430][ T5320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1237.490212][T20264] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1237.512724][T20264] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1237.562780][T20043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1237.593079][T20043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.605550][T20043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1237.643132][T20043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.663379][T20043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1237.694187][T20043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.715571][T20043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1237.733887][T20043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1237.755265][T20043] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1238.067650][T20043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1238.087971][T20043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1238.123083][T20043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1238.144332][T20043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1238.160704][T20043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1238.184886][T20043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1238.206438][T20043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1238.223212][T20043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1238.259955][T20043] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1238.280398][T20409] lo speed is unknown, defaulting to 1000 [ 1238.378720][ T1236] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.387481][ T1236] ieee802154 phy1 wpan1: encryption failed: -22 [ 1238.521610][T20043] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1238.552508][T20043] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1238.575447][T20043] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1238.593380][T20043] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1239.097341][ T5099] Bluetooth: hci4: command tx timeout [ 1239.515253][T20264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1239.611154][T20270] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1239.917675][T15069] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1239.929992][T15069] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1239.939168][T15069] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1239.942369][T20340] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1239.964962][T15069] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1239.975986][T15069] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1239.985803][T15069] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1240.025380][T20409] chnl_net:caif_netlink_parms(): no params data found [ 1240.050632][T20270] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1240.102242][T20270] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1240.192349][T20264] 8021q: adding VLAN 0 to HW filter on device team0 [ 1240.291457][T20435] loop2: detected capacity change from 0 to 1024 [ 1240.372086][T20435] loop2: detected capacity change from 0 to 128 [ 1240.449487][T20340] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1240.506831][T20270] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1240.540828][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state [ 1240.548045][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1240.748231][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 1240.755454][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1240.869644][T20340] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1240.935366][T20428] lo speed is unknown, defaulting to 1000 [ 1241.055922][T20409] bridge0: port 1(bridge_slave_0) entered blocking state [ 1241.083253][T20409] bridge0: port 1(bridge_slave_0) entered disabled state [ 1241.090518][T20409] bridge_slave_0: entered allmulticast mode [ 1241.125146][T20409] bridge_slave_0: entered promiscuous mode [ 1241.173210][T15069] Bluetooth: hci4: command tx timeout [ 1241.237083][T20437] loop2: detected capacity change from 0 to 32768 [ 1241.318788][T20340] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1241.368561][T20409] bridge0: port 2(bridge_slave_1) entered blocking state [ 1241.397987][T20409] bridge0: port 2(bridge_slave_1) entered disabled state [ 1241.422254][T20409] bridge_slave_1: entered allmulticast mode [ 1241.445023][T20409] bridge_slave_1: entered promiscuous mode [ 1241.536837][T20409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1241.644540][T20409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1241.847260][T12672] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1241.883414][T10344] bio_check_eod: 17475 callbacks suppressed [ 1241.883439][T10344] syz.1.1722: attempt to access beyond end of device [ 1241.883439][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1241.904928][T10344] syz.1.1722: attempt to access beyond end of device [ 1241.904928][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1241.954662][T10344] syz.1.1722: attempt to access beyond end of device [ 1241.954662][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1241.993488][T10344] syz.1.1722: attempt to access beyond end of device [ 1241.993488][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1242.008223][T10344] syz.1.1722: attempt to access beyond end of device [ 1242.008223][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1242.010415][T12672] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.038321][T10344] syz.1.1722: attempt to access beyond end of device [ 1242.038321][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1242.051896][T10344] syz.1.1722: attempt to access beyond end of device [ 1242.051896][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1242.065637][T15069] Bluetooth: hci0: command tx timeout [ 1242.075441][T10344] syz.1.1722: attempt to access beyond end of device [ 1242.075441][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1242.090159][T10344] syz.1.1722: attempt to access beyond end of device [ 1242.090159][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1242.104058][T10344] syz.1.1722: attempt to access beyond end of device [ 1242.104058][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1242.132334][T20409] team0: Port device team_slave_0 added [ 1242.267826][T12672] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.507676][T20409] team0: Port device team_slave_1 added [ 1242.605577][T20449] loop2: detected capacity change from 0 to 8 [ 1242.848431][T12672] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1242.901250][T20409] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1242.911489][T20409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1242.969578][T20409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1242.993999][T20409] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1243.000956][T20409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1243.045337][T20409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1243.082884][T20264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1243.213518][T20340] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1243.253483][T15069] Bluetooth: hci4: command tx timeout [ 1243.293855][T20340] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1243.427735][T20340] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1243.474819][T20340] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1243.562214][T20409] hsr_slave_0: entered promiscuous mode [ 1243.567240][T20462] loop2: detected capacity change from 0 to 512 [ 1243.584442][T20462] EXT4-fs: Ignoring removed i_version option [ 1243.590535][T20462] EXT4-fs: Ignoring removed nobh option [ 1243.603580][T20409] hsr_slave_1: entered promiscuous mode [ 1243.609886][T20409] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1243.617540][T20409] Cannot create hsr debugfs directory [ 1244.057515][ T29] audit: type=1326 audit(2000000090.809:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20467 comm="syz.2.5298" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b45175bd9 code=0x0 [ 1244.081296][T12672] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.133810][T15069] Bluetooth: hci0: command tx timeout [ 1244.270851][T12672] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.362026][T20264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1244.386252][T20428] chnl_net:caif_netlink_parms(): no params data found [ 1244.457197][T12672] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.651251][T12672] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.760347][T20270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1244.962881][T20428] bridge0: port 1(bridge_slave_0) entered blocking state [ 1244.993404][T20428] bridge0: port 1(bridge_slave_0) entered disabled state [ 1245.001014][T20428] bridge_slave_0: entered allmulticast mode [ 1245.024965][T20428] bridge_slave_0: entered promiscuous mode [ 1245.115763][T20270] 8021q: adding VLAN 0 to HW filter on device team0 [ 1245.128729][T20428] bridge0: port 2(bridge_slave_1) entered blocking state [ 1245.143267][T20428] bridge0: port 2(bridge_slave_1) entered disabled state [ 1245.150574][T20428] bridge_slave_1: entered allmulticast mode [ 1245.175365][T20428] bridge_slave_1: entered promiscuous mode [ 1245.288017][T20264] veth0_vlan: entered promiscuous mode [ 1245.334210][T15069] Bluetooth: hci4: command tx timeout [ 1245.446901][T10447] bridge0: port 1(bridge_slave_0) entered blocking state [ 1245.454122][T10447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1245.481683][T10447] bridge0: port 2(bridge_slave_1) entered blocking state [ 1245.488909][T10447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1245.539309][T20428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1245.567359][T20428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1245.871802][T20428] team0: Port device team_slave_0 added [ 1245.899212][T12672] bridge_slave_1: left allmulticast mode [ 1245.907361][T12672] bridge_slave_1: left promiscuous mode [ 1245.934285][T12672] bridge0: port 2(bridge_slave_1) entered disabled state [ 1245.967345][T12672] bridge_slave_0: left allmulticast mode [ 1245.993768][T12672] bridge_slave_0: left promiscuous mode [ 1245.999631][T12672] bridge0: port 1(bridge_slave_0) entered disabled state [ 1246.024644][T12672] bridge_slave_1: left allmulticast mode [ 1246.030316][T12672] bridge_slave_1: left promiscuous mode [ 1246.042480][T12672] bridge0: port 2(bridge_slave_1) entered disabled state [ 1246.052762][T12672] bridge_slave_0: left allmulticast mode [ 1246.063184][T12672] bridge_slave_0: left promiscuous mode [ 1246.068956][T12672] bridge0: port 1(bridge_slave_0) entered disabled state [ 1246.189605][ T29] audit: type=1326 audit(2000000092.939:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20488 comm="syz.2.5306" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b45175bd9 code=0x0 [ 1246.225500][T15069] Bluetooth: hci0: command tx timeout [ 1246.908055][T10344] bio_check_eod: 22734 callbacks suppressed [ 1246.908087][T10344] syz.1.1722: attempt to access beyond end of device [ 1246.908087][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1246.931130][T10344] syz.1.1722: attempt to access beyond end of device [ 1246.931130][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1246.963272][T10344] syz.1.1722: attempt to access beyond end of device [ 1246.963272][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1246.990096][T10344] syz.1.1722: attempt to access beyond end of device [ 1246.990096][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1247.003595][T10344] syz.1.1722: attempt to access beyond end of device [ 1247.003595][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1247.019693][T10344] syz.1.1722: attempt to access beyond end of device [ 1247.019693][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1247.060957][T10344] syz.1.1722: attempt to access beyond end of device [ 1247.060957][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1247.096321][T10344] syz.1.1722: attempt to access beyond end of device [ 1247.096321][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1247.109909][T10344] syz.1.1722: attempt to access beyond end of device [ 1247.109909][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1247.142785][T10344] syz.1.1722: attempt to access beyond end of device [ 1247.142785][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1248.164334][T12672] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1248.303223][T15069] Bluetooth: hci0: command tx timeout [ 1248.327197][T12672] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1248.417194][T12672] bond0 (unregistering): Released all slaves [ 1249.284536][T12672] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1249.320227][T12672] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1249.404163][T12672] bond0 (unregistering): Released all slaves [ 1249.516555][T20428] team0: Port device team_slave_1 added [ 1249.577005][T20264] veth1_vlan: entered promiscuous mode [ 1250.695073][T20428] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1250.702067][T20428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1250.768808][T20428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1250.830445][T20340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1250.877892][T20340] 8021q: adding VLAN 0 to HW filter on device team0 [ 1250.943858][T20428] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1250.983081][T20428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1251.063098][T20428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1251.328017][T10447] bridge0: port 1(bridge_slave_0) entered blocking state [ 1251.335256][T10447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1251.733877][T20529] loop2: detected capacity change from 0 to 2048 [ 1251.778815][T20428] hsr_slave_0: entered promiscuous mode [ 1251.830996][T20428] hsr_slave_1: entered promiscuous mode [ 1251.923212][T10344] bio_check_eod: 13269 callbacks suppressed [ 1251.923237][T10344] syz.1.1722: attempt to access beyond end of device [ 1251.923237][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1251.942788][T20428] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1251.955274][T20428] Cannot create hsr debugfs directory [ 1251.993229][T10344] syz.1.1722: attempt to access beyond end of device [ 1251.993229][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.012529][T20264] veth0_macvtap: entered promiscuous mode [ 1252.040720][T10344] syz.1.1722: attempt to access beyond end of device [ 1252.040720][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.077137][T20264] veth1_macvtap: entered promiscuous mode [ 1252.093144][T10344] syz.1.1722: attempt to access beyond end of device [ 1252.093144][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.113223][T19774] bridge0: port 2(bridge_slave_1) entered blocking state [ 1252.120438][T19774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1252.163351][T10344] syz.1.1722: attempt to access beyond end of device [ 1252.163351][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.213442][T10344] syz.1.1722: attempt to access beyond end of device [ 1252.213442][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.231239][T12672] hsr_slave_0: left promiscuous mode [ 1252.238193][T10344] syz.1.1722: attempt to access beyond end of device [ 1252.238193][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.263847][T12672] hsr_slave_1: left promiscuous mode [ 1252.272368][T10344] syz.1.1722: attempt to access beyond end of device [ 1252.272368][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.272485][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1252.301019][T10344] syz.1.1722: attempt to access beyond end of device [ 1252.301019][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.314499][T10344] syz.1.1722: attempt to access beyond end of device [ 1252.314499][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1252.333210][T12672] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1252.366073][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1252.485761][T12672] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1252.737887][T12672] hsr_slave_0: left promiscuous mode [ 1252.811648][T12672] hsr_slave_1: left promiscuous mode [ 1252.828121][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1252.879060][T12672] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1252.986197][T12672] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1253.045252][T12672] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1253.258928][T12672] veth1_macvtap: left promiscuous mode [ 1253.272387][T12672] veth0_macvtap: left promiscuous mode [ 1253.279403][T12672] veth1_vlan: left promiscuous mode [ 1253.285516][T12672] veth0_vlan: left promiscuous mode [ 1253.291908][T12672] veth1_macvtap: left promiscuous mode [ 1253.300228][T12672] veth0_macvtap: left promiscuous mode [ 1253.320313][T12672] veth1_vlan: left promiscuous mode [ 1253.320468][T12672] veth0_vlan: left promiscuous mode [ 1255.562810][T12672] team0 (unregistering): Port device team_slave_1 removed [ 1255.712173][T12672] team0 (unregistering): Port device team_slave_0 removed [ 1256.936583][T10344] bio_check_eod: 17723 callbacks suppressed [ 1256.936610][T10344] syz.1.1722: attempt to access beyond end of device [ 1256.936610][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1256.956187][T10344] syz.1.1722: attempt to access beyond end of device [ 1256.956187][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1256.971134][T10344] syz.1.1722: attempt to access beyond end of device [ 1256.971134][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1256.984745][T10344] syz.1.1722: attempt to access beyond end of device [ 1256.984745][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1256.998423][T10344] syz.1.1722: attempt to access beyond end of device [ 1256.998423][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1257.011890][T10344] syz.1.1722: attempt to access beyond end of device [ 1257.011890][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1257.033081][T10344] syz.1.1722: attempt to access beyond end of device [ 1257.033081][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1257.048385][T10344] syz.1.1722: attempt to access beyond end of device [ 1257.048385][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1257.061962][T10344] syz.1.1722: attempt to access beyond end of device [ 1257.061962][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1257.077001][T10344] syz.1.1722: attempt to access beyond end of device [ 1257.077001][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1257.948205][T12672] team0 (unregistering): Port device team_slave_1 removed [ 1258.077951][T12672] team0 (unregistering): Port device team_slave_0 removed [ 1259.468777][T20409] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1259.514512][T20409] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1259.589599][T20556] loop2: detected capacity change from 0 to 2048 [ 1259.617547][T20264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1259.641469][T20264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.651602][T20264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1259.673024][T20264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.682875][T20264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1259.710250][T20264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.734746][T20264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1259.776502][T20264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.802548][T20264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.843522][T20264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.863086][T20264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.884269][T20264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.912217][T20264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.925504][T20264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1259.949094][T20270] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1259.969288][T20409] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1260.036961][T20409] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1260.158037][T20264] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.197910][T20264] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.206975][T20264] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.216640][T20264] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.378655][ T5193] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1260.567201][ T5193] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 1260.599933][ T5193] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1260.644142][ T5193] usb 3-1: config 0 descriptor?? [ 1260.870017][ T5193] usb 3-1: can't set first interface for hiFace device. [ 1260.910414][ T5193] snd-usb-hiface 3-1:0.0: probe with driver snd-usb-hiface failed with error -5 [ 1260.964839][ T5193] usb 3-1: USB disconnect, device number 23 [ 1261.033347][ T2797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1261.041204][ T2797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1261.251878][T18515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1261.261342][T18515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1261.402334][T20270] veth0_vlan: entered promiscuous mode [ 1261.551956][T20270] veth1_vlan: entered promiscuous mode [ 1261.668779][T20409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1261.720698][T20270] veth0_macvtap: entered promiscuous mode [ 1261.776507][T20340] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1261.822436][T20270] veth1_macvtap: entered promiscuous mode [ 1261.884140][T20409] 8021q: adding VLAN 0 to HW filter on device team0 [ 1261.920062][T20428] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1261.986537][T20428] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1261.996587][T20585] loop2: detected capacity change from 0 to 64 [ 1262.021289][T10344] bio_check_eod: 22017 callbacks suppressed [ 1262.021313][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.021313][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.067724][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.067724][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.086991][T20428] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1262.108735][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.108735][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.117208][T10435] bridge0: port 1(bridge_slave_0) entered blocking state [ 1262.129333][T10435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1262.174568][T20428] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1262.175263][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.175263][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.244690][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.244690][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.274967][T20270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1262.300518][T20270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.315846][T20270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1262.317770][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.317770][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.341779][T20270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.352300][T20270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1262.365475][T20270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.376709][T20270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1262.385001][T20592] xt_hashlimit: overflow, try lower: 3/0 [ 