last executing test programs: 1m31.003108862s ago: executing program 1 (id=361): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x1}, 0x8) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000003840)=[{&(0x7f00000006c0)='O', 0x1}, {0x0, 0x2}], 0x2}}], 0x1, 0x4000000) 1m18.138219638s ago: executing program 1 (id=361): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x1}, 0x8) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000003840)=[{&(0x7f00000006c0)='O', 0x1}, {0x0, 0x2}], 0x2}}], 0x1, 0x4000000) 1m5.399949394s ago: executing program 1 (id=361): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x1}, 0x8) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000003840)=[{&(0x7f00000006c0)='O', 0x1}, {0x0, 0x2}], 0x2}}], 0x1, 0x4000000) 48.723690158s ago: executing program 1 (id=361): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x1}, 0x8) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000003840)=[{&(0x7f00000006c0)='O', 0x1}, {0x0, 0x2}], 0x2}}], 0x1, 0x4000000) 29.677395876s ago: executing program 1 (id=361): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x1}, 0x8) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000003840)=[{&(0x7f00000006c0)='O', 0x1}, {0x0, 0x2}], 0x2}}], 0x1, 0x4000000) 13.34032437s ago: executing program 1 (id=361): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x1}, 0x8) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000003840)=[{&(0x7f00000006c0)='O', 0x1}, {0x0, 0x2}], 0x2}}], 0x1, 0x4000000) 1.808817519s ago: executing program 3 (id=2081): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 1.678201952s ago: executing program 3 (id=2084): syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file2\x00', &(0x7f0000000000), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f00000000c0)='./file2\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) fcntl$setstatus(r0, 0x4, 0x0) r1 = dup(r0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0x20) 1.494947678s ago: executing program 3 (id=2087): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d1000090401011e020d0000090582020002000000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000900)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 848.890849ms ago: executing program 3 (id=2106): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{}, {}, @device_b, @device_a={0x4}}, @channel_switch={0x4, 0x4, {{0x25, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0) 790.227397ms ago: executing program 3 (id=2108): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0) 750.446506ms ago: executing program 4 (id=2109): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x0, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x84}}, 0x0) 738.400123ms ago: executing program 3 (id=2110): syz_mount_image$bcachefs(&(0x7f0000005b00), &(0x7f0000005b40)='./file0\x00', 0x2, &(0x7f0000005b80)=ANY=[], 0x1, 0x5b30, &(0x7f0000005b80)="$eJzs3Q+MXXW9IPBz7p1pZzptmaJALX86QOkWVmBKcYEG48BGwNUighYVpK10Wgb7BzqthSq2kIgGWbbJbpQ1kRCiCRtCcJes6581xSxiVtbYxOUV33s+DGievBesQdA+S5yXmXvOnXvPnN89d+69U1r4fAJz5pz53e/v+z3nN3fO+d3TeyMAAADeFp754uifrl70/p/eM/z67qu+v/nuqK88sb0nbdCfLO94szLkSJrdtXBimR0Xe4dmPfO++z/0/Dc+9a0XX1qwbPk3b73i8O1zV91339AvLjr8s7/eVRQ3HU9nT67Hr8RRdOrPl3313h8/e9L4tjiKonLcvyeKFsSlHy2I08eOjY2Npd+vr+ZZH//J11dsGF/u+crsuu3HZfIw3t/eepJx9qUfbj3ld+dd8fy+X17++mDPX7btmWwS99SMpyiav7b28d1RFPUm/49LR9vC9MHJ8pooiubUPO7igrzOaDL/cwPri5LlrGTZVxAn/fnpmfXuJvPoyix7mnxcq0ozHD+VHr+5M9x/HNie9rMgWX4nWZ49zfjl9P84KsVRV7W7TfHkGIlqjlscxRPHfnK9VDcW4szYiKMozqyXMuvl7kxdE/0mA60cx/Xb03aZ7QPJ9q5k++kFY+26wPZ3pfUmv6iHMvVng/ZN+aZa14Q0r183yOVIKNU8B+VtT/PtSQ5GX7KtLz5+ymPGcqQ/W/3SA0+8uOuhJf2BPOJvx0n8uKX4z22+5MDSXb86uDAUf20piV9qKf7oea8+/vK1PzkpGH9vGr/cUvwXLlz6tR/s3nkouH/+kO6frpbil1eec3j5PYOrg/k/nMbvaSn+I5c/9vX573n68WD+g+n+6W1t/4zseOOGR084GIwfpfHntBT/stdOPGvl1sc2BuM/le6fvpbiPzs6sureWxbvHAjF35/Gn9dS/DN+c+MN+w4MvxDMfyjdP/0txX/vksuuWXVwy/2h5854z5H6Cwvw1vSO5Bzry8l6q9eZ7aq5XniwP66c8/Uk1zXzOtlRxng/82cwPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvT4/0rx/+6/dOe6MrWZ+dfHNaubJMt8+Korg3iqLR7eu2bR/ZsnHg1q07tm1Zt2lg3faB4S3bt905cOG7B7YN37Zp3Z3jPx08d0XlccdHcWUZnzql77GxsbFSf/22tL/PXPSfnxw47cDfRtHgCb84rSuY/4fvWvTvF+R8zYiHxjb9p7Nuennu/91R2dCf5NUfyCsK5HXpo6+s/N33e/9jFA2e2Civf1x25Y/rEprYMBknUZodlSa+mR3Pyc2jmnWST7q/ujaMbBoeLN6/5UAdvz30Pz62c/TmPZX92xOso8n92zs09uct333q5kt3XVPZcLQe96L9nVaR5pfuv55kf89P6pofqKsrUNe9Z53+D3/zXze/sica7Prj4ql9F9XVnQyA7vhdTfWb9jAnrt8nPUn79Iinjzt/++bbzh+9c9e5I5vXbRzeOLxlxYoVF1+44oKLLvh350+UXvnasfrT/v9Nk/UfmfG09aKhkfRrc+OpKK+i/TGeV/H+qM0o9Pv3zo9e+Xd3/8+911Y2FI3ztHX1+SRZzhk/zMujmvE2dV/l1VW0H7oD+2HjdX3/7bWBrf9S9DxUe2Rqv2bEQ2N/HPl/75u778ybKhuOyPN8bUItPs9Xs07y6a593ll+9O7f2VE5qasvN68z73n14///e/FANb9Zs6I71m3fvm155esRquud132+s3VdvPSfb9+19u4FU+q6oPJ1bpLp3Pjk3LyyW9O6Fk98LUfJbkkXUU8pv77uqJJf9u9C+rjsXu1LftYXH59bV1b6s9UvPfDEi7seWhLa0/G3Kz32RvMqy/iUQMtNmQeWqwnn9V80PqIoWlu7Ld2PT333vwzs++mCzYXjozIypnzNljc09oVL5v529Pr9qyobjszzSk1CLT6vVLOezGdif008r1xw9NTx5h3nul+seGhs3ynv3rjif29Pfu2L9m+1dd7+XRFFRc8DizPrM/U8kO1nsn1+vIHMel9Ubul544ULl37tB7t3Hgo+b/yh2eeNz9etldt83ogD4+nAF/77nz934LkPdO554wNLy5/8+8Urkh16tPy+9STjuicwrqtZJ/nEteP6vJu3blpf2X70nv8my/D1T9xVc541eueuz6zbtGl422hzdTV7XpLWld3L4xWVWjgvSX/7ji+4rkuP12RdM/dNM/ur2d+3NP/12f3V4u8b5OmL4pb+nj23+ZIDS3f96mB/IG68tpTEL7UUf/S8Vx9/+dqfnBSMvzeN39VS/PLKcw4vv2dwdTD+w3ESv6el+I9c/tjX57/n6ceD8QfT/HtbO58Y2fHGDY+eEN7/URq/r6X4z46OrLr3lsU7g/H3x0k/4+d2UfTk6ys2VNbjqDt5Hk7z6K7LK8qux5n1Uma9XLteqszBVzsox3H99rRdsv30mlzyXB/Ynp499iysLA+l61H2m8bbjzalmnOCvO1F59cA8FaSvv6fnmukr/8vTv4g1rz+X1nGs+oevzA5n1o4uWniOu/ugcof0unO66V5ZOf10vjLzqyP0eq8XtG83BmZ9Upevck8Wlc1nwbnDXOjJublpvbTeF4uU37xvNnAlzMbuibm9kLHrTuZqch7nTmT79zxCO2eZy/Mz7p6nh0ad9n5jvR1+rjJcZe9LyIdd9n7ItL4izITaK3eF9HauIuq4y6d1mgw7iYqK55PnTouogb7dXJc5EfLjotpjKP+yjia2deljv3r/ZmdfzefEIif/B052q/30+3p80NXk/MAqwPbOzUPkD5dpHn9OqevWQ3y6zTzAAAwef2f/g0ev/4f/1s9kDnPL7puyV5lpPGC97GU8/Mpuv6dej/bnJbO+y577cSzVm59bGPwvPipZu9Lua1ubU7BfSlF+3FJZr1wPwZuBSmad1iaad8XzWtpP57xmxtv2Hdg+IXgfhyqnEgV78e9dWvz2tyPyzLrhfuxOz+rov2Y7ado/J6dWe9L7gia7n5/75LLrll1cMv9wf2+p9n9/nDdWn/Bfk+u0+PYdXp9fNfpR8V1+kzPR75p8wDJvPVMzQNcF9g+3XmAvinfVOua0Gge4Ehqeh4g8HcBAI5l6fV/9X755Pr//2TatXt9GDxvG+rM/azB87bqeW175+XB/Kvn5e29fhmMX70uau+6Jbh/qtct7V13BeNXr7vam6cJ7p+n0v3T3nl/6J8LpOf9x/510czOM7xNr4u6I9dFAAAcQ9Lr//R0Nb3//+lkPXtuPPPXuTN9HTrT19EzPc8w0/Mkx/p17rE+zzDT82zmAbw+Wsw8AADAW8P7k+VNTbbvmriHOIo+ffMtF6xZP/zZNRu2DQ+P3rbu5uE1I1tGtlfbdU9ceU29TzrUX9F90nnt5zRovyYYvz6fKwLtQ9qtP9RfUf157RvVvzYYvz6fKwPtQ9qtP9RfUf157RvVvy4Yvz6fqwLtQ9qtP9RfUf157RvV/+lg/Pp8PhBoH9Ju/aH+iurPa9+o/puD8evz+Q+B9iHt1h/qr6j+ifazopz4+e2z75cZqv+DgfYh7dYf6q+o/rz2jeofDsavz+dDgfYh7dYf6q+o/rz2jerfEIxfn8+qQPuQnPrTDJqqP9RfUf157RvVvzEYvz6fqwPtQ9o9/qH+iurPa9+o/luC8evz+XCgfUi79Yf6K6o/r32j+keC8evzuSbQPqTd+kP9FdWf175R/bcG49fn85FA+5B26w/1V1R/XvtG9X8mGL8+n2sD7UParT/UX1H9ee0b1b8pGL8+n+sC7UParT/UX1H9ee0b1b85GL8+n48G2oe0W3+ov6L689o3qn9LMH59Ph8LtA9pt/5Qf0X157VvVP/WYPz6fFYH2oe0W3+ov6L689o3qv+2YPz6fK4PtA9pt/5Qf0X157VvVP/twfj1+Xw80D6k3fpD/RXVn9e+Uf3bgvHr8/lEoH1Iu/WH+iuqP699o/pHg/Hr8/lkoH1Iu/WH+iuqP699o/q3B+PX53NDoH1Iu/WH+iuqP699o/p3BOPX53NjoH1Iu/WH+iuqP699o/o/G4xfn8+nAu1D2q0/1F9R/XntG9W/Mxi/Pp+bAu2nSG7Eabf+UH9F9ee1b1T/HcH49fmsCbQPqda/fdvw8Jodt61ft314zZat64dH1+zcNrJ9+3ByotbufYnB+8qS+xK7o66G9S/KrB+XvD/QcYH3B8q2T8OePPHN1PcHynbbVfA+OUXHK9t/0fsMLcq8o3VovIWOb9HzQbPjIavu96MySEa2jA5vm/r83dtwf9SOiWjitrneyjI+san22bfrDHRTqPl6ehrWk908O7kRcHZ8QlPto8DnwU1X8/XEwXry8pju59ilYaf1OXaZL1PkvEdrXb0bRieepEfWbRrZNTw1/zlHQf5vzn4sTcmj6PjHmTwWJJksCH3eWyDvnd/5p0d+//v/9cEoGjyhfEpb+y8eGlt76MRP//zS2eeP519qmH+1Zfq5ygWff5htn9bTtWnr6PZ/u2Hrji35r6Cl9zuXquszdL9zUme5yfuXQ/d7TPf+5XjKN0enZu9fBgAAeLtI//1/er26MJn6XpCZImh+Hri9fx8dnAfe39w8cHY2omgeONs+LbvZeeC+NueBs/2H5mlLDdo3et2l2XngTwbaT1fz46S99wEIjpNkTxWNk+y/wy8aJ9n20x0nvW2Ok2z/ReMkr32j16ebHSfXB9qHND8e2nvfieB4GGxuPGQ/V7NoPGTbT3c89LQ5HrL9F42HvPaN7tdpdjx8NNC+Wc2Pj/beFyY4PtY2Nz6yn5dSND6y7ac7PuI2x0e2/6Lxkde+0f2MzY6PjwTap5o//u29b0/w+O9t7vhnP7el6Phn20/3+JfaPP7Z/ouOf177RvdzN3v8rw60T9Uf//EDP3Hch9fs3Lqt9h7omf7clpDm85vZz61pVfP5z+z7Ps18/jP7vlIzn397103B/Pe390pX8/nP7OcSteqIvR6b/FvNovefKnqd9hOB7dN9nXbWlG+OTl6nBQAAgJmXvv6ffhx/+v7wX0mWgY/pb9mx//nePn87N36HPn+7aB7TfF6Dzo4C5vMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Y3bXwonlM18c/dPVi97/03uGX9991fc33713aNYz77v/Q89/41PfevGlBcuWf/PWKw7fPnfVffcN/eKiwz/7612Fgfsri7OT1Z4oil+Jo+jUny/76r0/fvak8W1xFEXluH9PFC2ISz9aEGciDP4liqL11Tzrf/jk6ys2jC/3fGV23fbjMkGydUV95TSfujyjOwor4hjUk4yzL/1w6ym/O++K5/f98vLXB3v+sm3PZJO4p2Y8RdH8tbWP746iqDf5f1w62hamD06W10RRNKfmcRcX5HVGk/mfG1hflCxnJcu+gjjpz0/PrHc3mUdXZtnT5ONaVZrh+Kn0+M2d4f6zT27ZfhYky+8ky7OnGb+c/h9HpTjqqna3KZ4cI1HNcYujeOLYT66X6sZCnBkbcRTFmfVSZr3cnalrot9koJXjuH572i6zfSDZ3pVsP71grF0X2P6utN7kF/VQpv5s0L4p31TrmpDm9esGuRwJpZrnoLztab49ycHoS7b1xcdPecxYjvRnq1964IkXdz20pD+QR/ztOIkftxT/uc2XHFi661cHF4biry0l8UstxR8979XHX772JycF4+9N45dbiv/ChUu/9oPdOw8F988f0v3T1VL88spzDi+/Z3B1MP+H0/g9LcV/5PLHvj7/PU8/Hsx/MN0/va3tn5Edb9zw6AkHg/GjNP6cluJf9tqJZ63c+tjGYPyn0v3T11L8Z0dHVt17y+KdA6H4+9P481qKf8Zvbrxh34HhF4L5D6X7p7+l+O9dctk1qw5uuT/03BnvOVJ/YQHemt6RnGN9OVlv9TqzXTXXCw/2x5VzvrnJ//M62VHGeD/zZzA+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvTcNXPrj7yv1rruqKoygOtBnLkf6sPGtoaKCFfssrzzm8/J7B1bXbFrYQBwAAACiWXoeXqlt6ooXRzrg3Ojm3fTpHcHK6Ftdvz84h9E627EicUofilDsUp6tDcbo7FGdWh+LM7lCcnoI4PVFzcXobxik1nc+cDsXp61CcuW3HqYzkeR3KZ36H4hzXoTj9DeM0Pw4XdCjO8R2K844OxXlnh+Kc0KE4J3YozkkdipOdU57uOJyXtFwUijPxTbkwTldcrv4gbz497efUzBNmaZr99DXZT3bOfrr99DbZz5lt9tPTZD9L2+wnbrKfs9vsp1TQTzpu78jml/aTrhWP/0NjURTd2X6cieWuDsX5XIfifL5Dce7qUJwvdCjO7jbjADQrvf6fvG7sj2Z3XRrNSZ5xsrMA6fXu4sqjpzwf9WQv0BNpvFMy22cVxcteqGfiLe5wfmdktnfXxeuqnjc1iNdfG29J5oeF9WYnFDL5LZtuvOzEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMoOErH9x95f41V0VxNP5frrEc6c/Ks4aGBlrod/VLDzzx4q6HltRum93VQiAAAACgUHod3l3d0hP9K7v2FyNXVT8A/Nyd2ZlhW/hNf4E6kEJHSitGpKWL8ic1XPRhlhiUAEYDprulDOuG7S6y2xRWZK0PxAcNJJq4+mR4whAe1KCoJMuDxqAkbKLYRFBeJIoGSICEmpiM2Z17519ndtYR7QKfz8O5957zPed7z2zT5Htm8tm9IRfl2uIKyTlAIXnOFOvXqDy0dh2Jtq0bn03i984fuWvv3L0LH546cmiyOlmdGR0dvfLy0f1X7P/o3jumpqv76m3I91lvOFlv7t6FOw9NT1fvnqs/d753KZlXanZNrDbHk/f+/z55oiS+mee/d9P/rwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdXtbK0WFkZHxuJQoh6xNS6SMcyuTguD5D32je377569tHJ1r58doCFAAAAgL7SOny40VMI+WwmZMK5a08XNkOLITTrfgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L2nWllarKyMj22JQoh6xNS6SMcyuTguD5D3N3NT1z/whZ3HWvtK68TnB8gBAAAA1KV1+FCjpxBKYVcYjs5ti0vPBs7rmN8Zl65z/gbjOs8OesXt2mDcng3GfbBP3KeS6z0BAAAA3vnS+j/b6CmGfPbMnvV/v7o+jdvZEZdJroP8VgAAAAD4z6T1f67RUwr5bKlRr2+03r+wIy6d3+97+3R+v+/t07iLe+Tp/D4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANi8qpWlxcrK+FgmCiHqEVPrIh3L5OK4PEDeFy/f8+2fLx472dqXzw6wEAAAANBXWoc3S+9CyGdHwnDYslb3X7nn719cmDi+bbiYDOdy4Z5D8/N376+3adyur77+ud/9NCqfEndZvT0tmwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN5W1crSYmVlfOyMKISoR0yti3Qsk4vj8gB5X5w6+s9bHznntda+0gDrAAAAAP2ldXiz9i+EUsiFXNi+9tRa668a6pjf68wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePeYu3fhzkPT09W7N9NNJmyK13Dj5r17c7r/ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADaLamVpsbIyPlaIQoh6xNS6SMcyuTguD5D34Y8/+t2zPvKLx1r7SgOsAwAAAPSX1uHN2r8QSmE4DIdz1p66nQms1f/F/+FLAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAm0K1srRYWRkfOzMKIeoRU+siHcvk4rg8QN4L//z5W5dPVF9s7ctnB1gIAAAA6Cutw3ONnkLIZy8L+bAjeZ5unxBlkmv3c4HmvLvapo1seN59bfMyG573tY6dZZPd1OcV0vWK9WtjXvnUeeUQQimZV2oOTLTNCw+1zTpzw+/5vbZ5xT7zAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGxC1crSYmVlfCyKQoh6xNS6SMcyuTguD5D3uSNXndiz8MfXWvtKA6wDAAAA9JfW4c3avxBK4fxwVjh/re4Pxfb4NO7AI69c/defnfGNEPZt/+0F2Z7r/+Xiyi87mxCG2oOGQvi/JF/UI9+xH//t4Vdf/cknQ9h3TmbHKfmy6+drXzKuTZzcftuzB/J7+3w4AAAA8C6R1v/DjZ5iyGdnetb/aaH9b9X/s2ffdN+2pE0q8o4ZQ8Uk31CPfHde8c0flS848YfV+n+9fJ/+8nmf2BZmr4in0rbe0yGKa9MP7j748tanj6a7rufPdORPP5eXTv7wM8fmDn+lnr8QCkn/edlu+U9tO5wR196aeeKpwwcWbmjPn+2x/wd2v/9Pv//OkVdW87+xc6SR/wPr7H/9/GffXHn++OMP3dief7hH/smbtnz/zfLsPzr3P9KxcPLJ1//gLX+FDlFce2PqmWu2Lu862J4/hDDRGph+/k898a3y8q+3HUnzp78VuXhXR/6Wf2qtbceZUxTXlndcMjn65PyW9vxRR/50/yfu/8FbXzrx3HWd+7+9c/8983fu/7o9mVte2Dk6yI9nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeAaqVpcXKyvhYyIQQ9YipdZGOZXJxXB4g78cuuvaG61+b+XprXz47wEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA26ZaWVqsrIyPDUUhRD1ial2kY5lcHJcHyDt36euPvXzjr97X2lcaYB0AAACgv7QOb9b+hVAKuZALI2t1/8TJ7bc9eyC/NxTro1FyzU7Pzs1/6I7ZozO3n6Y3BwAAADYqrf+zjZ5iyGcvCsNJ/b+845LJ0Sfnt6T1fwhhYrUp3DE1XR0NjXOC6/Zkbnlh52i5cU7QGnfp4dnp5JggXff+q7a+NPfZleu7rru/GffG1DPXbF3edTCNG06ua3GXNeOmH9x98OWtTx9N44bSc4rVuH3NuLdmnnjq8IGFG9LxTOt6LXFn31x5/vjjD93YWCe5jiR5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7FDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbrKMSqIo4D8My9u3r1rttuUW5SpGKiQbJSUQnRKiQ9tCEFvljgQ1ZGJrWEIYSbkIVJ+FQRFBEFgUhB0EMRFpRBEgUR2kMY2kM9xEa0IW5U7O7M7t2jp91OrYJ8HxzGmXPPb/5nznj2XgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM6vuW09Y+3hpwd+v3PRbZ/v3jK86/b3tz21v2/O4Vv33XHslXvfPHGye8XqNx5aP/JoR//evX1f3zjyxZ9PThv8xHizMnUbIcSfYwhXfrnihT2fHlk4OhZDCPXYNRhCd6x93B0LCb2nQwj3TdQ59eS7w9fdP9oOPjd3yvhFhZDifYVmPdczrmtqvVxYGmmfPfPh9it+XLX+2KFv1w33Nk4/Njj5kdho2U8hdG5uvb49hDAvHaPybuvJF6d2Qwhhfst1N01T19IZ1n9tSX9RauektjlNTj6/pNBvn2EdbYW2McPrqqrNcn6Wn1/HLM9ffLkV5+lO7XupXfkv8+v5iKEWQ9vEdA/HyT0SWp5bDHHs2U/2a1P2QizsjRhCLPRrhX69vXBfY/OmjVaPcep4/lxhfHEab0vjS6bZa3eXjF+e7zf9Rz1VuP9iaPOMf0zc15hc1/f/UMu5UGt5B51tPNfbSA+jmcaa8eIzrvnrLPK5jSeff/vEzleXdZXUEd+JKT9Wyv9m281Hl+/8bqinLH9zLeXXKuUPrPr14E93fbawNH9/zq9Xyj9+/fIXP9i141Tp+vyS16etUn59zTUjq3f3biyt/7Wc36iU//q6Ay933vDJwdL6e/P6zKu2Plsf/2PTW5cOleaHnD+/Uv7a3y67es32Aw+U5n+U16dZKf/IwNb+PQ9etWNxWf5XOX9BpfylP9yz6dDRLcdL6+/L69NVKf+WZWs39A89sq/s3RkHz9VfWIAL0yXpO9azqV/1d+Z/1fJ74aWuOP6dryMdC/7PiQpG5+mcxXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL/ZgQMSAAAAAEH/X7cjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeCgAA//+dTVd5") 665.563687ms ago: executing program 4 (id=2112): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="70000000140009050000000000000000020100ff", @ANYRES32=r1, @ANYBLOB="1400060006000000000000f0000000000000000008000200ac1414aa08"], 0x70}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d80)=@ipv4_newaddr={0x44, 0x14, 0x509, 0x0, 0x0, {0x2, 0x1, 0x0, 0x0, r4}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0xf0000400}}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x80}, @IFA_ADDRESS={0x8, 0x1, @multicast2}]}, 0x44}}, 0x0) 597.561564ms ago: executing program 4 (id=2115): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) write$binfmt_misc(r0, &(0x7f0000001b40)=ANY=[], 0x3a7) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000002c40)="4c053425c292a724cee5e7b46297ca7d4dd9c5097c85f9fc9719785f26f00334e5fad57d1c8ae64a8242805a4a2370a9ec422947c030cad8170e303883653e41bbfe71ae3a83c1bc83680a503d59fb2481f399a0952a433a8bb92dff8721b37ce194fea8c022084bbf8e19e008b0013e41f4ba222329d48d0081470c92d2652e74b7b0dbae718f8b789a64619b6486f8c30f365473cf56b6f6b92d040de77ff8cb16220c6b3c3c0c0ebeddbfda2da6a92e9ba05c41f7317cfad58e2e6988fa8e3fe867f204f02392b909aed27efb5d3be750208266cbb47e69c18296b6b512ad958b551358effc67c2eeb062785f44c12182cacae686b129c239384122eb9a5842337cd3cc061ce3ba7f63fede1c9224bddec74124202d3f1d828e31fb838a6fe4064c8c3b0ceb08a8a05d1f1a232a019106204d20ccfa32f1058a5bca0f946dd1efb0a6305300f1214e0d0fc11d8631b9a0d4732c74d5a3e9f82fd7ddc809181ac711cd0a5e90e59e0d95f669c13d237891fed2842f48dd04865a846fd157a614476a6882f0661ac9bdf9d010a956df9e61254c7eaeaf409c505bc23128c2bc37a8dfa65a9af9be973fb70e4d68235f85cdcb362f52c932e7da7ff2e2df339f90f2ae62c679516c8b3a859ceb52754aa1abecdf51ee7f64b4fcc769a8ab50d45f37a73d4f3eec5057a74060cb792faad971835835b51e422d59fbaf35273c8765180666cd3d52b4b7922eb245602d217a066b708598916296d06bab7ece49abc0e743e06270e108708e25b2a8cfec9b33f6f97a8377c2f2a151a45db18887170924ce84d1991d8b92e3e3019a6b0c5a9f1cc8fbfafff99353ea8505b00cedd237eec69605d398a388d1ac916fa84557f1e0d08e52035b27ff166dbbe76df5221d4d0e1b5d6a7aca1f84e1a5a8e07a43e83d8f2a994cc97e28faf57c354eea12dd0f1060cf406a33a9a7a1991c2d4d44afd04975d19dd48477c43f3f2f01e405f384768b58389e88c100ba87a2e41e75944b15d28c9a0651edd246176f5181e90252879b50e07af7ff185d62ce2ea314e4958c1a0ca6f5e30985ac4e474b71fbc0fc7eef9472c22d010a18d5dddbd06b230675475efeba4d8a46c0983b40ef6d09e1f87060a82a4b6b45a2e9a6dc0a31fce06aa9ac17ee4bcaf225dc67bb7d8226890a52697fdf85e152b41dbcf64aa999d4eeb50a82c2dfc4ca2506ec34c44e8e1bef940216e2b412b7e863224331aab0ff2febb73312b6251602a815f9172a5d3d6d0c9a3e0b03c75d3687df116f87293e9b2fe7579d6cd0aae0abb43d4d4b3299e3bf7d993eeacc360ab79abb80a3b3b2823dd4a4e3542bd87e7e612545680cc19d53d3618372910dbba9006d245d96f256fbbba115a20f1c852a58f98a32bdfeb497c2f3b5d00fe6a357c0c6301f4b279e0549002117475ada8e8b91eadabdc43ce6b405648c23c194fab66aabf7c88c32ad425ea5aa0780fdfbb4117b615ed1683cc0b06a46870fe2aceab08b9018f6c14a5fdf0dde4732ae4a94f7b16a69a31db9e7996746f30a52f155976657", 0x450}], 0x1}}], 0x1, 0x0) 498.220319ms ago: executing program 4 (id=2117): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev, 'lo\x00'}}, 0x1e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) writev(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x8000400) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) pselect6(0x40, &(0x7f00000007c0), &(0x7f0000000800)={0x7f}, 0x0, 0x0, 0x0) 456.054318ms ago: executing program 2 (id=2118): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{}, {}, @device_b, @device_a={0x4}}, @channel_switch={0x4, 0x4, {{0x25, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0) 452.796057ms ago: executing program 0 (id=2119): syz_read_part_table(0x105c, &(0x7f0000001080)="$eJzsz71Rw0AQBeCnQ0gioBUSOqAHEopBKZUQ0Ae9uAaPPeuR/NeB7eD7gpt7N+9mZ8N9tWxr8V+pLsmwHHPLW6bkJW0tffRTltynxlQyX77XuD91fp6/h7RNxjV9vXe7quuY1+TpePvtz29dPv9utSYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLJDAAAA//+4SRWs") r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000001840)={0x1, &(0x7f0000001880)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1}}], 0x2, 0x16da) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000140)=[{&(0x7f00000000c0)="39000000130003470fbb65e1c3e4ffff06006000010000005600000025000000190004000400000007fd17e5ff8e0606040020000000000000", 0x39}], 0x1) sendto$inet(r0, &(0x7f00000002c0)="1e777778b5d17296", 0x8, 0x50, 0x0, 0x0) 398.200981ms ago: executing program 2 (id=2120): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000f80)={[{@sysvgroups}, {@orlov}, {@nogrpid}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@oldalloc}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4c9, &(0x7f0000001900)="$eJzs3MtvFdUfAPDvTF+8W/jxe8APpYrGRrSFgsrCBRpN2JiY6EI3JrUUghQwtCZCiIAxuDT+BerSxMSVG1eaGKOuNG51b0yIYQO6MNfMnZky7e293NsH1d7PJ5n2nHn0nO+ZOfeeO+dOA+haw9mPJGJLRPwUEYN5dv4Ow/mvWzcuTf5+49JkErXaC78l9f1u3rg0We5aHre5yIykEek7SRxdpNyZCxdPT0xPT50v8mOzZ14fm7lw8dFTZyZOTp2cOjt+5MjhQwefeHz8sRWJM4vr5u63zu3Zdezl95+brMWr336S1XdLsb0aR25o2WUOx/CGiKhlbq/tr/98cNl//e9layWd9K5hRehIT0Rkp6uv3v8Hoydun7zBePbtucxXa1RBYNVk703bG9b2FL/T/M0LWKcSfRy6VPmOn33+LZe7Of5Ya9efqt+rOJrFfatY8i29kWabhvJP7D1Njv/PMsvfEhEvXfnjg2yJRe9DAACsrC+y8c8ji43/0nljm23FHMpQROyPiB0R8a+I2BkR/y7GQf+NiP91WP7wgnzj+OeHjUsKrE3Z+O/JYm4rX16Ziz+XzOW21uPvS06cmp46ULTJSPQNnLhDDb985sf3mm0broz/siWrQzkWLOrxa+/A/GOOT8xOLDXeha5fjdjdW42/bP9kbiYga4FdEbF7CX8/a7NTD3+8J0tv29y4vTH+bKRdjb+FFZhnqn0U8VB+/q/EgvhLSV5Ss/nJsQ0xPXVgrLwqGn33/bXnq/m+SjqPvxJJGzFt6DzMprLzvykWP/91ZTco52tnOi/j2s/vNv1M03j+k6w9Korrv9LHsuu/P3mxnu4v1r05MTt7/mBEf7Fi3vrx28eW+XL/LP6RfYvFn2avcX9+WBz3/4jILuJ7IuLeiNhb1P2+iLg/Iva1iP+bpx94rXULter/qyuL/3ir8x8xlFTn6xsTvdF0U57oOf31583Kb+/173A9NVKsaef1r0V15iWW03YAAADwT5HW56CTdLRMV25O7YxN6fS5mdn9w/HG2eP5XPVQ9KXlna7Byv3Qg8W94TI/viB/KCK2179ptLGeH508N711LQMH6s/qzOv/kaajo/m2X5p96QVYPzqaR6s+HfjpZytfGeCu8rwmdC/9H7qX/g/dS/+H7rVY/78ccWsNqgLcZd7/oXt11v+9WsB6okdD99L/oSs1PhJf/qOF9p6fb5bYcWxZh696oja4Kn/5SudH9cxcuLqC1YiI+r/PyBLReufaQP5tzqWVFWnrffrvUHqeuLw2F0B6x32OLrFZOkjsLRIDEdHuUZfbatUVupAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWgb8CAAD//4ZTzeE=") 298.689647ms ago: executing program 0 (id=2121): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 282.122796ms ago: executing program 0 (id=2122): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x0, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x84}}, 0x0) 276.451693ms ago: executing program 4 (id=2123): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x9, 0x0, 0x1, @counter={{0x4, 0x2}, @void}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0) 253.660388ms ago: executing program 2 (id=2124): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0) 230.996757ms ago: executing program 0 (id=2125): syz_read_part_table(0x108e, &(0x7f00000010c0)="$eJzsz8FN60AQBuA/iRM/d/FaQOKI5Ig6KIY0QAscqIIDiDtNIKoAhDRobWPRARy+7+Bdz87OzoTfVYckx/Uv9fI4bzfJdVtPY94/q2qTdD8v7v6n+jyfXVzlo6ajqqqWOeRfkrfzQ4u8TslP7axt+vZcugyn7VqpX9ZjlifuupvkthUZlox9ss3Yenq4b4F9spubvPzufDuF+7l8lupdqjLO06zfZVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DO+AgAA///smCrY") 155.018423ms ago: executing program 2 (id=2126): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="70000000140009050000000000000000020100ff", @ANYRES32=r1, @ANYBLOB="1400060006000000000000f0000000000000000008000200ac1414aa08"], 0x70}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d80)=@ipv4_newaddr={0x44, 0x14, 0x509, 0x0, 0x0, {0x2, 0x1, 0x0, 0x0, r4}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0xf0000400}}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_RT_PRIORITY={0x8, 0x9, 0x80}, @IFA_ADDRESS={0x8, 0x1, @multicast2}]}, 0x44}}, 0x0) 105.912554ms ago: executing program 0 (id=2127): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) write$binfmt_misc(r0, &(0x7f0000001b40)=ANY=[], 0x3a7) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) socket(0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000002c40)="4c053425c292a724cee5e7b46297ca7d4dd9c5097c85f9fc9719785f26f00334e5fad57d1c8ae64a8242805a4a2370a9ec422947c030cad8170e303883653e41bbfe71ae3a83c1bc83680a503d59fb2481f399a0952a433a8bb92dff8721b37ce194fea8c022084bbf8e19e008b0013e41f4ba222329d48d0081470c92d2652e74b7b0dbae718f8b789a64619b6486f8c30f365473cf56b6f6b92d040de77ff8cb16220c6b3c3c0c0ebeddbfda2da6a92e9ba05c41f7317cfad58e2e6988fa8e3fe867f204f02392b909aed27efb5d3be750208266cbb47e69c18296b6b512ad958b551358effc67c2eeb062785f44c12182cacae686b129c239384122eb9a5842337cd3cc061ce3ba7f63fede1c9224bddec74124202d3f1d828e31fb838a6fe4064c8c3b0ceb08a8a05d1f1a232a019106204d20ccfa32f1058a5bca0f946dd1efb0a6305300f1214e0d0fc11d8631b9a0d4732c74d5a3e9f82fd7ddc809181ac711cd0a5e90e59e0d95f669c13d237891fed2842f48dd04865a846fd157a614476a6882f0661ac9bdf9d010a956df9e61254c7eaeaf409c505bc23128c2bc37a8dfa65a9af9be973fb70e4d68235f85cdcb362f52c932e7da7ff2e2df339f90f2ae62c679516c8b3a859ceb52754aa1abecdf51ee7f64b4fcc769a8ab50d45f37a73d4f3eec5057a74060cb792faad971835835b51e422d59fbaf35273c8765180666cd3d52b4b7922eb245602d217a066b708598916296d06bab7ece49abc0e743e06270e108708e25b2a8cfec9b33f6f97a8377c2f2a151a45db18887170924ce84d1991d8b92e3e3019a6b0c5a9f1cc8fbfafff99353ea8505b00cedd237eec69605d398a388d1ac916fa84557f1e0d08e52035b27ff166dbbe76df5221d4d0e1b5d6a7aca1f84e1a5a8e07a43e83d8f2a994cc97e28faf57c354eea12dd0f1060cf406a33a9a7a1991c2d4d44afd04975d19dd48477c43f3f2f01e405f384768b58389e88c100ba87a2e41e75944b15d28c9a0651edd246176f5181e90252879b50e07af7ff185d62ce2ea314e4958c1a0ca6f5e30985ac4e474b71fbc0fc7eef9472c22d010a18d5dddbd06b230675475efeba4d8a46c0983b40ef6d09e1f87060a82a4b6b45a2e9a6dc0a31fce06aa9ac17ee4bcaf225dc67bb7d8226890a52697fdf85e152b41dbcf64aa999d4eeb50a82c2dfc4ca2506ec34c44e8e1bef940216e2b412b7e863224331aab0ff2febb73312b6251602a815f9172a5d3d6d0c9a3e0b03c75d3687df116f87293e9b2fe7579d6cd0aae0abb43d4d4b3299e3bf7d993eeacc360ab79abb80a3b3b2823dd4a4e3542bd87e7e612545680cc19d53d3618372910dbba9006d245d96f256fbbba115a20f1c852a58f98a32bdfeb497c2f3b5d00fe6a357c0c6301f4b279e0549002117475ada8e8b91eadabdc43ce6b405648c23c194fab66aabf7c88c32ad425ea5aa0780fdfbb4117b615ed1683cc0b06a46870fe2aceab08b9018f6c14a5fdf0dde4732ae4a94f7b16a69a31db9e7996746f30a52f155976657", 0x450}], 0x1}}], 0x1, 0x0) 104.65868ms ago: executing program 2 (id=2128): syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file2\x00', &(0x7f0000000000), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f00000000c0)='./file2\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) fcntl$setstatus(r0, 0x4, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x20) 90.818903ms ago: executing program 4 (id=2129): unshare(0x4000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, 0x0, 0x0) write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0'}, 0xb) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38) ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0) 5.435304ms ago: executing program 2 (id=2130): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{}, {}, @device_b, @device_a={0x4}}, @channel_switch={0x4, 0x4, {{0x25, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0) 0s ago: executing program 0 (id=2131): syz_read_part_table(0x105c, &(0x7f0000001080)="$eJzsz71Rw0AQBeCnQ0gioBUSOqAHEopBKZUQ0Ae9uAaPPeuR/NeB7eD7gpt7N+9mZ8N9tWxr8V+pLsmwHHPLW6bkJW0tffRTltynxlQyX77XuD91fp6/h7RNxjV9vXe7quuY1+TpePvtz29dPv9utSYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLJDAAAA//+4SRWs") r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000001840)={0x1, &(0x7f0000001880)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1}}], 0x2, 0x16da) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000140)=[{&(0x7f00000000c0)="39000000130003470fbb65e1c3e4ffff06006000010000005600000025000000190004000400000007fd17e5ff8e0606040020000000000000", 0x39}], 0x1) sendto$inet(r0, &(0x7f00000002c0)="1e777778b5d17296", 0x8, 0x50, 0x0, 0x0) kernel console output (not intermixed with test programs): 142.728898][ T7681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 142.767207][ T7681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 142.816993][ T7681] bond0 (unregistering): Released all slaves [ 142.927235][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 142.934894][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 142.943523][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 142.946074][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 142.948971][ T52] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 142.951055][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 142.962811][T10572] hsr_slave_0: entered promiscuous mode [ 142.992630][T10657] loop2: detected capacity change from 0 to 8192 [ 142.996210][T10572] hsr_slave_1: entered promiscuous mode [ 143.019619][T10660] loop3: detected capacity change from 0 to 512 [ 143.026248][T10572] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 143.028164][T10572] Cannot create hsr debugfs directory [ 143.031286][T10657] loop2: p1 p2 p3 p4 [ 143.032405][T10657] loop2: p1 size 108922248 extends beyond EOD, truncated [ 143.042805][T10657] loop2: p2 start 861536256 is beyond EOD, truncated [ 143.049409][T10657] loop2: p3 start 851968 is beyond EOD, truncated [ 143.051485][T10657] loop2: p4 size 65536 extends beyond EOD, truncated [ 143.080080][T10660] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 143.114965][T10657] netlink: 'syz.2.1495': attribute type 4 has an invalid length. [ 143.217046][T10650] wg0 speed is unknown, defaulting to 1000 [ 143.322728][ T9341] udevd[9341]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 143.351058][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 143.575104][ T7681] hsr_slave_0: left promiscuous mode [ 143.628370][ T7681] hsr_slave_1: left promiscuous mode [ 143.680447][T10708] loop3: detected capacity change from 0 to 512 [ 143.696260][ T7681] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.701508][ T7681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.710192][T10708] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 143.720806][T10708] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 143.724107][T10708] EXT4-fs (loop3): This should not happen!! Data will be lost [ 143.724107][T10708] [ 143.727020][T10708] EXT4-fs (loop3): Total free blocks count 0 [ 143.728658][T10708] EXT4-fs (loop3): Free/Dirty block details [ 143.730262][T10708] EXT4-fs (loop3): free_blocks=65280 [ 143.731679][T10708] EXT4-fs (loop3): dirty_blocks=1 [ 143.733082][T10708] EXT4-fs (loop3): Block reservation details [ 143.734660][T10708] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 143.752632][ T6293] EXT4-fs unmount: 5 callbacks suppressed [ 143.752646][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.418012][ T6307] Bluetooth: hci0: command tx timeout [ 144.976037][ T6307] Bluetooth: hci3: command tx timeout [ 145.341569][ T7681] team0 (unregistering): Port device team_slave_1 removed [ 145.516998][ T7681] team0 (unregistering): Port device team_slave_0 removed [ 146.359238][ T7001] smc: removing ib device syz1 [ 146.497985][ T6307] Bluetooth: hci0: command tx timeout [ 147.055974][ T6307] Bluetooth: hci3: command tx timeout [ 147.475760][T10728] __nla_validate_parse: 5 callbacks suppressed [ 147.475777][T10728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1512'. [ 147.583761][T10733] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1514'. [ 147.724111][T10650] chnl_net:caif_netlink_parms(): no params data found [ 147.782599][T10745] loop2: detected capacity change from 0 to 8192 [ 147.799472][T10754] loop0: detected capacity change from 0 to 512 [ 147.825294][T10650] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.834024][T10745] loop2: p1 p2 p3 p4 [ 147.835261][T10745] loop2: p1 size 108922248 extends beyond EOD, truncated [ 147.842233][T10650] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.851990][T10650] bridge_slave_0: entered allmulticast mode [ 147.854182][T10650] bridge_slave_0: entered promiscuous mode [ 147.856246][T10745] loop2: p2 start 861536256 is beyond EOD, truncated [ 147.858037][T10745] loop2: p3 start 851968 is beyond EOD, truncated [ 147.859749][T10745] loop2: p4 size 65536 extends beyond EOD, truncated [ 147.866369][T10754] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.870589][T10650] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.874621][T10754] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 147.884593][T10650] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.889951][T10754] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 147.891411][T10650] bridge_slave_1: entered allmulticast mode [ 147.893194][T10754] EXT4-fs (loop0): This should not happen!! Data will be lost [ 147.893194][T10754] [ 147.893215][T10754] EXT4-fs (loop0): Total free blocks count 0 [ 147.905632][T10650] bridge_slave_1: entered promiscuous mode [ 147.906045][T10754] EXT4-fs (loop0): Free/Dirty block details [ 147.922907][T10754] EXT4-fs (loop0): free_blocks=65280 [ 147.924309][T10754] EXT4-fs (loop0): dirty_blocks=1 [ 147.925578][T10754] EXT4-fs (loop0): Block reservation details [ 147.937924][T10754] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 147.950695][T10650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.954602][T10650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.966530][T10745] netlink: 'syz.2.1517': attribute type 4 has an invalid length. [ 147.971372][ T6292] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.005804][T10650] team0: Port device team_slave_0 added [ 148.023644][T10650] team0: Port device team_slave_1 added [ 148.055575][T10650] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.062467][T10650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.081808][T10650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.137090][T10650] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.138954][T10650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.145575][T10650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.173994][T10783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1523'. [ 148.225700][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 148.237893][T10650] hsr_slave_0: entered promiscuous mode [ 148.252499][ T8962] udevd[8962]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 148.266928][T10650] hsr_slave_1: entered promiscuous mode [ 148.277723][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 148.282813][ T9341] udevd[9341]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 148.316171][T10650] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.318187][T10650] Cannot create hsr debugfs directory [ 148.325041][T10572] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 148.328958][T10572] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 148.333508][T10572] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 148.347907][T10572] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 148.479147][T10650] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.576118][ T6307] Bluetooth: hci0: command tx timeout [ 148.907902][T10650] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.927205][T10800] loop2: detected capacity change from 0 to 512 [ 148.973073][T10800] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.003592][T10800] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 149.010321][T10800] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 149.025913][T10800] EXT4-fs (loop2): This should not happen!! Data will be lost [ 149.025913][T10800] [ 149.028497][T10800] EXT4-fs (loop2): Total free blocks count 0 [ 149.029340][T10650] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.031289][T10800] EXT4-fs (loop2): Free/Dirty block details [ 149.044513][T10800] EXT4-fs (loop2): free_blocks=65280 [ 149.046789][T10800] EXT4-fs (loop2): dirty_blocks=1 [ 149.048094][T10800] EXT4-fs (loop2): Block reservation details [ 149.049648][T10800] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 149.054747][T10807] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1533'. [ 149.136082][ T6307] Bluetooth: hci3: command tx timeout [ 149.149349][ T6302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.177486][T10650] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.192548][T10572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.209029][T10572] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.214455][ T6344] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.216474][ T6344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.237156][ T6344] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.239180][ T6344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.280212][T10572] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 149.283072][T10572] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 149.357542][ T7681] bridge_slave_1: left allmulticast mode [ 149.361095][ T7681] bridge_slave_1: left promiscuous mode [ 149.365752][ T7681] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.383730][ T7681] bridge_slave_0: left allmulticast mode [ 149.385271][ T7681] bridge_slave_0: left promiscuous mode [ 149.387457][ T7681] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.266526][T10864] loop0: detected capacity change from 0 to 8192 [ 150.307197][T10864] loop0: p1 p2 p3 p4 [ 150.308371][T10864] loop0: p1 size 108922248 extends beyond EOD, truncated [ 150.315403][T10864] loop0: p2 start 861536256 is beyond EOD, truncated [ 150.317456][T10864] loop0: p3 start 851968 is beyond EOD, truncated [ 150.319229][T10864] loop0: p4 size 65536 extends beyond EOD, truncated [ 150.808613][ T7681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 150.848372][ T7681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 150.892474][ T7681] bond0 (unregistering): Released all slaves [ 151.015917][T10864] netlink: 'syz.0.1544': attribute type 4 has an invalid length. [ 151.141362][T10883] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1548'. [ 151.210580][T10887] loop0: detected capacity change from 0 to 512 [ 151.216605][ T6307] Bluetooth: hci3: command tx timeout [ 151.218689][T10871] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1545'. [ 151.242660][T10887] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.247433][T10572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.259200][T10650] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 151.292973][T10887] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 151.313475][T10887] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 151.323956][T10887] EXT4-fs (loop0): This should not happen!! Data will be lost [ 151.323956][T10887] [ 151.336346][T10650] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 151.343368][T10887] EXT4-fs (loop0): Total free blocks count 0 [ 151.344962][T10887] EXT4-fs (loop0): Free/Dirty block details [ 151.347768][T10650] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 151.357482][T10887] EXT4-fs (loop0): free_blocks=65280 [ 151.359006][T10887] EXT4-fs (loop0): dirty_blocks=1 [ 151.360316][T10887] EXT4-fs (loop0): Block reservation details [ 151.361753][T10887] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 151.367441][ T9341] udevd[9341]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 151.385448][ T8962] udevd[8962]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 151.412005][ T6292] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.492083][T10650] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 151.588863][ T7681] hsr_slave_0: left promiscuous mode [ 151.636882][ T7681] hsr_slave_1: left promiscuous mode [ 151.716044][ T7681] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.718251][ T7681] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 151.720847][ T7681] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.722932][ T7681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 151.735003][ T7681] veth1_macvtap: left promiscuous mode [ 151.736643][ T7681] veth0_macvtap: left promiscuous mode [ 151.738105][ T7681] veth1_vlan: left promiscuous mode [ 151.739500][ T7681] veth0_vlan: left promiscuous mode [ 152.198179][T10915] loop2: detected capacity change from 0 to 8192 [ 152.243546][T10915] loop2: p1 p2 p3 p4 [ 152.244914][T10915] loop2: p1 size 108922248 extends beyond EOD, truncated [ 152.256093][T10915] loop2: p2 start 861536256 is beyond EOD, truncated [ 152.257995][T10915] loop2: p3 start 851968 is beyond EOD, truncated [ 152.259632][T10915] loop2: p4 size 65536 extends beyond EOD, truncated [ 153.410897][ T7681] team0 (unregistering): Port device team_slave_1 removed [ 153.568427][ T7681] team0 (unregistering): Port device team_slave_0 removed [ 153.617949][ T6299] Bluetooth: hci2: command 0x0406 tx timeout [ 153.619520][ T6299] Bluetooth: hci1: command 0x0406 tx timeout [ 153.621046][ T6299] Bluetooth: hci4: command 0x0406 tx timeout [ 155.764695][T10915] netlink: 'syz.2.1558': attribute type 4 has an invalid length. [ 155.875114][T10922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1561'. [ 155.916357][T10572] veth0_vlan: entered promiscuous mode [ 155.920750][T10572] veth1_vlan: entered promiscuous mode [ 155.944293][T10934] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1564'. [ 155.958309][T10650] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.981872][T10650] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.003877][ T6027] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.005661][ T6027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.020159][T10572] veth0_macvtap: entered promiscuous mode [ 156.023315][T10572] veth1_macvtap: entered promiscuous mode [ 156.029007][ T6373] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.030871][ T6373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.068491][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.072563][T10942] loop0: detected capacity change from 0 to 512 [ 156.074532][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.079035][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.081942][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.084481][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.087554][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.091277][T10572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.099536][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.102548][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.105554][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.109666][T10942] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.109782][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.115711][T10572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.118821][T10572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.121042][T10942] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 156.122340][T10572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.131809][T10572] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.134332][T10572] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.135532][T10942] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 156.140187][T10942] EXT4-fs (loop0): This should not happen!! Data will be lost [ 156.140187][T10942] [ 156.142687][T10942] EXT4-fs (loop0): Total free blocks count 0 [ 156.142757][T10572] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.144202][T10942] EXT4-fs (loop0): Free/Dirty block details [ 156.144221][T10942] EXT4-fs (loop0): free_blocks=65280 [ 156.144236][T10942] EXT4-fs (loop0): dirty_blocks=1 [ 156.146578][T10572] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.149141][T10942] EXT4-fs (loop0): Block reservation details [ 156.155142][T10942] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 156.201018][ T6292] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.232541][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.234521][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.296943][ T613] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.308768][ T613] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.319853][T10650] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.351038][T10650] veth0_vlan: entered promiscuous mode [ 156.364226][T10650] veth1_vlan: entered promiscuous mode [ 156.394950][T10650] veth0_macvtap: entered promiscuous mode [ 156.404138][T10650] veth1_macvtap: entered promiscuous mode [ 156.426731][T10650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.430104][T10650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.433730][T10650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.437024][T10650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.439615][T10650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.442313][T10650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.444890][T10650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.459475][T10650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.463273][T10650] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.472106][T10650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.478232][T10650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.484732][T10650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.491130][T10650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.495988][T10650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.500271][T10650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.502900][T10650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.506645][T10650] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.510208][T10650] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.518074][T10650] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.520629][T10650] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.522963][T10650] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.525396][T10650] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.584782][ T636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.595642][ T636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.612527][T10960] loop4: detected capacity change from 0 to 8192 [ 156.625223][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.628838][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.661195][T10960] loop4: p1 p2 p3 p4 [ 156.663264][T10960] loop4: p1 size 108922248 extends beyond EOD, truncated [ 156.670098][T10960] loop4: p2 start 861536256 is beyond EOD, truncated [ 156.671844][T10960] loop4: p3 start 851968 is beyond EOD, truncated [ 156.677369][T10960] loop4: p4 size 65536 extends beyond EOD, truncated [ 156.691717][T10967] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1573'. [ 156.695691][T10960] netlink: 'syz.4.1572': attribute type 4 has an invalid length. [ 156.891811][T10974] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1577'. [ 156.905208][T10978] loop3: detected capacity change from 0 to 512 [ 156.927034][T10978] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.933771][T10978] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 156.942450][T10978] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 156.956153][T10978] EXT4-fs (loop3): This should not happen!! Data will be lost [ 156.956153][T10978] [ 156.960090][T10978] EXT4-fs (loop3): Total free blocks count 0 [ 156.970967][T10978] EXT4-fs (loop3): Free/Dirty block details [ 156.972527][T10978] EXT4-fs (loop3): free_blocks=65280 [ 156.973899][T10978] EXT4-fs (loop3): dirty_blocks=1 [ 156.975147][T10978] EXT4-fs (loop3): Block reservation details [ 156.977749][T10978] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 157.033327][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.280021][T10995] loop0: detected capacity change from 0 to 8192 [ 157.286882][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 157.290287][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 157.293234][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 157.303906][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 157.305816][T10996] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1584'. [ 157.311890][ T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 157.311937][T10995] loop0: p1 p2 p3 p4 [ 157.315074][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 157.315190][T10995] loop0: p1 size 108922248 extends beyond EOD, truncated [ 157.321544][T10995] loop0: p2 start 861536256 is beyond EOD, truncated [ 157.324117][T10995] loop0: p3 start 851968 is beyond EOD, truncated [ 157.331115][T10995] loop0: p4 size 65536 extends beyond EOD, truncated [ 157.362082][T10995] netlink: 'syz.0.1586': attribute type 4 has an invalid length. [ 157.638197][T11006] chnl_net:caif_netlink_parms(): no params data found [ 157.697622][T11031] loop0: detected capacity change from 0 to 512 [ 157.730346][T11031] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.743291][T11031] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 157.744770][T11006] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.748883][T11031] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 157.752508][T11031] EXT4-fs (loop0): This should not happen!! Data will be lost [ 157.752508][T11031] [ 157.755092][T11031] EXT4-fs (loop0): Total free blocks count 0 [ 157.755663][T11006] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.757408][T11031] EXT4-fs (loop0): Free/Dirty block details [ 157.759962][T11006] bridge_slave_0: entered allmulticast mode [ 157.761250][T11031] EXT4-fs (loop0): free_blocks=65280 [ 157.762332][T11006] bridge_slave_0: entered promiscuous mode [ 157.763232][T11031] EXT4-fs (loop0): dirty_blocks=1 [ 157.766666][T11031] EXT4-fs (loop0): Block reservation details [ 157.768425][T11031] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 157.783900][T11006] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.785785][T11006] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.795666][T11006] bridge_slave_1: entered allmulticast mode [ 157.801813][T11006] bridge_slave_1: entered promiscuous mode [ 157.817340][ T6292] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.864127][T11006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.868258][T11006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.899362][T11041] loop3: detected capacity change from 0 to 8192 [ 157.899447][T11006] team0: Port device team_slave_0 added [ 157.909819][T11006] team0: Port device team_slave_1 added [ 157.918678][T11041] loop3: p1 p2 p3 p4 [ 157.921077][T11041] loop3: p1 size 108922248 extends beyond EOD, truncated [ 157.931610][T11041] loop3: p2 start 861536256 is beyond EOD, truncated [ 157.934468][T11006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.936995][T11041] loop3: p3 start 851968 is beyond EOD, truncated [ 157.938749][T11041] loop3: p4 size 65536 extends beyond EOD, truncated [ 157.941288][T11006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.955957][T11006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.967526][T11006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.969285][T11006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.984311][T11006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.994049][T11041] netlink: 'syz.3.1599': attribute type 4 has an invalid length. [ 158.004294][T11048] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1598'. [ 158.047669][T11006] hsr_slave_0: entered promiscuous mode [ 158.086356][T11006] hsr_slave_1: entered promiscuous mode [ 158.255231][T11065] loop3: detected capacity change from 0 to 512 [ 158.269899][T11065] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.285725][T11065] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 158.290820][T11065] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 158.294203][T11065] EXT4-fs (loop3): This should not happen!! Data will be lost [ 158.294203][T11065] [ 158.304272][T11065] EXT4-fs (loop3): Total free blocks count 0 [ 158.312050][T11065] EXT4-fs (loop3): Free/Dirty block details [ 158.313519][T11065] EXT4-fs (loop3): free_blocks=65280 [ 158.314887][T11065] EXT4-fs (loop3): dirty_blocks=1 [ 158.320107][T11065] EXT4-fs (loop3): Block reservation details [ 158.321678][T11065] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 158.338765][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.358459][T11072] loop2: detected capacity change from 0 to 8192 [ 158.387581][T11072] loop2: p1 p2 p3 p4 [ 158.388886][T11072] loop2: p1 size 108922248 extends beyond EOD, truncated [ 158.412468][T11072] loop2: p2 start 861536256 is beyond EOD, truncated [ 