1262.413413][T20270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.438298][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.438298][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.461674][T20270] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1262.468836][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.468836][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.487632][T10442] bridge0: port 2(bridge_slave_1) entered blocking state [ 1262.494845][T10442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1262.518875][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.518875][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.538407][T20270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1262.560177][T20270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.586551][T20270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1262.603177][T10344] syz.1.1722: attempt to access beyond end of device [ 1262.603177][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1262.613024][T20270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.648926][T20270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1262.681018][T20270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.739531][T20270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1262.770298][T20270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1262.826915][T20270] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1263.021423][T20270] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.031821][T20270] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.042955][T20270] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.052181][T20270] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.489336][T20409] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1263.731156][T20340] veth0_vlan: entered promiscuous mode [ 1263.784578][T20591] loop2: detected capacity change from 0 to 32768 [ 1263.791979][T12673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1263.800131][T12673] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1263.906941][T20340] veth1_vlan: entered promiscuous mode [ 1264.123597][T20428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1264.217538][T12673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1264.267059][T12673] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1264.349589][T20428] 8021q: adding VLAN 0 to HW filter on device team0 [ 1264.444443][T20340] veth0_macvtap: entered promiscuous mode [ 1264.484780][T10506] bridge0: port 1(bridge_slave_0) entered blocking state [ 1264.492016][T10506] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1264.602259][T20591] fuse: blksize only supported for fuseblk [ 1264.604415][ T5099] Bluetooth: hci5: unexpected event for opcode 0x1002 [ 1264.619745][T20340] veth1_macvtap: entered promiscuous mode [ 1264.781372][T10506] bridge0: port 2(bridge_slave_1) entered blocking state [ 1264.788634][T10506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1264.827154][T20606] [U] [ 1264.830761][T20606] [U] [ 1264.833484][T20606] [U] [ 1264.836202][T20606] [U] [ 1264.873348][T20606] [U] [ 1264.876110][T20606] [U] [ 1264.878824][T20606] [U] [ 1264.881538][T20606] [U] [ 1264.924650][T20606] [U] [ 1264.927518][T20606] [U] [ 1264.930231][T20606] [U] [ 1264.932950][T20606] [U] [ 1264.940533][T20409] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1264.961405][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1264.986892][T20606] [U] [ 1264.989625][T20606] [U] [ 1264.992339][T20606] [U] [ 1264.995050][T20606] [U] [ 1264.997890][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.019115][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1265.033116][T20606] [U] [ 1265.035852][T20606] [U] [ 1265.038570][T20606] [U] [ 1265.041288][T20606] [U] [ 1265.055884][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.078659][T20606] [U] [ 1265.081390][T20606] [U] [ 1265.084106][T20606] [U] [ 1265.086822][T20606] [U] [ 1265.111824][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1265.122867][T20606] [U] [ 1265.125592][T20606] [U] [ 1265.128306][T20606] [U] [ 1265.131017][T20606] [U] [ 1265.143080][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.152910][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1265.167500][T20606] [U] [ 1265.170314][T20606] [U] [ 1265.173032][T20606] [U] [ 1265.175751][T20606] [U] [ 1265.195335][T20606] [U] [ 1265.198059][T20606] [U] [ 1265.200763][T20606] [U] [ 1265.203466][T20606] [U] [ 1265.223302][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.243171][T20606] [U] [ 1265.245995][T20606] [U] [ 1265.248714][T20606] [U] [ 1265.251437][T20606] [U] [ 1265.256489][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1265.283401][T20606] [U] [ 1265.286131][T20606] [U] [ 1265.288850][T20606] [U] [ 1265.291552][T20606] [U] [ 1265.302403][ T5104] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1265.303199][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.323407][ T5104] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1265.332896][ T5104] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1265.332913][T20606] [U] [ 1265.342569][T20606] [U] [ 1265.345291][T20606] [U] [ 1265.347989][T20606] [U] [ 1265.355092][ T5104] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1265.365436][T20340] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1265.385232][T10506] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 1265.393312][ T5104] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1265.404914][ T5104] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1265.443437][T20606] [U] [ 1265.446170][T20606] [U] [ 1265.448900][T20606] [U] [ 1265.451624][T20606] [U] [ 1265.464204][T20606] [U] [ 1265.466933][T20606] [U] [ 1265.469646][T20606] [U] [ 1265.472360][T20606] [U] [ 1265.528522][T20606] [U] [ 1265.531285][T20606] [U] [ 1265.534013][T20606] [U] [ 1265.536734][T20606] [U] [ 1265.543811][T20606] [U] [ 1265.546535][T20606] [U] [ 1265.549249][T20606] [U] [ 1265.551963][T20606] [U] [ 1265.554860][T20606] [U] [ 1265.557582][T20606] [U] [ 1265.560302][T20606] [U] [ 1265.563023][T20606] [U] [ 1265.565914][T20606] [U] [ 1265.568666][T20606] [U] [ 1265.571385][T20606] [U] [ 1265.574105][T20606] [U] [ 1265.591344][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.602132][T20606] [U] [ 1265.604851][T20606] [U] [ 1265.607556][T20606] [U] [ 1265.610256][T20606] [U] [ 1265.616015][T10506] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 1265.616733][T20606] [U] [ 1265.626199][T10506] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1265.627751][T20606] [U] [ 1265.638411][T20606] [U] [ 1265.641131][T20606] [U] [ 1265.644388][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.659830][T10506] usb 3-1: config 0 descriptor?? [ 1265.663063][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.697312][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.713163][T20606] [U] [ 1265.715899][T20606] [U] [ 1265.718619][T20606] [U] [ 1265.721340][T20606] [U] [ 1265.733068][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.744923][T20606] [U] [ 1265.747654][T20606] [U] [ 1265.750372][T20606] [U] [ 1265.753096][T20606] [U] [ 1265.763644][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.783155][T20606] [U] [ 1265.788738][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.809426][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.823228][T20340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.869234][T20340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.880486][T10506] usb 3-1: can't set first interface for hiFace device. [ 1265.902187][T20340] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1265.903225][T10506] snd-usb-hiface 3-1:0.0: probe with driver snd-usb-hiface failed with error -5 [ 1265.934433][T20340] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1265.960117][T20340] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1265.965058][T10506] usb 3-1: USB disconnect, device number 24 [ 1265.975956][T20340] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.005275][T20340] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.218639][ T2431] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.394729][T20612] lo speed is unknown, defaulting to 1000 [ 1266.490966][ T2431] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.796051][ T2431] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.929807][T20409] veth0_vlan: entered promiscuous mode [ 1267.023085][T10344] bio_check_eod: 11202 callbacks suppressed [ 1267.023118][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.023118][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.054620][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.054620][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.068323][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.068323][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.092202][ T2431] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1267.108535][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.108535][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.129639][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.129639][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.164175][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.164175][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.241435][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.241435][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.264060][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.264060][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.277990][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.277990][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.291496][T10344] syz.1.1722: attempt to access beyond end of device [ 1267.291496][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1267.353235][T12672] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1267.361077][T12672] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1267.405630][T20409] veth1_vlan: entered promiscuous mode [ 1267.582916][T15069] Bluetooth: hci2: command tx timeout [ 1267.611083][ T5320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1267.634418][ T5320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1267.878946][T20428] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1268.074275][T20409] veth0_macvtap: entered promiscuous mode [ 1268.129317][T20652] loop5: detected capacity change from 0 to 1024 [ 1268.164391][T20652] EXT4-fs: Ignoring removed orlov option [ 1268.221931][T20652] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1268.315912][T20652] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1268.363532][ T2431] bridge_slave_1: left allmulticast mode [ 1268.369306][ T2431] bridge_slave_1: left promiscuous mode [ 1268.389454][ T2431] bridge0: port 2(bridge_slave_1) entered disabled state [ 1268.441266][ T2431] bridge_slave_0: left allmulticast mode [ 1268.473066][ T2431] bridge_slave_0: left promiscuous mode [ 1268.478897][ T2431] bridge0: port 1(bridge_slave_0) entered disabled state [ 1269.071307][T20340] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1269.527026][T20663] loop2: detected capacity change from 0 to 32768 [ 1269.655220][T15069] Bluetooth: hci2: command tx timeout [ 1269.703555][T20671] ubi0: attaching mtd0 [ 1269.712878][T20671] ubi0: scanning is finished [ 1269.718702][T20671] ubi0: empty MTD device detected [ 1270.123158][T20671] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1270.140982][T20671] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1270.170264][T20671] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1270.192189][T20671] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1270.233357][T20671] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1270.240169][T20671] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1270.270130][T20671] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1508966806 [ 1270.290302][T20671] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1270.308901][ T2431] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1270.315945][T20673] ubi0: background thread "ubi_bgt0d" started, PID 20673 [ 1270.360489][ T2431] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1270.406741][ T2431] bond0 (unregistering): Released all slaves [ 1270.518591][T20409] veth1_macvtap: entered promiscuous mode [ 1270.716267][T20677] loop2: detected capacity change from 0 to 2048 [ 1270.859742][T20612] chnl_net:caif_netlink_parms(): no params data found [ 1271.072079][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1271.133285][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.147018][T20687] netlink: 'syz.2.5363': attribute type 1 has an invalid length. [ 1271.165825][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1271.189035][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.221998][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1271.256192][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.284496][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1271.318686][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.366133][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1271.406142][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.443347][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1271.480090][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.545676][T20409] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1271.748846][T15069] Bluetooth: hci2: command tx timeout [ 1271.870822][T20692] netlink: 'syz.2.5364': attribute type 4 has an invalid length. [ 1271.942905][T20694] netlink: 'syz.2.5364': attribute type 4 has an invalid length. [ 1271.997957][T20428] veth0_vlan: entered promiscuous mode [ 1272.033021][T10344] bio_check_eod: 13619 callbacks suppressed [ 1272.033044][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.033044][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.061692][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.061692][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.076620][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.076620][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.113743][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.113743][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.146589][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.146589][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.227010][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.227010][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.247211][T20706] loop5: detected capacity change from 0 to 2048 [ 1272.257424][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.257424][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.284959][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.311990][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.311990][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.344152][T20706] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1272.356544][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.382699][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.382699][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.404238][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.412427][T10344] syz.1.1722: attempt to access beyond end of device [ 1272.412427][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1272.421807][T20715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5370'. [ 1272.438480][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.460316][T20715] netlink: 124 bytes leftover after parsing attributes in process `syz.0.5370'. [ 1272.463160][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.540180][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.570784][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.611935][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.629602][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.651569][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.672101][T20409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.699205][T20409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.722752][T20409] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1272.752728][T20409] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1272.773205][T20409] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1272.781942][T20409] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1272.792227][T20340] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1272.817194][T20409] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1272.921711][T20428] veth1_vlan: entered promiscuous mode [ 1273.195920][T20722] loop5: detected capacity change from 0 to 256 [ 1273.279791][T20726] netlink: 'syz.0.5373': attribute type 1 has an invalid length. [ 1273.443095][ T2431] hsr_slave_0: left promiscuous mode [ 1273.479712][ T2431] hsr_slave_1: left promiscuous mode [ 1273.498377][ T2431] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1273.513369][ T2431] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1273.539641][ T2431] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1273.553249][ T2431] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1273.563131][T10448] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 1273.657677][ T2431] veth1_macvtap: left promiscuous mode [ 1273.683125][ T2431] veth0_macvtap: left promiscuous mode [ 1273.688869][ T2431] veth1_vlan: left promiscuous mode [ 1273.706332][ T2431] veth0_vlan: left promiscuous mode [ 1273.773081][T10448] usb 6-1: Using ep0 maxpacket: 32 [ 1273.781175][T10448] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 49, changing to 9 [ 1273.815202][T15069] Bluetooth: hci2: command tx timeout [ 1273.820650][T10448] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 10173, setting to 1024 [ 1273.854245][T10448] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1273.876712][T10448] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1273.904939][T20722] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1273.914170][T10448] hub 6-1:4.0: USB hub found [ 1274.114054][T10448] hub 6-1:4.0: 2 ports detected [ 1275.181739][ T2431] team0 (unregistering): Port device team_slave_1 removed [ 1275.304419][ T2431] team0 (unregistering): Port device team_slave_0 removed [ 1276.664051][T20612] bridge0: port 1(bridge_slave_0) entered blocking state [ 1276.686077][T20612] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.712835][T20612] bridge_slave_0: entered allmulticast mode [ 1276.728447][T20612] bridge_slave_0: entered promiscuous mode [ 1276.756799][T20612] bridge0: port 2(bridge_slave_1) entered blocking state [ 1276.782905][T20612] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.790260][T20612] bridge_slave_1: entered allmulticast mode [ 1276.798395][T20612] bridge_slave_1: entered promiscuous mode [ 1276.921684][T10448] hub 6-1:4.0: set hub depth failed [ 1276.932604][T10448] usb 6-1: USB disconnect, device number 42 [ 1277.061634][T10344] bio_check_eod: 20555 callbacks suppressed [ 1277.061658][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.061658][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.113204][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.113204][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.128867][T20751] loop5: detected capacity change from 0 to 64 [ 1277.147939][T20753] netlink: 'syz.2.5384': attribute type 1 has an invalid length. [ 1277.164866][T20612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1277.175660][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.175660][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.226135][T20612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1277.235413][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.235413][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.252014][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.252014][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.266145][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.266145][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.285991][T20428] veth0_macvtap: entered promiscuous mode [ 1277.294301][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.294301][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.483133][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.483133][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.543464][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.543464][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1277.622268][T10344] syz.1.1722: attempt to access beyond end of device [ 1277.622268][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1278.175857][T20428] veth1_macvtap: entered promiscuous mode [ 1278.232398][T12673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1278.253595][T12673] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1278.404233][T20612] team0: Port device team_slave_0 added [ 1278.521563][T20612] team0: Port device team_slave_1 added [ 1278.529779][ T2797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1278.557789][ T2797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1278.586424][T20771] loop5: detected capacity change from 0 to 2048 [ 1278.593691][T20771] EXT4-fs: Ignoring removed mblk_io_submit option [ 1278.641054][T20771] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1278.780809][T20771] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5392: bg 0: block 234: padding at end of block bitmap is not set [ 1278.799065][T20771] EXT4-fs (loop5): Remounting filesystem read-only [ 1278.982642][T20612] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1279.023265][T20612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1279.062958][T20340] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1279.096855][T20612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1279.210306][T20612] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1279.233038][T20612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1279.332761][T20612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1279.374782][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.402179][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.412372][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.443300][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.467744][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.503139][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.536478][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.583016][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.592866][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.620581][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.641395][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.666603][T20799] loop3: detected capacity change from 0 to 512 [ 1279.695138][T20799] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 1279.715406][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.738682][T20428] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1279.782309][T20802] netlink: 'syz.2.5402': attribute type 30 has an invalid length. [ 1279.817139][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1279.853520][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.879312][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1279.890196][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.935253][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1279.958467][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.993486][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1280.032250][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1280.045512][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1280.066273][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1280.077286][T20428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1280.113362][T20428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1280.136941][T20428] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1280.281350][T20816] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1280.367224][T20814] loop2: detected capacity change from 0 to 4096 [ 1280.517006][T20612] hsr_slave_0: entered promiscuous mode [ 1280.591252][T20612] hsr_slave_1: entered promiscuous mode [ 1281.206010][T20827] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1281.277486][T20428] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1281.333468][T20428] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1281.345414][T20428] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1281.354219][T20428] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1281.604030][T20827] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.314830][T10344] bio_check_eod: 7204 callbacks suppressed [ 1282.314860][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.314860][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.368176][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.368176][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.385297][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.385297][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.416876][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.423085][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.423085][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.443559][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.443559][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.459603][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.459603][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.501223][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.501223][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.558815][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.558815][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.589685][T20841] loop3: detected capacity change from 0 to 128 [ 1282.624239][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.628063][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.628063][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.645444][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.660736][T20841] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 1282.681302][T20841] sysv_free_block: trying to free block not in datazone [ 1282.692010][T10344] syz.1.1722: attempt to access beyond end of device [ 1282.692010][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1282.719320][T20841] sysv_count_free_blocks: free block count was -2041545929, correcting to 9 [ 1282.734684][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.769056][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.807811][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.887839][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.895053][T20841] sysv_count_free_inodes: unable to read inode table [ 1282.897446][T20848] netlink: 'syz.0.5419': attribute type 2 has an invalid length. [ 1282.916676][T20830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5413'. [ 1282.963624][T20848] netlink: 'syz.0.5419': attribute type 1 has an invalid length. [ 1282.982584][T20848] netlink: 'syz.0.5419': attribute type 1 has an invalid length. [ 1283.001447][T20848] netlink: 'syz.0.5419': attribute type 2 has an invalid length. [ 1283.009502][T20409] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1283.074976][T20848] netlink: 'syz.0.5419': attribute type 2 has an invalid length. [ 1283.252954][T18515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.262423][T20854] loop3: detected capacity change from 0 to 512 [ 1283.283223][T18515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.305562][T20854] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 1283.648800][T12673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.692553][T12673] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.726578][T20866] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1283.850281][T20872] loop5: detected capacity change from 0 to 64 [ 1283.866028][T20868] : renamed from bridge_slave_1 (while UP) [ 1284.466224][ T29] audit: type=1800 audit(2000000131.209:347): pid=20885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5433" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1284.929143][T20887] netlink: 'syz.5.5435': attribute type 2 has an invalid length. [ 1284.995535][T20887] netlink: 'syz.5.5435': attribute type 1 has an invalid length. [ 1285.084779][T20887] netlink: 'syz.5.5435': attribute type 1 has an invalid length. [ 1285.123135][T20887] netlink: 'syz.5.5435': attribute type 2 has an invalid length. [ 1285.196252][T20887] netlink: 'syz.5.5435': attribute type 2 has an invalid length. [ 1285.236735][T20612] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1285.321226][T20612] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1285.437796][T20612] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1285.491373][T20612] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1285.541468][T20904] dummy0: entered promiscuous mode [ 1285.575644][T20902] dummy0: left promiscuous mode [ 1286.030154][T20612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1286.134972][T20612] 8021q: adding VLAN 0 to HW filter on device team0 [ 1286.177117][T20607] bridge0: port 1(bridge_slave_0) entered blocking state [ 1286.184350][T20607] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1286.317898][T10506] bridge0: port 2(bridge_slave_1) entered blocking state [ 1286.325129][T10506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1286.499628][T20612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1286.560085][T20944] dummy0: entered promiscuous mode [ 1286.587001][T20943] dummy0: left promiscuous mode [ 1287.097633][T20974] loop2: detected capacity change from 0 to 2048 [ 1287.104914][T20974] EXT4-fs: Ignoring removed mblk_io_submit option [ 1287.540463][T10344] bio_check_eod: 7990 callbacks suppressed [ 1287.540488][T10344] syz.1.1722: attempt to access beyond end of device [ 1287.540488][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1287.678483][T20612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1287.712314][T10344] syz.1.1722: attempt to access beyond end of device [ 1287.712314][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1287.815268][T10344] syz.1.1722: attempt to access beyond end of device [ 1287.815268][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1287.969379][T10344] syz.1.1722: attempt to access beyond end of device [ 1287.969379][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1288.274265][T10344] syz.1.1722: attempt to access beyond end of device [ 1288.274265][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1288.583649][T10344] syz.1.1722: attempt to access beyond end of device [ 1288.583649][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1288.943771][T10344] syz.1.1722: attempt to access beyond end of device [ 1288.943771][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1288.957488][T10344] syz.1.1722: attempt to access beyond end of device [ 1288.957488][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1288.983309][T10344] syz.1.1722: attempt to access beyond end of device [ 1288.983309][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1289.047596][T10344] syz.1.1722: attempt to access beyond end of device [ 1289.047596][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1289.919588][ T5507] bridge_slave_1: left allmulticast mode [ 1289.965490][ T5507] bridge_slave_1: left promiscuous mode [ 1289.971329][ T5507] bridge0: port 2(bridge_slave_1) entered disabled state [ 1290.034292][ T5507] bridge_slave_0: left allmulticast mode [ 1290.040222][ T5507] bridge0: port 1(bridge_slave_0) entered disabled state [ 1292.433832][T21019] loop2: detected capacity change from 0 to 32768 [ 1292.548474][T10344] bio_check_eod: 4766 callbacks suppressed [ 1292.548494][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.548494][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.618515][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.618515][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.648760][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.648760][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.674250][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.674250][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.697601][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.697601][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.717282][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.717282][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.828968][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.828968][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.859393][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.859393][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.915647][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.915647][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.929378][T10344] syz.1.1722: attempt to access beyond end of device [ 1292.929378][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1292.959721][ T5507] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1293.044465][ T5507] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1293.080708][ T5507] bond0 (unregistering): Released all slaves [ 1293.131326][ T5507] bond1 (unregistering): Released all slaves [ 1295.501461][T21080] loop2: detected capacity change from 0 to 512 [ 1295.552140][T21076] loop3: detected capacity change from 0 to 4096 [ 1295.585692][T21076] ntfs3: loop3: It is recommened to use chkdsk. [ 1295.607365][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 1295.635075][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 1295.692261][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 1295.718350][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 1295.745749][T20612] veth0_vlan: entered promiscuous mode [ 1295.759993][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffc1c00 [ 1295.767944][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffc2c00 [ 1295.776118][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffc4c00 [ 1295.797433][T20612] veth1_vlan: entered promiscuous mode [ 1295.813071][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffc8c00 [ 1295.821468][T21076] ntfs3: loop3: try to read out of volume at offset 0x3fffffd0c00 [ 1297.021570][T21097] netlink: 'syz.0.5515': attribute type 2 has an invalid length. [ 1297.048488][T21097] netlink: 'syz.0.5515': attribute type 1 has an invalid length. [ 1297.078915][T20612] veth0_macvtap: entered promiscuous mode [ 1297.104041][T21097] netlink: 'syz.0.5515': attribute type 1 has an invalid length. [ 1297.164895][T20612] veth1_macvtap: entered promiscuous mode [ 1297.203093][T21097] netlink: 'syz.0.5515': attribute type 2 has an invalid length. [ 1297.261884][T21101] loop2: detected capacity change from 0 to 512 [ 1297.320182][T21097] netlink: 'syz.0.5515': attribute type 2 has an invalid length. [ 1297.328750][T21099] __nla_validate_parse: 11 callbacks suppressed [ 1297.328771][T21099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5515'. [ 1297.336966][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.449520][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1297.508511][T21105] loop3: detected capacity change from 0 to 2364 [ 1297.517969][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.559570][T10344] bio_check_eod: 5414 callbacks suppressed [ 