158.414269][T11072] loop2: p3 start 851968 is beyond EOD, truncated [ 158.424776][T11072] loop2: p4 size 65536 extends beyond EOD, truncated [ 158.519430][T11006] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.531969][T11072] netlink: 'syz.2.1609': attribute type 4 has an invalid length. [ 158.766388][T11074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1610'. [ 159.376037][ T6304] Bluetooth: hci0: command tx timeout [ 159.581513][T11006] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.603498][T11097] loop3: detected capacity change from 0 to 512 [ 159.648593][T11097] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.668725][T11097] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 159.687196][T11097] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 159.694860][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 159.702684][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 159.705559][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 159.716105][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 159.718450][ T52] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 159.720587][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 159.728858][T11097] EXT4-fs (loop3): This should not happen!! Data will be lost [ 159.728858][T11097] [ 159.731402][T11097] EXT4-fs (loop3): Total free blocks count 0 [ 159.738920][T11097] EXT4-fs (loop3): Free/Dirty block details [ 159.740537][T11097] EXT4-fs (loop3): free_blocks=65280 [ 159.742351][T11097] EXT4-fs (loop3): dirty_blocks=1 [ 159.743761][T11097] EXT4-fs (loop3): Block reservation details [ 159.745798][T11097] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 159.758763][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.770360][T11006] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.875616][T11112] loop3: detected capacity change from 0 to 8192 [ 159.919201][T11006] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.924056][T11112] loop3: p1 p2 p3 p4 [ 159.925305][T11112] loop3: p1 size 108922248 extends beyond EOD, truncated [ 159.951367][T11112] loop3: p2 start 861536256 is beyond EOD, truncated [ 159.953133][T11112] loop3: p3 start 851968 is beyond EOD, truncated [ 159.954796][T11112] loop3: p4 size 65536 extends beyond EOD, truncated [ 159.996970][T11112] netlink: 'syz.3.1623': attribute type 4 has an invalid length. [ 160.082268][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 160.093929][ T8962] udevd[8962]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 160.120467][T11122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1628'. [ 160.161909][ T42] bridge_slave_1: left allmulticast mode [ 160.163455][ T42] bridge_slave_1: left promiscuous mode [ 160.165162][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.173032][ T42] bridge_slave_0: left allmulticast mode [ 160.174499][ T42] bridge_slave_0: left promiscuous mode [ 160.176485][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.218446][T11145] loop3: detected capacity change from 0 to 512 [ 160.229294][T11145] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.240026][T11145] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 160.244587][T11145] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 160.247835][T11145] EXT4-fs (loop3): This should not happen!! Data will be lost [ 160.247835][T11145] [ 160.250194][T11145] EXT4-fs (loop3): Total free blocks count 0 [ 160.251733][T11145] EXT4-fs (loop3): Free/Dirty block details [ 160.253188][T11145] EXT4-fs (loop3): free_blocks=65280 [ 160.255132][T11145] EXT4-fs (loop3): dirty_blocks=1 [ 160.256945][T11145] EXT4-fs (loop3): Block reservation details [ 160.258545][T11145] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 160.270266][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.429119][T11159] loop3: detected capacity change from 0 to 8192 [ 160.466809][T11159] loop3: p1 p2 p3 p4 [ 160.467999][T11159] loop3: p1 size 108922248 extends beyond EOD, truncated [ 160.470633][T11159] loop3: p2 start 861536256 is beyond EOD, truncated [ 160.472317][T11159] loop3: p3 start 851968 is beyond EOD, truncated [ 160.474020][T11159] loop3: p4 size 65536 extends beyond EOD, truncated [ 161.456345][ T6304] Bluetooth: hci0: command tx timeout [ 161.648748][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 161.698677][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 161.738153][ T42] bond0 (unregistering): Released all slaves [ 161.763500][T11159] netlink: 'syz.3.1638': attribute type 4 has an invalid length. [ 161.774856][T11106] chnl_net:caif_netlink_parms(): no params data found [ 161.777592][ T6304] Bluetooth: hci3: command tx timeout [ 161.813348][T11006] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 161.823061][T11006] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 161.853869][ T5900] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 161.869555][ T5900] Buffer I/O error on dev loop3, logical block 0, async page read [ 161.871781][ T5900] ldm_validate_partition_table(): Disk read failed. [ 161.873698][ T5900] Dev loop3: unable to read RDB block 0 [ 161.875053][ T5900] loop3: unable to read partition table [ 161.876858][T11006] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 161.885569][T11006] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 161.893485][ T5900] loop3: partition table beyond EOD, truncated [ 161.981799][T11183] loop3: detected capacity change from 0 to 512 [ 161.991554][T11183] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.023434][T11183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 162.041863][T11183] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 162.045314][T11183] EXT4-fs (loop3): This should not happen!! Data will be lost [ 162.045314][T11183] [ 162.052148][T11183] EXT4-fs (loop3): Total free blocks count 0 [ 162.053768][T11183] EXT4-fs (loop3): Free/Dirty block details [ 162.055452][T11183] EXT4-fs (loop3): free_blocks=65280 [ 162.059371][T11183] EXT4-fs (loop3): dirty_blocks=1 [ 162.060618][T11183] EXT4-fs (loop3): Block reservation details [ 162.062162][T11183] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 162.076602][ T8962] udevd[8962]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 162.077107][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 162.080523][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.099056][T11106] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.102656][T11106] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.109162][T11106] bridge_slave_0: entered allmulticast mode [ 162.117858][T11106] bridge_slave_0: entered promiscuous mode [ 162.122373][T11170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1642'. [ 162.139613][T11106] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.141583][T11106] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.143506][T11106] bridge_slave_1: entered allmulticast mode [ 162.156074][ T6280] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 162.159589][T11106] bridge_slave_1: entered promiscuous mode [ 162.243543][T11106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.257716][T11106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.349181][ T6280] usb 1-1: Using ep0 maxpacket: 32 [ 162.367413][ T6280] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.370302][ T6280] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 162.372862][ T6280] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 162.375417][ T6280] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 162.381592][ T6280] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 162.384116][ T6280] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 162.386788][T11198] loop2: detected capacity change from 0 to 8192 [ 162.389917][ T6280] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 162.392231][ T6280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.394398][ T6280] usb 1-1: Product: syz [ 162.395475][ T6280] usb 1-1: Manufacturer: syz [ 162.397408][ T6280] usb 1-1: SerialNumber: syz [ 162.419714][T11106] team0: Port device team_slave_0 added [ 162.423824][T11106] team0: Port device team_slave_1 added [ 162.427023][T11198] loop2: p1 p2 p3 p4 [ 162.428258][T11198] loop2: p1 size 108922248 extends beyond EOD, truncated [ 162.431150][T11198] loop2: p2 start 861536256 is beyond EOD, truncated [ 162.433218][T11198] loop2: p3 start 851968 is beyond EOD, truncated [ 162.434961][T11198] loop2: p4 size 65536 extends beyond EOD, truncated [ 162.465546][T11106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 162.471143][T11106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.488354][T11106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 162.492488][T11198] netlink: 'syz.2.1651': attribute type 4 has an invalid length. [ 162.562005][ T42] hsr_slave_0: left promiscuous mode [ 162.589844][ T42] hsr_slave_1: left promiscuous mode [ 162.593001][ T8962] udevd[8962]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 162.600807][ T9341] udevd[9341]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 162.686336][T11212] loop2: detected capacity change from 0 to 512 [ 162.696274][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.702875][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.706934][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.710040][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.719143][T11212] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.734444][ T42] veth1_macvtap: left promiscuous mode [ 162.737104][T11212] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 162.742733][T11212] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 162.752476][ T42] veth0_macvtap: left promiscuous mode [ 162.754629][ T42] veth1_vlan: left promiscuous mode [ 162.756587][ T42] veth0_vlan: left promiscuous mode [ 162.758166][T11212] EXT4-fs (loop2): This should not happen!! Data will be lost [ 162.758166][T11212] [ 162.768230][T11212] EXT4-fs (loop2): Total free blocks count 0 [ 162.775486][T11212] EXT4-fs (loop2): Free/Dirty block details [ 162.782652][T11212] EXT4-fs (loop2): free_blocks=65280 [ 162.788896][T11212] EXT4-fs (loop2): dirty_blocks=1 [ 162.793383][T11212] EXT4-fs (loop2): Block reservation details [ 162.804133][T11212] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 162.873906][ T6302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.535985][ T6304] Bluetooth: hci0: command tx timeout [ 163.856672][ T6304] Bluetooth: hci3: command tx timeout [ 164.609175][ T42] team0 (unregistering): Port device team_slave_1 removed [ 164.788935][ T42] team0 (unregistering): Port device team_slave_0 removed [ 165.615928][ T6304] Bluetooth: hci0: command tx timeout [ 165.936057][ T6304] Bluetooth: hci3: command tx timeout [ 166.922959][T11106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.924847][T11106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.934354][T11106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 166.948902][T11217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1657'. [ 166.952066][ T6280] cdc_ncm 1-1:1.0: bind() failure [ 166.961237][ T6280] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 166.962956][ T6280] cdc_ncm 1-1:1.1: bind() failure [ 166.973989][ T6280] usb 1-1: USB disconnect, device number 5 [ 167.069281][T11006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.101889][T11227] loop2: detected capacity change from 0 to 8192 [ 167.139182][T11227] loop2: p1 p2 p3 p4 [ 167.140338][T11227] loop2: p1 size 108922248 extends beyond EOD, truncated [ 167.144482][T11106] hsr_slave_0: entered promiscuous mode [ 167.146895][T11227] loop2: p2 start 861536256 is beyond EOD, truncated [ 167.148580][T11227] loop2: p3 start 851968 is beyond EOD, truncated [ 167.154540][T11227] loop2: p4 size 65536 extends beyond EOD, truncated [ 167.162795][T11242] loop3: detected capacity change from 0 to 512 [ 167.194145][T11242] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.196413][T11106] hsr_slave_1: entered promiscuous mode [ 167.203861][T11242] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 167.209874][T11242] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 167.213239][T11242] EXT4-fs (loop3): This should not happen!! Data will be lost [ 167.213239][T11242] [ 167.216261][T11242] EXT4-fs (loop3): Total free blocks count 0 [ 167.217835][T11242] EXT4-fs (loop3): Free/Dirty block details [ 167.219356][T11242] EXT4-fs (loop3): free_blocks=65280 [ 167.220709][T11242] EXT4-fs (loop3): dirty_blocks=1 [ 167.222242][T11242] EXT4-fs (loop3): Block reservation details [ 167.223900][T11242] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 167.240997][T11106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.244268][T11106] Cannot create hsr debugfs directory [ 167.251486][T11227] netlink: 'syz.2.1661': attribute type 4 has an invalid length. [ 167.257977][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.307896][ T6302] __loop_clr_fd: partition scan of loop2 failed (rc=-16) [ 167.309327][ T8962] I/O error, dev loop2, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 167.316447][ T8962] I/O error, dev loop2, sector 8064 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 167.318859][ T8962] Buffer I/O error on dev loop2p4, logical block 1008, async page read [ 167.341691][ T9886] I/O error, dev loop2, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 167.344197][ T9886] I/O error, dev loop2, sector 8064 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 167.350903][ T9886] Buffer I/O error on dev loop2p1, logical block 1008, async page read [ 167.377491][T11252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.379944][T11252] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.412182][T11006] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.466272][ T6375] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.468166][ T6375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.477412][ T9341] udevd[9341]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 167.483817][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 167.510476][ T6375] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.512471][ T6375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.629186][T11106] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.636770][T11254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1671'. [ 167.642087][T11006] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.769113][T11106] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.878883][T11106] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.014581][T11280] loop2: detected capacity change from 0 to 512 [ 168.017138][ T6304] Bluetooth: hci3: command tx timeout [ 168.033285][T11280] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.050194][T11280] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 168.059792][T11280] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 168.063331][T11280] EXT4-fs (loop2): This should not happen!! Data will be lost [ 168.063331][T11280] [ 168.068365][T11280] EXT4-fs (loop2): Total free blocks count 0 [ 168.070219][T11280] EXT4-fs (loop2): Free/Dirty block details [ 168.071914][T11280] EXT4-fs (loop2): free_blocks=65280 [ 168.073411][T11280] EXT4-fs (loop2): dirty_blocks=1 [ 168.074861][T11280] EXT4-fs (loop2): Block reservation details [ 168.078413][T11280] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 168.095362][ T6302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.158335][T11106] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.204959][T11006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.309562][T11288] loop2: detected capacity change from 0 to 8192 [ 168.333238][ T331] bridge_slave_1: left allmulticast mode [ 168.334777][ T331] bridge_slave_1: left promiscuous mode [ 168.349194][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.356240][ T331] bridge_slave_0: left allmulticast mode [ 168.358153][ T331] bridge_slave_0: left promiscuous mode [ 168.360925][T11288] loop2: p1 p2 p3 p4 [ 168.362092][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.364399][T11288] loop2: p1 size 108922248 extends beyond EOD, truncated [ 168.368760][T11288] loop2: p2 start 861536256 is beyond EOD, truncated [ 168.373149][T11288] loop2: p3 start 851968 is beyond EOD, truncated [ 168.382122][T11288] loop2: p4 size 65536 extends beyond EOD, truncated [ 169.791225][ T331] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 169.829242][ T331] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 169.869287][ T331] bond0 (unregistering): Released all slaves [ 169.885640][T11288] netlink: 'syz.2.1680': attribute