1297.559594][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.559594][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.582347][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1297.596558][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.607221][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.607221][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.620759][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1297.637007][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.637007][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.663041][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.687100][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.687100][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.700605][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1297.719978][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.731980][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.731980][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.745430][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1297.755437][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.755437][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.771416][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.782033][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.782033][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.795475][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1297.805482][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.816504][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.816504][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.822267][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1297.833306][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.833306][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.876320][T10344] syz.1.1722: attempt to access beyond end of device [ 1297.876320][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1297.898935][T20612] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1298.145241][ T5507] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1298.152729][ T5507] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1298.211683][ T5507] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1298.229295][ T5507] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1298.326115][ T5507] hsr0: left allmulticast mode [ 1298.341566][ T5507] veth1_macvtap: left promiscuous mode [ 1298.364326][ T5507] veth0_macvtap: left promiscuous mode [ 1298.388063][ T5507] veth1_vlan: left promiscuous mode [ 1298.403166][ T5507] veth0_vlan: left promiscuous mode [ 1298.657370][T21134] loop5: detected capacity change from 0 to 8 [ 1298.957452][ T5507] infiniband syz0: set down [ 1299.492407][T21124] loop3: detected capacity change from 0 to 40427 [ 1299.556630][T21124] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1299.739332][T21124] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1299.822664][ T1236] ieee802154 phy0 wpan0: encryption failed: -22 [ 1299.829252][ T1236] ieee802154 phy1 wpan1: encryption failed: -22 [ 1299.868441][T20409] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 1300.770358][ T5507] team0 (unregistering): Port device team_slave_1 removed [ 1300.938800][ T5507] team0 (unregistering): Port device team_slave_0 removed [ 1302.320477][T21163] loop3: detected capacity change from 0 to 4096 [ 1302.360226][T21163] NILFS (loop3): invalid segment: Checksum error in segment payload [ 1302.393190][T21163] NILFS (loop3): trying rollback from an earlier position [ 1302.454053][T21163] NILFS (loop3): recovery complete [ 1302.481217][T21164] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1302.599464][T10344] bio_check_eod: 13595 callbacks suppressed [ 1302.599490][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.599490][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.647618][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.647618][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.693630][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.693630][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.712596][T21163] overlayfs: upper fs does not support tmpfile. [ 1302.721308][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.721308][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.754364][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.754364][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.770553][T21163] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1302.783160][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.783160][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.803697][T21163] overlayfs: failed to set xattr on upper [ 1302.809616][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.809616][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.853512][T21163] overlayfs: ...falling back to redirect_dir=nofollow. [ 1302.860413][T21163] overlayfs: ...falling back to index=off. [ 1302.873150][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.873150][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.908067][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.908067][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1302.931825][T21163] overlayfs: ...falling back to uuid=null. [ 1302.953229][T10344] syz.1.1722: attempt to access beyond end of device [ 1302.953229][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1303.263702][ T51] smc: removing ib device syz0 [ 1303.364183][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.423092][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.432948][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.479626][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.508931][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.553033][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.573411][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.603173][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.624203][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.645042][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.673043][T20612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.703097][T20612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.737847][T20612] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1303.788466][T19774] lo speed is unknown, defaulting to 1000 [ 1303.864761][T20612] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1303.923656][T20612] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1303.972070][T20612] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1304.033423][T20612] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1304.292386][T21174] loop5: detected capacity change from 0 to 64 [ 1305.348977][T21181] loop3: detected capacity change from 0 to 2048 [ 1305.583085][T12673] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1305.591017][T12673] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1305.643173][T21188] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1305.826535][T21181] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: disallowed inode number - offset=56, inode=6, rec_len=24, name_len=5 [ 1305.968362][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1305.977804][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1306.049111][T21181] Remounting filesystem read-only [ 1306.555445][T21206] tipc: Enabling of bearer rejected, media not registered [ 1306.775365][ T29] audit: type=1326 audit(2000000153.529:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21208 comm="syz.5.5557" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f337d775bd9 code=0x0 [ 1308.191652][T10344] bio_check_eod: 5722 callbacks suppressed [ 1308.191678][T10344] syz.1.1722: attempt to access beyond end of device [ 1308.191678][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1308.413422][T10344] syz.1.1722: attempt to access beyond end of device [ 1308.413422][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1308.567160][T10344] syz.1.1722: attempt to access beyond end of device [ 1308.567160][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1308.943286][T10344] syz.1.1722: attempt to access beyond end of device [ 1308.943286][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1309.742887][T10344] syz.1.1722: attempt to access beyond end of device [ 1309.742887][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1309.871412][T10344] syz.1.1722: attempt to access beyond end of device [ 1309.871412][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1309.933962][T10344] syz.1.1722: attempt to access beyond end of device [ 1309.933962][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1310.047381][T10344] syz.1.1722: attempt to access beyond end of device [ 1310.047381][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1310.093668][T21240] loop2: detected capacity change from 0 to 1024 [ 1310.100961][T21240] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1310.148187][T10344] syz.1.1722: attempt to access beyond end of device [ 1310.148187][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1310.167184][T21244] loop3: detected capacity change from 0 to 4096 [ 1310.208255][T21244] NILFS (loop3): invalid segment: Checksum error in segment payload [ 1310.307542][T10344] syz.1.1722: attempt to access beyond end of device [ 1310.307542][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1310.353212][T21244] NILFS (loop3): trying rollback from an earlier position [ 1310.426379][T21244] NILFS (loop3): recovery complete [ 1310.493826][T21251] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1310.882338][T21260] overlayfs: upper fs does not support tmpfile. [ 1311.397381][T21260] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1311.753419][T21260] overlayfs: failed to set xattr on upper [ 1311.759904][T21260] overlayfs: ...falling back to redirect_dir=nofollow. [ 1311.948732][T21260] overlayfs: ...falling back to index=off. [ 1311.989374][T21260] overlayfs: ...falling back to uuid=null. [ 1312.388683][T21275] loop4: detected capacity change from 0 to 64 [ 1312.464567][T21275] hfs: get root inode failed [ 1312.734631][T21284] tipc: Enabling of bearer rejected, media not registered [ 1313.444432][T10344] bio_check_eod: 3342 callbacks suppressed [ 1313.444490][T10344] syz.1.1722: attempt to access beyond end of device [ 1313.444490][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.047345][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.047345][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.245471][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.245471][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.277031][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.277031][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.363684][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.363684][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.458390][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.458390][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.564017][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.564017][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.625781][T21307] program syz.0.5593 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1314.659196][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.659196][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.776391][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.776391][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.894357][T10344] syz.1.1722: attempt to access beyond end of device [ 1314.894357][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1314.995495][T21320] loop2: detected capacity change from 0 to 64 [ 1317.674306][T21339] loop2: detected capacity change from 0 to 128 [ 1317.738947][T21340] loop4: detected capacity change from 0 to 512 [ 1317.879087][T21340] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1317.966694][T21340] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1318.106265][ T29] audit: type=1804 audit(2000000164.859:349): pid=21340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.5606" name="/newroot/6/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 1318.158973][T21349] PM: Enabling pm_trace changes system date and time during resume. [ 1318.158973][T21349] PM: Correct system time has to be restored manually after resume. [ 1318.287817][T20612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1318.530271][T10344] bio_check_eod: 1966 callbacks suppressed [ 