type 4 has an invalid length. [ 169.891897][T11295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1681'. [ 169.915166][T11006] veth0_vlan: entered promiscuous mode [ 169.951350][T11311] loop3: detected capacity change from 0 to 512 [ 169.969483][T11006] veth1_vlan: entered promiscuous mode [ 169.979686][T11311] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.994918][T11106] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 170.012619][T11006] veth0_macvtap: entered promiscuous mode [ 170.017813][T11106] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 170.024560][T11311] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 170.038551][T11106] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 170.040949][T11311] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 170.044058][T11311] EXT4-fs (loop3): This should not happen!! Data will be lost [ 170.044058][T11311] [ 170.045412][T11006] veth1_macvtap: entered promiscuous mode [ 170.070704][T11311] EXT4-fs (loop3): Total free blocks count 0 [ 170.072307][T11311] EXT4-fs (loop3): Free/Dirty block details [ 170.073946][T11311] EXT4-fs (loop3): free_blocks=65280 [ 170.075312][T11311] EXT4-fs (loop3): dirty_blocks=1 [ 170.080830][T11311] EXT4-fs (loop3): Block reservation details [ 170.082377][T11311] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 170.121929][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.142113][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 170.157144][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 170.181176][T11323] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 170.200925][T11106] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 170.276136][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.278973][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.281759][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.284426][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.288395][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.291170][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.293768][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.297455][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.301134][T11006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 170.316065][ T6282] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 170.456940][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 170.460188][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.463004][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 170.466381][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.468990][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 170.471911][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.474563][T11006] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 170.477954][T11006] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.481452][T11006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 170.486890][T11006] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.489328][T11006] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.491684][T11006] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.494120][T11006] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.506613][ T6282] usb 1-1: Using ep0 maxpacket: 32 [ 170.510224][ T6282] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.513652][ T6282] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.516447][ T6282] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 170.518995][ T6282] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 170.521593][ T6282] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 170.524376][ T6282] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 170.531596][ T6282] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 170.534158][ T6282] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.540378][ T6282] usb 1-1: Product: syz [ 170.541615][ T6282] usb 1-1: Manufacturer: syz [ 170.542898][ T6282] usb 1-1: SerialNumber: syz [ 170.565968][ T331] hsr_slave_0: left promiscuous mode [ 170.606758][ T331] hsr_slave_1: left promiscuous mode [ 170.696418][ T331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.698485][ T331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 170.709249][ T331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.711364][ T331] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.731832][ T331] veth1_macvtap: left promiscuous mode [ 170.733520][ T331] veth0_macvtap: left promiscuous mode [ 170.735441][ T331] veth1_vlan: left promiscuous mode [ 170.739257][ T331] veth0_vlan: left promiscuous mode [ 172.500619][ T331] team0 (unregistering): Port device team_slave_1 removed [ 172.709167][ T331] team0 (unregistering): Port device team_slave_0 removed [ 175.028606][ T6282] cdc_ncm 1-1:1.0: bind() failure [ 175.074816][T11106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.077331][ T6282] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 175.079085][ T6282] cdc_ncm 1-1:1.1: bind() failure [ 175.096250][ T6282] usb 1-1: USB disconnect, device number 6 [ 175.118662][T11106] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.145221][ T7001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.155395][ T7001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.168915][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.170767][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.173465][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.175307][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.199107][T11339] loop2: detected capacity change from 0 to 8192 [ 175.233114][T11343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1697'. [ 175.252605][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.264714][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.274764][T11339] loop2: p1 p2 p3 p4 [ 175.281436][T11339] loop2: p1 size 108922248 extends beyond EOD, truncated [ 175.291367][T11355] netlink: 'syz.2.1696': attribute type 4 has an invalid length. [ 175.296251][T11339] loop2: p2 start 861536256 is beyond EOD, truncated [ 175.297963][T11339] loop2: p3 start 851968 is beyond EOD, truncated [ 175.299619][T11339] loop2: p4 size 65536 extends beyond EOD, truncated [ 175.303369][T11357] loop3: detected capacity change from 0 to 512 [ 175.364992][T11357] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.401051][T11357] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 175.424920][T11357] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 175.445946][T11357] EXT4-fs (loop3): This should not happen!! Data will be lost [ 175.445946][T11357] [ 175.448466][T11357] EXT4-fs (loop3): Total free blocks count 0 [ 175.449964][T11357] EXT4-fs (loop3): Free/Dirty block details [ 175.454856][T11375] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1706'. [ 175.478702][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 175.481360][T11357] EXT4-fs (loop3): free_blocks=65280 [ 175.486251][T11357] EXT4-fs (loop3): dirty_blocks=1 [ 175.492210][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 175.493198][T11106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.496858][T11357] EXT4-fs (loop3): Block reservation details [ 175.506136][T11357] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 175.549310][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.562015][T11106] veth0_vlan: entered promiscuous mode [ 175.627538][T11106] veth1_vlan: entered promiscuous mode [ 175.678401][T11106] veth0_macvtap: entered promiscuous mode [ 175.692564][T11106] veth1_macvtap: entered promiscuous mode [ 175.718045][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.720976][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.723518][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.727825][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.730293][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.733264][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.738659][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 175.741425][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.744848][T11106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.750543][T11388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1710'. [ 175.756308][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.758934][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.768035][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.772315][T11391] loop4: detected capacity change from 0 to 8192 [ 175.776635][ T6027] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 175.779280][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.781849][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.792208][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.794747][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.803144][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.807349][T11106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.815210][T11106] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.817961][T11106] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.820325][T11106] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.822579][T11106] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.841530][T11391] loop4: p1 p2 p3 p4 [ 175.842727][T11391] loop4: p1 size 108922248 extends beyond EOD, truncated [ 175.858756][T11391] loop4: p2 start 861536256 is beyond EOD, truncated [ 175.862919][T11391] loop4: p3 start 851968 is beyond EOD, truncated [ 175.864652][T11391] loop4: p4 size 65536 extends beyond EOD, truncated [ 175.884661][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.891966][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.894088][ T5900] loop4: p1 p2 p3 p4 [ 175.896390][ T5900] loop4: p1 size 108922248 extends beyond EOD, truncated [ 175.902296][ T5900] loop4: p2 start 861536256 is beyond EOD, truncated [ 175.904202][ T5900] loop4: p3 start 851968 is beyond EOD, truncated [ 175.906341][T11391] netlink: 'syz.4.1713': attribute type 4 has an invalid length. [ 175.909084][ T5900] loop4: p4 size 65536 extends beyond EOD, truncated [ 175.927410][ T331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.932615][ T331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.965977][ T6027] usb 1-1: Using ep0 maxpacket: 32 [ 175.970752][ T6027] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.976155][ T6027] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.978762][ T6027] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 175.981253][ T6027] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 175.988007][ T6027] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 175.990454][ T6027] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 175.995049][ T6027] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 176.002175][T11405] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1718'. [ 176.004575][ T6027] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.007206][ T6027] usb 1-1: Product: syz [ 176.008306][ T6027] usb 1-1: Manufacturer: syz [ 176.009541][ T6027] usb 1-1: SerialNumber: syz [ 176.058642][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 176.094784][ T8962] udevd[8962]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 176.100329][T11409] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 176.110499][ T8962] udevd[8962]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 176.120100][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 176.208332][T11416] netlink: 232 bytes leftover after parsing attributes in process `syz.3.1723'. [ 176.253819][ T6027] cdc_ncm 1-1:1.0: bind() failure [ 176.268128][ T6027] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 176.269934][ T6027] cdc_ncm 1-1:1.1: bind() failure [ 176.280710][ T6027] usb 1-1: USB disconnect, device number 7 [ 176.311961][T11418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1724'. [ 176.385398][T11433] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1729'. [ 176.430226][T11437] loop3: detected capacity change from 0 to 512 [ 176.430999][T11430] loop2: detected capacity change from 0 to 8192 [ 176.461005][T11437] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.470898][T11430] loop2: p1 p2 p3 p4 [ 176.472118][T11430] loop2: p1 size 108922248 extends beyond EOD, truncated [ 176.475232][T11437] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 176.476396][T11430] loop2: p2 start 861536256 is beyond EOD, truncated [ 176.480769][T11430] loop2: p3 start 851968 is beyond EOD, truncated [ 176.482510][T11430] loop2: p4 size 65536 extends beyond EOD, truncated [ 176.493235][T11437] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 176.502795][T11430] netlink: 'syz.2.1728': attribute type 4 has an invalid length. [ 176.503374][T11437] EXT4-fs (loop3): This should not happen!! Data will be lost [ 176.503374][T11437] [ 176.528462][T11437] EXT4-fs (loop3): Total free blocks count 0 [ 176.529972][T11437] EXT4-fs (loop3): Free/Dirty block details [ 176.531510][T11437] EXT4-fs (loop3): free_blocks=65280 [ 176.539709][T11437] EXT4-fs (loop3): dirty_blocks=1 [ 176.541108][T11437] EXT4-fs (loop3): Block reservation details [ 176.546574][T11437] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 176.556782][T11450] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1736'. [ 176.592632][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.594768][T11452] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 176.604143][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 176.606608][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 176.722482][T11454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1738'. [ 176.780182][T11463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1740'. [ 176.935730][T11479] netlink: 'syz.2.1748': attribute type 4 has an invalid length. [ 176.950294][T11476] loop0: detected capacity change from 0 to 8192 [ 176.987429][T11476] loop0: p1 p2 p3 p4 [ 176.988651][T11476] loop0: p1 size 108922248 extends beyond EOD, truncated [ 176.993952][T11476] loop0: p2 start 861536256 is beyond EOD, truncated [ 177.002865][T11476] loop0: p3 start 851968 is beyond EOD, truncated [ 177.009007][T11476] loop0: p4 size 65536 extends beyond EOD, truncated [ 177.026559][T11476] netlink: 'syz.0.1745': attribute type 4 has an invalid length. [ 177.073477][T11490] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 177.086830][ T6292] __loop_clr_fd: partition scan of loop0 failed (rc=-16) [ 177.089986][T11323] I/O error, dev loop0, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 177.096564][ T9886] I/O error, dev loop0, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 177.107428][T11323] I/O error, dev loop0, sector 8064 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 177.113073][ T9886] I/O error, dev loop0, sector 8064 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 177.115554][ T9886] Buffer I/O error on dev loop0p1, logical block 1008, async page read [ 177.121764][T11323] Buffer I/O error on dev loop0p4, logical block 1008, async page read [ 177.239477][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 177.248034][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 177.447615][T11516] loop0: detected capacity change from 0 to 8192 [ 177.478718][T11516] loop0: p1 p2 p3 p4 [ 177.479918][T11516] loop0: p1 size 108922248 extends beyond EOD, truncated [ 177.486724][T11516] loop0: p2 start 861536256 is beyond EOD, truncated [ 177.488483][T11516] loop0: p3 start 851968 is beyond EOD, truncated [ 177.490113][T11516] loop0: p4 size 65536 extends beyond EOD, truncated [ 177.520695][T11536] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 177.530638][T11516] netlink: 'syz.0.1763': attribute type 4 has an invalid length. [ 177.533520][ T5900] loop0: p1 p2 p3 p4 [ 177.534655][ T5900] loop0: p1 size 108922248 extends beyond EOD, truncated [ 177.538304][ T5900] loop0: p2 start 861536256 is beyond EOD, truncated [ 177.540357][ T5900] loop0: p3 start 851968 is beyond EOD, truncated [ 177.542042][ T5900] loop0: p4 size 65536 extends beyond EOD, truncated [ 178.038971][ T331] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.884524][T11572] loop0: detected capacity change from 0 to 8192 [ 178.926361][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 178.929882][T11572] loop0: p1 p2 p3 p4 [ 178.931114][T11572] loop0: p1 size 108922248 extends beyond EOD, truncated [ 178.931716][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 178.936019][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 178.940900][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 178.943146][ T52] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 178.945159][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 178.947318][T11572] loop0: p2 start 861536256 is beyond EOD, truncated [ 178.949072][T11572] loop0: p3 start 851968 is beyond EOD, truncated [ 178.950751][T11572] loop0: p4 size 65536 extends beyond EOD, truncated [ 179.028364][T11572] netlink: 'syz.0.1785': attribute type 4 has an invalid length. [ 179.238857][T11585] chnl_net:caif_netlink_parms(): no params data found [ 179.261788][T11581] loop2: detected capacity change from 0 to 32768 [ 179.281540][T11581] jfs_mount: diMount(ipaimap) failed w/rc = -5 [ 179.289950][T11581] Mount JFS Failure: -5 [ 179.291208][T11581] jfs_mount failed w/return code = -5 [ 179.314281][T11598] loop0: detected capacity change from 0 to 40427 [ 179.321518][T11585] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.324752][T11585] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.328825][T11585] bridge_slave_0: entered allmulticast mode [ 179.331094][T11585] bridge_slave_0: entered promiscuous mode [ 179.334531][T11585] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.338528][T11598] F2FS-fs (loop0): Found nat_bits in checkpoint [ 179.345769][T11585] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.349402][ T9886] I/O error, dev loop2, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 179.350206][T11598] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 179.354567][T11585] bridge_slave_1: entered allmulticast mode [ 179.357305][T11585] bridge_slave_1: entered promiscuous mode [ 179.387719][T11585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.391600][ T6292] syz-executor: attempt to access beyond end of device [ 179.391600][ T6292] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 179.392059][T11585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.402061][ T6292] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 179.415310][T11585] team0: Port device team_slave_0 added [ 179.427258][T11585] team0: Port device team_slave_1 added [ 179.442440][T11585] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.444311][T11585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.451564][T11585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.455460][T11585] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.458545][T11585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.465640][T11585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.527684][T11585] hsr_slave_0: entered promiscuous mode [ 179.556359][T11585] hsr_slave_1: entered promiscuous mode [ 179.596199][T11585] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 179.599031][T11585] Cannot create hsr debugfs directory [ 179.848286][T11628] loop0: detected capacity change from 0 to 8192 [ 179.896301][T11628] loop0: p1 p2 p3 p4 [ 179.897518][T11628] loop0: p1 size 108922248 extends beyond EOD, truncated [ 179.900857][T11628] loop0: p2 start 861536256 is beyond EOD, truncated [ 179.902573][T11628] loop0: p3 start 851968 is beyond EOD, truncated [ 179.904245][T11628] loop0: p4 size 65536 extends beyond EOD, truncated [ 179.934296][T11628] netlink: 'syz.0.1805': attribute type 4 has an invalid length. [ 180.078256][ T331] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.227669][T11630] loop2: detected capacity change from 0 to 40427 [ 180.260622][ T331] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.269689][T11630] F2FS-fs (loop2): Found nat_bits in checkpoint [ 180.315006][T11630] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 180.323108][T11656] loop0: detected capacity change from 0 to 8192 [ 180.360367][T11656] loop0: p1 p2 p3 p4 [ 180.361590][T11656] loop0: p1 size 108922248 extends beyond EOD, truncated [ 180.364928][T11656] loop0: p2 start 861536256 is beyond EOD, truncated [ 180.366768][ T6302] syz-executor: attempt to access beyond end of device [ 180.366768][ T6302] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 180.366837][ T6302] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 180.372953][T11656] loop0: p3 start 851968 is beyond EOD, truncated [ 180.374727][T11656] loop0: p4 size 65536 extends beyond EOD, truncated [ 180.399070][ T331] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.414233][T11654] __nla_validate_parse: 13 callbacks suppressed [ 180.414248][T11654] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1818'. [ 180.422064][T11656] netlink: 'syz.0.1820': attribute type 4 has an invalid length. [ 180.586261][ T331] bridge_slave_1: left allmulticast mode [ 180.591252][ T331] bridge_slave_1: left promiscuous mode [ 180.596753][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.599873][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 180.608322][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 180.612574][ T331] bridge_slave_0: left allmulticast mode [ 180.616431][ T331] bridge_slave_0: left promiscuous mode [ 180.619293][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.930244][T11682] loop2: detected capacity change from 0 to 32768 [ 180.944040][T11682] jfs_mount: diMount(ipaimap) failed w/rc = -5 [ 180.947979][T11682] Mount JFS Failure: -5 [ 180.949884][T11682] jfs_mount failed w/return code = -5 [ 180.976521][ T52] Bluetooth: hci3: command tx timeout [ 181.069707][T11689] loop4: detected capacity change from 0 to 40427 [ 181.091651][T11689] F2FS-fs (loop4): Found nat_bits in checkpoint [ 181.123312][T11689] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 181.153764][T11698] loop2: detected capacity change from 0 to 8192 [ 181.166174][T11006] syz-executor: attempt to access beyond end of device [ 181.166174][T11006] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 181.170139][T11006] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 181.177262][T11698] loop2: p1 p2 p3 p4 [ 181.179306][T11698] loop2: p1 size 108922248 extends beyond EOD, truncated [ 181.181894][T11698] loop2: p2 start 861536256 is beyond EOD, truncated [ 181.183788][T11698] loop2: p3 start 851968 is beyond EOD, truncated [ 181.185498][T11698] loop2: p4 size 65536 extends beyond EOD, truncated [ 181.603641][T11723] loop4: detected capacity change from 0 to 32768 [ 181.609504][T11723] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1843 (11723) [ 181.614772][T11723] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 181.621814][T11723] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 181.627199][T11723] BTRFS info (device loop4): using free-space-tree [ 181.661346][T11723] BTRFS info (device loop4): rebuilding free space tree [ 181.701603][T11006] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 182.087761][T11748] loop4: detected capacity change from 0 to 40427 [ 182.104469][T11748] F2FS-fs (loop4): Found nat_bits in checkpoint [ 182.122974][T11748] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 182.139314][T11006] syz-executor: attempt to access beyond end of device [ 182.139314][T11006] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 182.143811][T11006] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 182.272833][ T331] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 182.304043][ T331] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 182.342968][ T331] bond0 (unregistering): Released all slaves [ 182.377215][T11696] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1832'. [ 182.379644][T11698] netlink: 'syz.2.1833': attribute type 4 has an invalid length. [ 182.500938][T11772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.503206][T11772] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.527359][T11765] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 182.765607][T11769] loop0: detected capacity change from 0 to 32768 [ 182.786025][T11769] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1855 (11769) [ 182.813786][T11769] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 182.819619][T11769] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 182.826621][T11769] BTRFS info (device loop0): using free-space-tree [ 182.940116][T11769] BTRFS info (device loop0): rebuilding free space tree [ 182.973012][T11780] loop2: detected capacity change from 0 to 40427 [ 183.009023][T11780] F2FS-fs (loop2): Found nat_bits in checkpoint [ 183.040896][T11780] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 183.056019][ T52] Bluetooth: hci3: command tx timeout [ 183.080649][ T6292] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 183.100712][ T6302] syz-executor: attempt to access beyond end of device [ 183.100712][ T6302] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 183.105965][ T6302] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 183.206812][ T331] hsr_slave_0: left promiscuous mode [ 183.251157][ T331] hsr_slave_1: left promiscuous mode [ 183.284587][T11822] loop3: detected capacity change from 0 to 8192 [ 183.316666][ T331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 183.318693][ T331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 183.322445][T11822] loop3: p1 p2 p3 p4 [ 183.323614][T11822] loop3: p1 size 108922248 extends beyond EOD, truncated [ 183.326679][ T331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 183.328617][ T331] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 183.332015][T11822] loop3: p2 start 861536256 is beyond EOD, truncated [ 183.333780][T11822] loop3: p3 start 851968 is beyond EOD, truncated [ 183.335372][T11822] loop3: p4 size 65536 extends beyond EOD, truncated [ 183.369918][ T331] veth1_macvtap: left promiscuous mode [ 183.371397][ T331] veth0_macvtap: left promiscuous mode [ 183.378261][ T331] veth1_vlan: left promiscuous mode [ 183.381931][ T331] veth0_vlan: left promiscuous mode [ 183.595039][T11852] netlink: 'syz.2.1869': attribute type 3 has an invalid length. [ 185.109075][ T331] team0 (unregistering): Port device team_slave_1 removed [ 185.136022][ T52] Bluetooth: hci3: command tx timeout [ 185.288577][ T331] team0 (unregistering): Port device team_slave_0 removed [ 187.215959][ T52] Bluetooth: hci3: command tx timeout [ 187.376966][ T2309] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.378677][ T2309] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.472093][T11822] netlink: 'syz.3.1864': attribute type 4 has an invalid length. [ 187.474184][T11836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1865'. [ 187.479269][T11856] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 187.617578][T11585] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 187.632311][T11585] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 187.655711][T11585] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 187.732999][T11585] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 187.834446][T11585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.864695][T11585] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.879500][ T6281] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.881317][ T6281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.903693][ T9341] udevd[9341]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 187.909940][T11880] loop0: detected capacity change from 0 to 8192 [ 187.920469][ T6281] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.922375][ T6281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.929861][ T8962] udevd[8962]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 187.961845][T11880] loop0: p1 p2 p3 p4 [ 187.963069][T11880] loop0: p1 size 108922248 extends beyond EOD, truncated [ 187.972754][T11880] loop0: p2 start 861536256 is beyond EOD, truncated [ 187.979000][T11880] loop0: p3 start 851968 is beyond EOD, truncated [ 187.986408][T11880] loop0: p4 size 65536 extends beyond EOD, truncated [ 188.005782][T11880] netlink: 'syz.0.1882': attribute type 4 has an invalid length. [ 188.077619][T11585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.132564][T11585] veth0_vlan: entered promiscuous mode [ 188.152546][T11585] veth1_vlan: entered promiscuous mode [ 188.169131][T11869] loop3: detected capacity change from 0 to 40427 [ 188.190067][T11585] veth0_macvtap: entered promiscuous mode [ 188.193304][T11585] veth1_macvtap: entered promiscuous mode [ 188.228107][T11585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.230977][T11585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.233460][T11585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.241020][T11585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.243523][T11585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.247122][T11585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.249764][T11585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.252375][T11585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.255733][T11585] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.264168][T11585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.274173][T11585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.285569][T11585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.292284][T11585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.301269][T11585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.304541][T11585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.307242][T11585] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.310304][T11585] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.313687][T11585] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.314286][T11869] F2FS-fs (loop3): Found nat_bits in checkpoint [ 188.317163][T11585] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.319467][T11585] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.321682][T11585] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.324014][T11585] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.540756][T11869] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 188.983427][ T6293] syz-executor: attempt to access beyond end of device [ 188.983427][ T6293] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 189.003988][ T6293] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 189.106640][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.108911][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.144829][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.146058][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 189.149214][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.168601][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 189.187181][T11904] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 189.906705][T11933] loop4: detected capacity change from 0 to 512 [ 189.946247][T11933] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.052726][T11006] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.329499][T11957] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 190.518779][T11967] loop0: detected capacity change from 0 to 512 [ 190.545203][T11967] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.650862][ T6292] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.700657][T11988] netlink: 'syz.4.1925': attribute type 4 has an invalid length. [ 190.756868][T11990] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 191.650403][T12014] loop3: detected capacity change from 0 to 512 [ 191.692274][T12018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.694573][T12018] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.714156][T12014] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.801538][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.820659][T12029] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 191.826641][T12031] netlink: 'syz.4.1941': attribute type 4 has an invalid length. [ 192.683043][T12047] netlink: 'syz.2.1949': attribute type 4 has an invalid length. [ 192.793155][T12053] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1952'. [ 192.808686][T12053] block nbd0: not configured, cannot reconfigure [ 192.930685][T12066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.933001][T12066] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.700595][T12081] netlink: 'syz.4.1963': attribute type 4 has an invalid length. [ 193.959853][T12098] netlink: 'syz.2.1973': attribute type 16 has an invalid length. [ 194.000729][T12099] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 194.012147][T12101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.017185][T12101] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.174886][T12085] loop0: detected capacity change from 0 to 32768 [ 194.185478][T12085] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 194.191516][T12085] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 194.201133][T12085] gfs2: fsid=syz:syz.0: fatal: invalid metadata block - bh = 19 (type: exp=4, found=0), function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 490 [ 194.205464][T12085] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 194.208605][T12085] gfs2: fsid=syz:syz.0: File system withdrawn [ 194.210310][T12085] CPU: 0 PID: 12085 Comm: syz.0.1966 Not tainted 6.10.0-rc5-syzkaller-g5961093c073c #0 [ 194.212778][T12085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 194.215435][T12085] Call trace: [ 194.216336][T12085] dump_backtrace+0x1b8/0x1e4 [ 194.217577][T12085] show_stack+0x2c/0x3c [ 194.218667][T12085] dump_stack_lvl+0xe4/0x150 [ 194.219871][T12085] dump_stack+0x1c/0x28 [ 194.220948][T12085] gfs2_withdraw+0xe00/0x133c [ 194.222221][T12085] gfs2_metatype_check_ii+0x8c/0xac [ 194.223534][T12085] gfs2_meta_buffer+0x2f0/0x38c [ 194.224809][T12085] gfs2_inode_refresh+0xc4/0xd84 [ 194.226078][T12085] inode_go_instantiate+0x4c/0x68 [ 194.227404][T12085] gfs2_instantiate+0x17c/0x2c8 [ 194.228792][T12085] gfs2_glock_wait+0x1b8/0x298 [ 194.229992][T12085] gfs2_glock_nq+0xcc8/0x169c [ 194.231211][T12085] gfs2_lookupi+0x328/0x500 [ 194.232398][T12085] gfs2_lookup_meta+0xe4/0x1e4 [ 194.233643][T12085] init_journal+0x19c/0x1fb8 [ 194.234828][T12085] init_inodes+0xe0/0x2d8 [ 194.235997][T12085] gfs2_fill_super+0x167c/0x1f54 [ 194.237299][T12085] get_tree_bdev+0x320/0x470 [ 194.238469][T12085] gfs2_get_tree+0x54/0x1b4 [ 194.239778][T12085] vfs_get_tree+0x90/0x288 [ 194.240924][T12085] do_new_mount+0x278/0x900 [ 194.242081][T12085] path_mount+0x590/0xe04 [ 194.243184][T12085] __arm64_sys_mount+0x45c/0x594 [ 194.244456][T12085] invoke_syscall+0x98/0x2b8 [ 194.245650][T12085] el0_svc_common+0x130/0x23c [ 194.246905][T12085] do_el0_svc+0x48/0x58 [ 194.248003][T12085] el0_svc+0x54/0x168 [ 194.249061][T12085] el0t_64_sync_handler+0x84/0xfc [ 194.250403][T12085] el0t_64_sync+0x190/0x194 [ 194.252926][T12085] gfs2: fsid=syz:syz.0: can't lookup journal index: 0 [ 194.409530][ T42] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.240572][T12116] netlink: 'syz.4.1979': attribute type 4 has an invalid length. [ 195.408857][ T6304] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 195.412653][ T6304] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 195.415253][ T6304] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 195.418368][ T6304] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 195.420637][ T6304] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 195.422983][ T6304] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 196.123492][T12139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.125812][T12139] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.241030][T12128] chnl_net:caif_netlink_parms(): no params data found [ 196.302616][T12128] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.304568][T12128] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.310402][T12128] bridge_slave_0: entered allmulticast mode [ 196.312528][T12128] bridge_slave_0: entered promiscuous mode [ 196.321604][T12128] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.323607][T12128] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.325603][T12128] bridge_slave_1: entered allmulticast mode [ 196.341609][T12128] bridge_slave_1: entered promiscuous mode [ 196.372003][T12133] loop4: detected capacity change from 0 to 32768 [ 196.383641][T12128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.392822][T12128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.401565][T12132] loop2: detected capacity change from 0 to 32768 [ 196.408100][T12132] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 196.410312][T12132] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 196.415615][T12132] gfs2: fsid=syz:syz.0: fatal: invalid metadata block - bh = 19 (type: exp=4, found=0), function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 490 [ 196.416858][T12128] team0: Port device team_slave_0 added [ 196.421443][T12132] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 196.423830][T12132] gfs2: fsid=syz:syz.0: File system withdrawn [ 196.425397][T12132] CPU: 0 PID: 12132 Comm: syz.2.1985 Not tainted 6.10.0-rc5-syzkaller-g5961093c073c #0 [ 196.427010][T12128] team0: Port device team_slave_1 added [ 196.427852][T12132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 196.427865][T12132] Call trace: [ 196.427869][T12132] dump_backtrace+0x1b8/0x1e4 [ 196.427887][T12132] show_stack+0x2c/0x3c [ 196.435185][T12132] dump_stack_lvl+0xe4/0x150 [ 196.436383][T12132] dump_stack+0x1c/0x28 [ 196.437429][T12132] gfs2_withdraw+0xe00/0x133c [ 196.438609][T12132] gfs2_metatype_check_ii+0x8c/0xac [ 196.440008][T12132] gfs2_meta_buffer+0x2f0/0x38c [ 196.441304][T12132] gfs2_inode_refresh+0xc4/0xd84 [ 196.442685][T12132] inode_go_instantiate+0x4c/0x68 [ 196.443978][T12132] gfs2_instantiate+0x17c/0x2c8 [ 196.445259][T12132] gfs2_glock_wait+0x1b8/0x298 [ 196.446488][T12132] gfs2_glock_nq+0xcc8/0x169c [ 196.447709][T12132] gfs2_lookupi+0x328/0x500 [ 196.448975][T12132] gfs2_lookup_meta+0xe4/0x1e4 [ 196.450220][T12132] init_journal+0x19c/0x1fb8 [ 196.451411][T12132] init_inodes+0xe0/0x2d8 [ 196.452547][T12132] gfs2_fill_super+0x167c/0x1f54 [ 196.453867][T12132] get_tree_bdev+0x320/0x470 [ 196.455072][T12132] gfs2_get_tree+0x54/0x1b4 [ 196.456279][T12132] vfs_get_tree+0x90/0x288 [ 196.457481][T12132] do_new_mount+0x278/0x900 [ 196.458677][T12132] path_mount+0x590/0xe04 [ 196.459837][T12132] __arm64_sys_mount+0x45c/0x594 [ 196.461134][T12132] invoke_syscall+0x98/0x2b8 [ 196.462282][T12132] el0_svc_common+0x130/0x23c [ 196.463501][T12132] do_el0_svc+0x48/0x58 [ 196.464624][T12132] el0_svc+0x54/0x168 [ 196.465654][T12132] el0t_64_sync_handler+0x84/0xfc [ 196.467014][T12132] el0t_64_sync+0x190/0x194 [ 196.471532][T12132] gfs2: fsid=syz:syz.0: can't lookup journal index: 0 [ 196.488382][T12128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.491482][T12128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.501583][T12128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.558662][ T42] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.568468][T12133] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 196.572831][T12128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.580792][T12128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.593683][T12133] bcachefs (loop4): recovering from clean shutdown, journal seq 8 [ 196.599816][T12128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.650851][ T42] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.664498][T12133] bcachefs (loop4): alloc_read... done [ 196.669641][T12133] bcachefs (loop4): stripes_read... done [ 196.671322][T12133] bcachefs (loop4): snapshots_read... done [ 196.677924][T12133] bcachefs (loop4): going read-write [ 196.679646][T12133] bcachefs (loop4): sb invalid before write: Invalid superblock section journal_v2: journal bucket at sector 0 [ 196.679646][T12133] journal_v2 (size 40): [ 196.679646][T12133] Buckets: 0-9 7-31 [ 196.679646][T12133] [ 196.694279][T12133] bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8 [ 196.703807][T12133] bcachefs (loop4): flushing journal and stopping allocators, journal seq 8 [ 196.720604][T12133] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 8 [ 196.723258][T12133] bcachefs (loop4): unshutdown complete, journal seq 8 [ 196.725732][T12133] bcachefs (loop4): bch2_fs_recovery(): error invalid_sb_journal [ 196.728253][T12133] bcachefs (loop4): bch2_fs_start(): error starting filesystem invalid_sb_journal [ 196.730827][T12133] bcachefs (loop4): shutting down [ 196.740578][T12133] bcachefs (loop4): shutdown complete [ 196.750129][ T42] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.777373][T12128] hsr_slave_0: entered promiscuous mode [ 196.810370][T12128] hsr_slave_1: entered promiscuous mode [ 196.836015][T12128] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 196.838089][T12128] Cannot create hsr debugfs directory [ 196.996119][T12162] loop2: detected capacity change from 0 to 32768 [ 197.026516][ T42] bridge_slave_1: left allmulticast mode [ 197.030500][ T42] bridge_slave_1: left promiscuous mode [ 197.034363][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.044038][ T42] bridge_slave_0: left allmulticast mode [ 197.045560][ T42] bridge_slave_0: left promiscuous mode [ 197.052125][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.109995][T12182] netlink: 'syz.0.1996': attribute type 4 has an invalid length. [ 197.118023][T12162] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 197.121599][T12162] bcachefs (loop2): recovering from clean shutdown, journal seq 8 [ 197.176994][T12162] bcachefs (loop2): alloc_read... done [ 197.178475][T12162] bcachefs (loop2): stripes_read... done [ 197.179969][T12162] bcachefs (loop2): snapshots_read... done [ 197.197433][T12162] bcachefs (loop2): going read-write [ 197.204247][T12162] bcachefs (loop2): journal_replay... [ 197.204301][T12162] bcachefs (loop2): bch2_journal_replay(): error erofs_journal_err [ 197.209018][T12162] bcachefs (loop2): bch2_fs_recovery(): error erofs_journal_err [ 197.211008][T12162] bcachefs (loop2): bch2_fs_start(): error starting filesystem erofs_journal_err [ 197.213295][ T6344] bcachefs (loop2): going read-only [ 197.214675][ T6344] bcachefs (loop2): finished waiting for writes to stop [ 197.217393][ T6344] bcachefs (loop2): flushing journal and stopping allocators, journal seq 8 [ 197.222522][T12162] bcachefs (loop2): shutting down [ 197.223942][ T6344] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 8 [ 197.232688][ T6344] bcachefs (loop2): unshutdown complete, journal seq 8 [ 197.243153][ T6344] bcachefs (loop2): done going read-only, filesystem not clean [ 197.264316][T12162] bcachefs (loop2): shutdown complete [ 197.455935][ T6304] Bluetooth: hci3: command tx timeout [ 197.546626][ T6344] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 197.605606][T12196] loop4: detected capacity change from 0 to 32768 [ 197.614768][T12196] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 197.619836][T12196] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 197.622956][T12196] gfs2: fsid=syz:syz.0: fatal: invalid metadata block - bh = 19 (type: exp=4, found=0), function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 490 [ 197.627813][T12196] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 197.633488][T12196] gfs2: fsid=syz:syz.0: File system withdrawn [ 197.635070][T12196] CPU: 1 PID: 12196 Comm: syz.4.2003 Not tainted 6.10.0-rc5-syzkaller-g5961093c073c #0 [ 197.637600][T12196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 197.640270][T12196] Call trace: [ 197.641132][T12196] dump_backtrace+0x1b8/0x1e4 [ 197.642407][T12196] show_stack+0x2c/0x3c [ 197.643521][T12196] dump_stack_lvl+0xe4/0x150 [ 197.644759][T12196] dump_stack+0x1c/0x28 [ 197.645854][T12196] gfs2_withdraw+0xe00/0x133c [ 197.647126][T12196] gfs2_metatype_check_ii+0x8c/0xac [ 197.648458][T12196] gfs2_meta_buffer+0x2f0/0x38c [ 197.649708][T12196] gfs2_inode_refresh+0xc4/0xd84 [ 197.651057][T12196] inode_go_instantiate+0x4c/0x68 [ 197.652396][T12196] gfs2_instantiate+0x17c/0x2c8 [ 197.653665][T12196] gfs2_glock_wait+0x1b8/0x298 [ 197.654927][T12196] gfs2_glock_nq+0xcc8/0x169c [ 197.656136][T12196] gfs2_lookupi+0x328/0x500 [ 197.657386][T12196] gfs2_lookup_meta+0xe4/0x1e4 [ 197.658639][T12196] init_journal+0x19c/0x1fb8 [ 197.659834][T12196] init_inodes+0xe0/0x2d8 [ 197.661011][T12196] gfs2_fill_super+0x167c/0x1f54 [ 197.662327][T12196] get_tree_bdev+0x320/0x470 [ 197.663564][T12196] gfs2_get_tree+0x54/0x1b4 [ 197.664782][T12196] vfs_get_tree+0x90/0x288 [ 197.665947][T12196] do_new_mount+0x278/0x900 [ 197.667153][T12196] path_mount+0x590/0xe04 [ 197.668386][T12196] __arm64_sys_mount+0x45c/0x594 [ 197.669737][T12196] invoke_syscall+0x98/0x2b8 [ 197.671044][T12196] el0_svc_common+0x130/0x23c [ 197.672310][T12196] do_el0_svc+0x48/0x58 [ 197.673412][T12196] el0_svc+0x54/0x168 [ 197.674460][T12196] el0t_64_sync_handler+0x84/0xfc [ 197.675842][T12196] el0t_64_sync+0x190/0x194 [ 197.680599][T12196] gfs2: fsid=syz:syz.0: can't lookup journal index: 0 [ 197.726675][ T6344] usb 1-1: Using ep0 maxpacket: 32 [ 197.736928][ T6344] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.739782][ T6344] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.742332][ T6344] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 197.744867][ T6344] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 197.774717][ T6344] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 197.777530][ T6344] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 197.781659][ T6344] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 197.784058][ T6344] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.802867][ T6344] usb 1-1: Product: syz [ 197.803999][ T6344] usb 1-1: Manufacturer: syz [ 197.805225][ T6344] usb 1-1: SerialNumber: syz [ 198.202837][T12214] netlink: 'syz.3.2010': attribute type 4 has an invalid length. [ 198.496725][T12218] loop3: detected capacity change from 0 to 32768 [ 198.504223][T12218] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 198.504223][T12218] [ 198.510873][T12218] ERROR: (device loop3): remounting filesystem as read-only [ 198.512963][T12218] xtLookup: xtSearch returned -5 [ 198.514300][T12218] read_mapping_page failed! [ 198.515503][T12218] jfs_mount: diMount(ipaimap) failed w/rc = -5 [ 198.517838][T12218] Mount JFS Failure: -5 [ 198.518979][T12218] jfs_mount failed w/return code = -5 [ 198.869301][T12226] loop3: detected capacity change from 0 to 32768 [ 198.975508][T12226] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 198.987410][T12226] bcachefs (loop3): recovering from clean shutdown, journal seq 8 [ 198.991753][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.016855][T12230] loop4: detected capacity change from 0 to 32768 [ 199.043226][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.048966][T12226] bcachefs (loop3): alloc_read... done [ 199.050555][T12226] bcachefs (loop3): stripes_read... done [ 199.052093][T12226] bcachefs (loop3): snapshots_read... done [ 199.055417][T12226] bcachefs (loop3): going read-write [ 199.064510][T12226] bcachefs (loop3): journal_replay... [ 199.064954][T12226] bcachefs (loop3): bch2_journal_replay(): error erofs_journal_err [ 199.069354][T12226] bcachefs (loop3): bch2_fs_recovery(): error erofs_journal_err [ 199.071457][T12226] bcachefs (loop3): bch2_fs_start(): error starting filesystem erofs_journal_err [ 199.072437][T12230] bcachefs (a46a46fb-710c-4d8a-8a40-d337fbcdfe7d): filesystem UUID already open [ 199.073905][ T25] bcachefs (loop3): going read-only [ 199.077634][T12230] bcachefs (a46a46fb-710c-4d8a-8a40-d337fbcdfe7d): shutdown complete [ 199.086146][T12226] bcachefs (loop3): shutting down [ 199.087846][ T25] bcachefs (loop3): finished waiting for writes to stop [ 199.089680][ T25] bcachefs (loop3): flushing journal and stopping allocators, journal seq 8 [ 199.092109][ T25] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 8 [ 199.096779][ T42] bond0 (unregistering): Released all slaves [ 199.101598][ T25] bcachefs (loop3): unshutdown complete, journal seq 8 [ 199.104041][ T25] bcachefs (loop3): done going read-only, filesystem not clean [ 199.119623][T12226] bcachefs (loop3): shutdown complete [ 199.166695][ T6344] cdc_ncm 1-1:1.0: bind() failure [ 199.170337][ T6344] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 199.174105][ T6344] cdc_ncm 1-1:1.1: bind() failure [ 199.177581][ T6344] usb 1-1: USB disconnect, device number 8 [ 199.518964][T12265] loop2: detected capacity change from 0 to 8192 [ 199.536146][ T6304] Bluetooth: hci3: command tx timeout [ 199.549205][T12265] loop2: p1 p2 p3 p4 [ 199.550371][T12265] loop2: p1 size 108922248 extends beyond EOD, truncated [ 199.558178][T12265] loop2: p2 start 861536256 is beyond EOD, truncated [ 199.559986][T12265] loop2: p3 start 851968 is beyond EOD, truncated [ 199.561660][T12265] loop2: p4 size 65536 extends beyond EOD, truncated [ 199.581793][ T5900] loop2: p1 p2 p3 p4 [ 199.582893][ T5900] loop2: p1 size 108922248 extends beyond EOD, truncated [ 199.599342][ T5900] loop2: p2 start 861536256 is beyond EOD, truncated [ 199.601068][ T5900] loop2: p3 start 851968 is beyond EOD, truncated [ 199.602767][ T5900] loop2: p4 size 65536 extends beyond EOD, truncated [ 199.813923][T12265] netlink: 'syz.2.2021': attribute type 4 has an invalid length. [ 199.890322][ T42] hsr_slave_0: left promiscuous mode [ 199.948459][ T42] hsr_slave_1: left promiscuous mode [ 