1318.530295][T10344] syz.1.1722: attempt to access beyond end of device [ 1318.530295][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1318.626274][T21353] program syz.4.5610 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1318.645821][ T29] audit: type=1326 audit(2000000165.399:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21354 comm="syz.5.5613" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f337d775bd9 code=0x0 [ 1318.713738][T10344] syz.1.1722: attempt to access beyond end of device [ 1318.713738][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1318.857614][T10344] syz.1.1722: attempt to access beyond end of device [ 1318.857614][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1319.059482][T10344] syz.1.1722: attempt to access beyond end of device [ 1319.059482][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1319.238611][T10344] syz.1.1722: attempt to access beyond end of device [ 1319.238611][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1319.333590][T10344] syz.1.1722: attempt to access beyond end of device [ 1319.333590][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1319.584940][T10344] syz.1.1722: attempt to access beyond end of device [ 1319.584940][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1319.747145][T10344] syz.1.1722: attempt to access beyond end of device [ 1319.747145][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1319.905918][T10344] syz.1.1722: attempt to access beyond end of device [ 1319.905918][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1319.953603][T10344] syz.1.1722: attempt to access beyond end of device [ 1319.953603][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1320.002077][T21342] loop3: detected capacity change from 0 to 32768 [ 1321.223094][ T5193] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1321.440002][ T5193] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1321.473105][ T5193] usb 5-1: config 1 has no interface number 1 [ 1321.489600][ T5193] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1321.714575][ T5193] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1321.743593][ T5193] usb 5-1: string descriptor 0 read error: -22 [ 1321.749927][ T5193] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1322.508839][T21368] pimreg: entered allmulticast mode [ 1322.516892][ T5193] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1322.661665][ T5193] usb 5-1: can't set config #1, error -71 [ 1322.718479][ T5193] usb 5-1: USB disconnect, device number 25 [ 1322.802374][T21390] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 1323.913216][T10344] bio_check_eod: 1134 callbacks suppressed [ 1323.913235][T10344] syz.1.1722: attempt to access beyond end of device [ 1323.913235][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.002334][T21408] Cannot find set identified by id 0 to match [ 1324.035150][T21366] pimreg: left allmulticast mode [ 1324.151354][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.151354][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.233339][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.233339][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.321163][T21414] netlink: 165 bytes leftover after parsing attributes in process `syz.0.5632'. [ 1324.321159][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.321159][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.321395][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.321395][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.352519][T21414] netlink: 277 bytes leftover after parsing attributes in process `syz.0.5632'. [ 1324.388249][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.388249][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.475686][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.475686][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.516646][T10448] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 1324.570223][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.570223][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.679477][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.679477][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.751499][T10344] syz.1.1722: attempt to access beyond end of device [ 1324.751499][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1324.751831][T10448] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1324.813053][T10448] usb 3-1: config 1 has no interface number 1 [ 1324.833847][T10448] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1324.887555][T10448] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 1324.926524][T10448] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1324.939319][T10448] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1324.973019][T10448] usb 3-1: Product: చ [ 1324.977207][T10448] usb 3-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 1325.056766][T10448] usb 3-1: SerialNumber: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 1325.243487][T21412] loop4: detected capacity change from 0 to 32768 [ 1325.272305][T21434] overlayfs: overlapping lowerdir path [ 1325.299773][T10448] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1325.362355][T21434] netlink: 'syz.3.5619': attribute type 3 has an invalid length. [ 1325.370176][T10448] usb 3-1: USB disconnect, device number 25 [ 1325.774103][T10442] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1325.982321][T21446] xt_cluster: node mask cannot exceed total number of nodes [ 1326.051663][T10442] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1326.065343][T10442] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1326.075247][T10442] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1326.086500][T10442] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1326.203631][T21439] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1327.481660][T10448] usb 2-1: USB disconnect, device number 30 [ 1327.977382][T21479] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5659'. [ 1328.377547][T21484] xt_cluster: node mask cannot exceed total number of nodes [ 1328.924852][T10344] bio_check_eod: 6850 callbacks suppressed [ 1328.928103][T10344] syz.1.1722: attempt to access beyond end of device [ 1328.928103][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1329.111517][T21473] loop4: detected capacity change from 0 to 32768 [ 1329.217041][T10344] syz.1.1722: attempt to access beyond end of device [ 1329.217041][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1329.453627][T10344] syz.1.1722: attempt to access beyond end of device [ 1329.453627][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1329.543205][T10344] syz.1.1722: attempt to access beyond end of device [ 1329.543205][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1329.635496][T10344] syz.1.1722: attempt to access beyond end of device [ 1329.635496][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1329.734577][T10344] syz.1.1722: attempt to access beyond end of device [ 1329.734577][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1329.869553][T10344] syz.1.1722: attempt to access beyond end of device [ 1329.869553][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1329.946515][T10344] syz.1.1722: attempt to access beyond end of device [ 1329.946515][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1330.000983][T21506] loop3: detected capacity change from 0 to 512 [ 1330.051344][T21506] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1330.096172][T10344] syz.1.1722: attempt to access beyond end of device [ 1330.096172][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1330.123292][T21506] EXT4-fs (loop3): can't mount with journal_checksum, fs mounted w/o journal [ 1330.161366][T10344] syz.1.1722: attempt to access beyond end of device [ 1330.161366][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1330.452497][T21511] vhci_hcd: invalid port number 0 [ 1331.880978][T21525] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 925 (only 8 groups) [ 1332.143424][T10448] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1332.377492][T10448] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1332.398525][T10448] usb 3-1: config 1 has no interface number 1 [ 1332.423143][T10448] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1332.457909][T10448] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1332.504306][T10448] usb 3-1: string descriptor 0 read error: -22 [ 1332.510731][T10448] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1332.543920][T10448] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1332.585126][T10448] usb 3-1: 2:1 : no UAC_FORMAT_TYPE desc [ 1332.622763][T21506] loop3: detected capacity change from 0 to 32768 [ 1332.629219][ T5104] Bluetooth: hci3: command 0x0406 tx timeout [ 1332.713633][T21506] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.5671 (21506) [ 1332.724290][T21545] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5684'. [ 1332.783305][T21506] BTRFS info (device loop3): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 1332.794257][T21506] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 1332.859538][T21506] BTRFS error (device loop3): superblock checksum mismatch [ 1332.871665][T10448] usb 3-1: USB disconnect, device number 26 [ 1332.898316][T21548] loop5: detected capacity change from 0 to 8 [ 1333.175221][T21506] BTRFS error (device loop3): open_ctree failed [ 1333.322115][T21550] vhci_hcd: invalid port number 0 [ 1334.298082][T10344] bio_check_eod: 5214 callbacks suppressed [ 1334.298105][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.298105][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.377779][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.377779][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.428679][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.428679][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.473146][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.473146][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.532097][T21562] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5691'. [ 1334.573265][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.573265][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.683123][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.683123][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.689200][T21564] trusted_key: encrypted_key: insufficient parameters specified [ 1334.753268][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.753268][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.807913][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.807913][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.873292][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.873292][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1334.923260][T10344] syz.1.1722: attempt to access beyond end of device [ 1334.923260][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1335.381164][T21591] loop2: detected capacity change from 0 to 8 [ 1335.621230][T21600] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5708'. [ 1337.157497][T21625] loop3: detected capacity change from 0 to 164 [ 1337.929474][T21646] loop4: detected capacity change from 0 to 8 [ 1337.959927][T21646] SQUASHFS error: lzo decompression failed, data probably corrupt [ 1337.991459][T21646] SQUASHFS error: Failed to read block 0x28d: -5 [ 1338.014920][T21646] SQUASHFS error: Unable to read metadata cache entry [28b] [ 1338.047259][T21646] SQUASHFS error: Unable to read inode 0x11f [ 1339.315273][T10344] bio_check_eod: 6334 callbacks suppressed [ 1339.315298][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.315298][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1339.513493][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.513493][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1339.642926][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.642926][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1339.813721][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.813721][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1339.895810][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.895810][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1339.964429][T21685] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5741'. [ 1339.973826][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.973826][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1339.973897][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.973897][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1339.973961][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.973961][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1339.974450][T10344] syz.1.1722: attempt to access beyond end of device [ 1339.974450][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1340.211854][T10344] syz.1.1722: attempt to access beyond end of device [ 1340.211854][T10344] loop1: rw=0, sector=6491554, nr_sectors = 2 limit=0 [ 1340.319513][ T29] audit: type=1326 audit(2000000187.069:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21681 comm="syz.5.5741" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f337d775bd9 code=0x0 [ 1340.523175][T10506] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1340.735057][T10506] usb 3-1: Using ep0 maxpacket: 8 [ 1340.742434][T10506] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 1340.772194][T10506] usb 3-1: config 179 has no interface number 0 [ 1340.783736][T10506] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1340.825892][T10506] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1340.856332][T21698] tmpfs: Bad value for 'gid' [ 1340.881301][T10506] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1340.933177][T10506] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1342.597703][T10506] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1342.607099][T10506] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1342.638258][T21693] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1342.776776][T10344] ================================================================== [ 1342.784972][T10344] BUG: KASAN: use-after-free in sysv_new_inode+0xfd3/0x1170 [ 1342.792289][T10344] Read of size 2 at addr ffff88807a16f1ce by task syz.1.1722/10344 [ 1342.800189][T10344] [ 1342.802521][T10344] CPU: 1 PID: 10344 Comm: syz.1.1722 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1342.812683][T10344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1342.822750][T10344] Call Trace: [ 1342.826038][T10344] [ 1342.829104][T10344] dump_stack_lvl+0x241/0x360 [ 1342.833821][T10344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1342.839062][T10344] ? __pfx__printk+0x10/0x10 [ 1342.843690][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.849461][T10344] ? _printk+0xd5/0x120 [ 1342.853649][T10344] ? __virt_addr_valid+0x183/0x520 [ 1342.858794][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.864452][T10344] print_report+0x169/0x550 [ 1342.868984][T10344] ? __virt_addr_valid+0x183/0x520 [ 1342.874131][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.879783][T10344] ? __virt_addr_valid+0x44e/0x520 [ 1342.884928][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.890584][T10344] ? __phys_addr+0xba/0x170 [ 1342.895122][T10344] ? sysv_new_inode+0xfd3/0x1170 [ 1342.900095][T10344] kasan_report+0x143/0x180 [ 1342.904628][T10344] ? sysv_new_inode+0xfd3/0x1170 [ 1342.909610][T10344] sysv_new_inode+0xfd3/0x1170 [ 1342.914421][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.920088][T10344] ? __pfx_sysv_new_inode+0x10/0x10 [ 1342.925352][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.931005][T10344] ? _raw_spin_unlock+0x28/0x50 [ 1342.935881][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.941532][T10344] ? __d_add+0x503/0x810 [ 1342.945808][T10344] sysv_mknod+0x4e/0xe0 [ 1342.949992][T10344] ? __pfx_sysv_create+0x10/0x10 [ 1342.954948][T10344] path_openat+0x1a86/0x35f0 [ 1342.959584][T10344] ? __pfx_path_openat+0x10/0x10 [ 1342.964561][T10344] do_filp_open+0x235/0x490 [ 1342.969097][T10344] ? __pfx_do_filp_open+0x10/0x10 [ 1342.974253][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.979910][T10344] ? _raw_spin_unlock+0x28/0x50 [ 1342.984775][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1342.990468][T10344] ? alloc_fd+0x5a1/0x640 [ 1342.994836][T10344] do_sys_openat2+0x13e/0x1d0 [ 1342.999565][T10344] ? __pfx_do_sys_openat2+0x10/0x10 [ 1343.004813][T10344] __x64_sys_open+0x225/0x270 [ 1343.009547][T10344] ? __pfx___x64_sys_open+0x10/0x10 [ 1343.014794][T10344] ? do_syscall_64+0x100/0x230 [ 1343.019683][T10344] ? do_syscall_64+0xb6/0x230 [ 1343.024403][T10344] do_syscall_64+0xf3/0x230 [ 1343.028943][T10344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.034877][T10344] RIP: 0033:0x7f2589775bd9 [ 1343.039485][T10344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1343.040675][T10506] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input50 [ 1343.059106][T10344] RSP: 002b:00007f258a50f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1343.059145][T10344] RAX: ffffffffffffffda RBX: 00007f2589903f60 RCX: 00007f2589775bd9 [ 1343.059165][T10344] RDX: 0000000000000000 RSI: 0000000000060840 RDI: 00000000209e1000 [ 1343.059185][T10344] RBP: 00007f25897e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 1343.059203][T10344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1343.059221][T10344] R13: 000000000000000b R14: 00007f2589903f60 R15: 00007ffceeaf2c58 [ 1343.059256][T10344] [ 1343.059267][T10344] [ 1343.059275][T10344] The buggy address belongs to the physical page: [ 1343.059287][T10344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xc7 pfn:0x7a16f [ 1343.059314][T10344] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1343.059349][T10344] raw: 00fff00000000000 ffffea00011f7fc8 ffffea0000467648 0000000000000000 [ 1343.059374][T10344] raw: 00000000000000c7 0000000000000000 00000000ffffffff 0000000000000000 [ 1343.059390][T10344] page dumped because: kasan: bad access detected [ 1343.059404][T10344] page_owner tracks the page as freed [ 1343.059414][T10344] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 21661, tgid 21660 (syz.0.5733), ts 1339007069813, free_ts 1340486708167 [ 1343.059455][T10344] post_alloc_hook+0x1f3/0x230 [ 1343.059496][T10344] get_page_from_freelist+0x2e4c/0x2f10 [ 1343.059537][T10344] __alloc_pages_noprof+0x256/0x6c0 [ 1343.059577][T10344] alloc_pages_mpol_noprof+0x3e8/0x680 [ 1343.059614][T10344] shmem_alloc_and_add_folio+0x24d/0xdb0 [ 1343.059643][T10344] shmem_get_folio_gfp+0x82d/0x1f50 [ 1343.059667][T10344] shmem_write_begin+0x170/0x4d0 [ 1343.229387][T10344] generic_perform_write+0x324/0x640 [ 1343.234702][T10344] shmem_file_write_iter+0xfc/0x120 [ 1343.239923][T10344] vfs_write+0xa74/0xc90 [ 1343.244188][T10344] ksys_write+0x1a0/0x2c0 [ 1343.248709][T10344] do_syscall_64+0xf3/0x230 [ 1343.253237][T10344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.259159][T10344] page last free pid 21661 tgid 21660 stack trace: [ 1343.265665][T10344] free_unref_folios+0xf23/0x19e0 [ 1343.270859][T10344] folios_put_refs+0x93a/0xa60 [ 1343.275707][T10344] shmem_undo_range+0x6de/0x1df0 [ 1343.280702][T10344] shmem_evict_inode+0x29b/0xa60 [ 1343.285959][T10344] evict+0x2aa/0x630 [ 1343.289876][T10344] __dentry_kill+0x20d/0x630 [ 1343.294498][T10344] dput+0x19f/0x2b0 [ 1343.298338][T10344] __fput+0x5f8/0x8a0 [ 1343.302391][T10344] __x64_sys_close+0x7f/0x110 [ 1343.307084][T10344] do_syscall_64+0xf3/0x230 [ 1343.311810][T10344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.317741][T10344] [ 1343.320070][T10344] Memory state around the buggy address: [ 1343.325712][T10344] ffff88807a16f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1343.333785][T10344] ffff88807a16f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1343.341859][T10344] >ffff88807a16f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1343.349936][T10344] ^ [ 1343.356356][T10344] ffff88807a16f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1343.364430][T10344] ffff88807a16f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1343.372501][T10344] ================================================================== [ 1343.380616][ C1] vkms_vblank_simulate: vblank timer overrun [ 1343.385625][T21693] loop2: detected capacity change from 0 to 512 [ 1343.413849][T10344] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1343.421078][T10344] CPU: 0 PID: 10344 Comm: syz.1.1722 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 1343.431427][T10344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1343.441496][T10344] Call Trace: [ 1343.444786][T10344] [ 1343.447729][T10344] dump_stack_lvl+0x241/0x360 [ 1343.452451][T10344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1343.457684][T10344] ? __pfx__printk+0x10/0x10 [ 1343.462307][T10344] ? preempt_schedule+0xe1/0xf0 [ 1343.467178][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1343.472830][T10344] ? vscnprintf+0x5d/0x90 [ 1343.477185][T10344] panic+0x349/0x860 [ 1343.481111][T10344] ? check_panic_on_warn+0x21/0xb0 [ 1343.486258][T10344] ? __pfx_panic+0x10/0x10 [ 1343.490699][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1343.496364][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1343.502067][T10344] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 1343.508070][T10344] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1343.514422][T10344] ? print_report+0x502/0x550 [ 1343.519207][T10344] check_panic_on_warn+0x86/0xb0 [ 1343.524161][T10344] ? sysv_new_inode+0xfd3/0x1170 [ 1343.529146][T10344] end_report+0x77/0x160 [ 1343.533399][T10344] kasan_report+0x154/0x180 [ 1343.537915][T10344] ? sysv_new_inode+0xfd3/0x1170 [ 1343.542870][T10344] sysv_new_inode+0xfd3/0x1170 [ 1343.547665][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1343.553302][T10344] ? __pfx_sysv_new_inode+0x10/0x10 [ 1343.558538][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1343.564175][T10344] ? _raw_spin_unlock+0x28/0x50 [ 1343.569025][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1343.574658][T10344] ? __d_add+0x503/0x810 [ 1343.578912][T10344] sysv_mknod+0x4e/0xe0 [ 1343.583073][T10344] ? __pfx_sysv_create+0x10/0x10 [ 1343.588101][T10344] path_openat+0x1a86/0x35f0 [ 1343.592724][T10344] ? __pfx_path_openat+0x10/0x10 [ 1343.597684][T10344] do_filp_open+0x235/0x490 [ 1343.602207][T10344] ? __pfx_do_filp_open+0x10/0x10 [ 1343.607284][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1343.612920][T10344] ? _raw_spin_unlock+0x28/0x50 [ 1343.617864][T10344] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1343.623501][T10344] ? alloc_fd+0x5a1/0x640 [ 1343.627846][T10344] do_sys_openat2+0x13e/0x1d0 [ 1343.632539][T10344] ? __pfx_do_sys_openat2+0x10/0x10 [ 1343.637761][T10344] __x64_sys_open+0x225/0x270 [ 1343.642454][T10344] ? __pfx___x64_sys_open+0x10/0x10 [ 1343.647681][T10344] ? do_syscall_64+0x100/0x230 [ 1343.652461][T10344] ? do_syscall_64+0xb6/0x230 [ 1343.657152][T10344] do_syscall_64+0xf3/0x230 [ 1343.661674][T10344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.667584][T10344] RIP: 0033:0x7f2589775bd9 [ 1343.671997][T10344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1343.691605][T10344] RSP: 002b:00007f258a50f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1343.700025][T10344] RAX: ffffffffffffffda RBX: 00007f2589903f60 RCX: 00007f2589775bd9 [ 1343.707997][T10344] RDX: 0000000000000000 RSI: 0000000000060840 RDI: 00000000209e1000 [ 1343.715969][T10344] RBP: 00007f25897e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 1343.723942][T10344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1343.731907][T10344] R13: 000000000000000b R14: 00007f2589903f60 R15: 00007ffceeaf2c58 [ 1343.739888][T10344] [ 1343.743138][T10344] Kernel Offset: disabled [ 1343.747451][T10344] Rebooting in 86400 seconds..