200.026219][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.028230][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.035716][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.050114][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.084067][T12304] loop3: detected capacity change from 0 to 512 [ 200.084872][ T42] veth1_macvtap: left promiscuous mode [ 200.090765][ T42] veth0_macvtap: left promiscuous mode [ 200.092468][ T42] veth1_vlan: left promiscuous mode [ 200.094093][ T42] veth0_vlan: left promiscuous mode [ 200.128550][T12304] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.168376][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.378648][T12297] loop2: detected capacity change from 0 to 32768 [ 200.484410][T12297] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 200.500868][T12297] bcachefs (loop2): recovering from clean shutdown, journal seq 8 [ 200.563992][T12297] bcachefs (loop2): alloc_read... done [ 200.565501][T12297] bcachefs (loop2): stripes_read... done [ 200.567961][T12297] bcachefs (loop2): snapshots_read... done [ 200.574386][T12297] bcachefs (loop2): going read-write [ 200.583689][T12297] bcachefs (loop2): sb invalid before write: Invalid superblock section journal_v2: journal bucket at sector 0 [ 200.583689][T12297] journal_v2 (size 40): [ 200.583689][T12297] Buckets: 0-9 7-31 [ 200.583689][T12297] [ 200.591283][T12297] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 8 [ 200.593733][T12297] bcachefs (loop2): flushing journal and stopping allocators, journal seq 8 [ 200.601627][T12297] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 8 [ 200.604225][T12297] bcachefs (loop2): unshutdown complete, journal seq 8 [ 200.612968][T12297] bcachefs (loop2): bch2_fs_recovery(): error invalid_sb_journal [ 200.614929][T12297] bcachefs (loop2): bch2_fs_start(): error starting filesystem invalid_sb_journal [ 200.636179][T12297] bcachefs (loop2): shutting down [ 200.651126][T12297] bcachefs (loop2): shutdown complete [ 200.837221][T12325] loop4: detected capacity change from 0 to 8192 [ 200.887515][T12325] loop4: p1 p2 p3 p4 [ 200.888862][T12325] loop4: p1 size 108922248 extends beyond EOD, truncated [ 200.896305][T12325] loop4: p2 start 861536256 is beyond EOD, truncated [ 200.899848][T12325] loop4: p3 start 851968 is beyond EOD, truncated [ 200.905074][T12325] loop4: p4 size 65536 extends beyond EOD, truncated [ 201.596387][T12343] loop3: detected capacity change from 0 to 512 [ 201.616023][ T6304] Bluetooth: hci3: command tx timeout [ 201.620637][T12343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.660541][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.734412][T12352] loop3: detected capacity change from 0 to 512 [ 201.745472][T12352] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 201.747850][T12352] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 201.751265][T12352] EXT4-fs (loop3): 1 truncate cleaned up [ 201.753165][T12352] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.779856][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.198730][ T42] team0 (unregistering): Port device team_slave_1 removed [ 202.389186][ T42] team0 (unregistering): Port device team_slave_0 removed [ 203.706017][ T6304] Bluetooth: hci3: command tx timeout [ 204.581681][T12325] netlink: 'syz.4.2042': attribute type 4 has an invalid length. [ 204.583829][T12362] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 204.754823][T12382] loop3: detected capacity change from 0 to 512 [ 204.796457][T12128] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 204.804294][T12128] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 204.808677][T12382] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.845448][T12128] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 204.858103][T12128] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 204.904000][T12128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.911275][T12128] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.913775][ T6293] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.935081][T12128] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 204.938403][T12128] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 204.944835][ T6282] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.946785][ T6282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.956640][ T6282] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.958479][ T6282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.217153][T12413] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 205.237534][T12409] loop4: detected capacity change from 0 to 8192 [ 205.266398][T12409] loop4: p1 p2 p3 p4 [ 205.275041][T12409] loop4: p1 size 108922248 extends beyond EOD, truncated [ 205.278813][T12409] loop4: p2 start 861536256 is beyond EOD, truncated [ 205.280570][T12409] loop4: p3 start 851968 is beyond EOD, truncated [ 205.282223][T12409] loop4: p4 size 65536 extends beyond EOD, truncated [ 205.336075][T12409] netlink: 'syz.4.2072': attribute type 4 has an invalid length. [ 205.349901][T12128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.409245][T12427] loop2: detected capacity change from 0 to 512 [ 205.429761][T12128] veth0_vlan: entered promiscuous mode [ 205.438289][T12427] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.448824][T12128] veth1_vlan: entered promiscuous mode [ 205.469551][T12128] veth0_macvtap: entered promiscuous mode [ 205.490988][T12128] veth1_macvtap: entered promiscuous mode [ 205.493900][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 205.502975][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 205.541653][T12436] loop4: detected capacity change from 0 to 512 [ 205.549100][T12128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.551900][T12128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.554600][T12128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.557597][T12128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.560247][T12128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.562820][T12128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.566968][T12128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.577571][T12427] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.2076: corrupted inode contents [ 205.582613][T12436] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.586378][T12128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.598433][T12128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.602924][T12427] EXT4-fs error (device loop2): ext4_dirty_inode:5935: inode #2: comm syz.2.2076: mark_inode_dirty error [ 205.616654][T12128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.625333][T12427] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.2076: corrupted inode contents [ 205.627681][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 205.631764][T12128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.634220][T12128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.638318][T12128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.640796][T12128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.643480][T12128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.649790][T12128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.651246][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 205.652465][T12128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.653421][T11006] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.662191][T12128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.662345][T12427] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.2076: mark_inode_dirty error [ 205.675165][T12128] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.684838][T12441] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.2076: corrupted inode contents [ 205.688807][T12128] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.691009][T12128] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.693176][T12128] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.709367][T12441] EXT4-fs error (device loop2): ext4_dirty_inode:5935: inode #2: comm syz.2.2076: mark_inode_dirty error [ 205.713903][T12441] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.2076: corrupted inode contents [ 205.759104][T12448] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.2076: corrupted inode contents [ 205.761379][T11323] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 205.784541][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.790367][T12448] EXT4-fs error (device loop2): add_dirent_to_buf:2212: inode #2: comm syz.2.2076: mark_inode_dirty error [ 205.805955][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.811872][T12448] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2972: inode #18: comm syz.2.2076: corrupted xattr block 22: invalid header [ 205.832007][T12448] EXT4-fs warning (device loop2): ext4_evict_inode:271: xattr delete (err -117) [ 205.869325][T12141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.871376][T12141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.963778][ T6302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.039553][T12477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.042011][T12477] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.082502][T12482] loop2: detected capacity change from 0 to 512 [ 206.087758][T12473] loop4: detected capacity change from 0 to 8192 [ 206.110391][T12482] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.122213][T12473] loop4: p1 p2 p3 p4 [ 206.123311][T12473] loop4: p1 size 108922248 extends beyond EOD, truncated [ 206.127497][T12473] loop4: p2 start 861536256 is beyond EOD, truncated [ 206.132155][T12473] loop4: p3 start 851968 is beyond EOD, truncated [ 206.133869][T12473] loop4: p4 size 65536 extends beyond EOD, truncated [ 206.134809][ T6302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.149539][T12473] netlink: 'syz.4.2088': attribute type 4 has an invalid length. [ 206.258233][T12494] loop4: detected capacity change from 0 to 512 [ 206.289226][T12179] udevd[12179]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 206.292658][T12494] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 206.294673][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 206.294806][T12494] System zones: 0-2, 18-18, 34-34 [ 206.309358][T12494] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 206.312464][T12494] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 206.314876][T12494] EXT4-fs error (device loop4): ext4_acquire_dquot:6860: comm syz.4.2097: Failed to acquire dquot type 1 [ 206.318972][T12494] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 206.321536][T12494] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 206.324035][T12494] EXT4-fs error (device loop4): ext4_acquire_dquot:6860: comm syz.4.2097: Failed to acquire dquot type 1 [ 206.334597][T12494] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2097: bg 0: block 248: padding at end of block bitmap is not set [ 206.345514][T12494] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 206.350894][T12494] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 206.354394][T12494] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 206.355767][T12500] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2099'. [ 206.357547][T12494] EXT4-fs error (device loop4): ext4_acquire_dquot:6860: comm syz.4.2097: Failed to acquire dquot type 1 [ 206.367628][T12494] EXT4-fs (loop4): 1 orphan inode deleted [ 206.370545][T12494] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.391476][T11006] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.525311][T12511] loop2: detected capacity change from 0 to 512 [ 206.540542][T12511] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.588103][T12515] loop4: detected capacity change from 0 to 8192 [ 206.604441][ T6302] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.630047][T12515] loop4: p1 p2 p3 p4 [ 206.631356][T12515] loop4: p1 size 108922248 extends beyond EOD, truncated [ 206.637540][T12515] loop4: p2 start 861536256 is beyond EOD, truncated [ 206.639304][T12515] loop4: p3 start 851968 is beyond EOD, truncated [ 206.640931][T12515] loop4: p4 size 65536 extends beyond EOD, truncated [ 206.652912][T12515] netlink: 'syz.4.2105': attribute type 4 has an invalid length. [ 206.742429][T12527] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2111'. [ 206.777715][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 206.792390][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 206.805138][T12529] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2112'. [ 206.887388][T12538] loop2: detected capacity change from 0 to 256 [ 206.909361][T12538] FAT-fs (loop2): bogus number of directory entries (4) [ 206.913953][T12538] FAT-fs (loop2): Can't find a valid FAT filesystem [ 206.976606][T12540] loop4: detected capacity change from 0 to 512 [ 207.027035][T12540] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.072855][T12543] loop0: detected capacity change from 0 to 8192 [ 207.072974][T12525] loop3: detected capacity change from 0 to 32768 [ 207.082239][T12548] loop2: detected capacity change from 0 to 512 [ 207.084533][T12548] EXT4-fs: Ignoring removed orlov option [ 207.087487][T12548] EXT4-fs (loop2): bad s_want_extra_isize: 2080 [ 207.093910][T12543] loop0: p1 p2 p3 p4 [ 207.095182][T12543] loop0: p1 size 108922248 extends beyond EOD, truncated [ 207.099171][T12543] loop0: p2 start 861536256 is beyond EOD, truncated [ 207.101279][T12543] loop0: p3 start 851968 is beyond EOD, truncated [ 207.103890][T12543] loop0: p4 size 65536 extends beyond EOD, truncated [ 207.110920][T12543] netlink: 'syz.0.2119': attribute type 4 has an invalid length. [ 207.150624][T12179] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 207.151418][T11006] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.157575][ T9886] udevd[9886]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 207.193635][T11323] udevd[11323]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 207.250183][T12525] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=16.0 EiB,nojournal_transaction_names [ 207.261572][T12561] loop0: detected capacity change from 0 to 8192 [ 207.263963][T12525] bcachefs (loop3): recovering from clean shutdown, journal seq 8 [ 207.267297][T12565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2123'. [ 207.302107][T12567] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2126'. [ 207.349387][T12525] bcachefs (loop3): alloc_read... done [ 207.353359][T12525] bcachefs (loop3): stripes_read... done [ 207.354885][T12525] bcachefs (loop3): snapshots_read... done [ 207.358239][T12525] bcachefs (loop3): going read-write [ 207.378432][T12525] bcachefs (loop3): journal_replay... done [ 207.413921][T12525] bcachefs (loop3): resume_logged_ops... done [ 207.420080][T12525] bcachefs (loop3): delete_dead_inodes... done [ 207.421854][T12525] ------------[ cut here ]------------ [ 207.423279][T12525] UBSAN: shift-out-of-bounds in ./include/linux/log2.h:67:13 [ 207.425134][T12525] shift exponent 4294967295 is too large for 64-bit type 'unsigned long' [ 207.431947][T12525] CPU: 1 PID: 12525 Comm: syz.3.2110 Not tainted 6.10.0-rc5-syzkaller-g5961093c073c #0 [ 207.434488][T12525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 207.437114][T12525] Call trace: [ 207.437968][T12525] dump_backtrace+0x1b8/0x1e4 [ 207.439228][T12525] show_stack+0x2c/0x3c [ 207.440291][T12525] dump_stack_lvl+0xe4/0x150 [ 207.441488][T12525] dump_stack+0x1c/0x28 [ 207.442652][T12525] __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c [ 207.444351][T12525] bch2_blacklist_entries_gc+0x510/0x534 [ 207.445866][T12525] bch2_fs_recovery+0x4034/0x5488 [ 207.447167][T12525] bch2_fs_start+0x30c/0x53c [ 207.448388][T12525] bch2_fs_open+0x8b4/0xb64 [ 207.449601][T12525] bch2_mount+0x4fc/0xe68 [ 207.450832][T12525] legacy_get_tree+0xd4/0x16c [ 207.452075][T12525] vfs_get_tree+0x90/0x288 [ 207.453243][T12525] do_new_mount+0x278/0x900 [ 207.454514][T12525] path_mount+0x590/0xe04 [ 207.455671][T12525] __arm64_sys_mount+0x45c/0x594 [ 207.456992][T12525] invoke_syscall+0x98/0x2b8 [ 207.458279][T12525] el0_svc_common+0x130/0x23c [ 207.459516][T12525] do_el0_svc+0x48/0x58 [ 207.460694][T12525] el0_svc+0x54/0x168 [ 207.461816][T12525] el0t_64_sync_handler+0x84/0xfc [ 207.463187][T12525] el0t_64_sync+0x190/0x194 [ 207.467641][T12525] ---[ end trace ]--- [ 207.481204][T12525] bcachefs (loop3): done starting filesystem [ 207.520973][ T6293] bcachefs (loop3): shutting down [ 207.521736][T12577] loop0: detected capacity change from 0 to 8192 [ 207.522396][ T6293] bcachefs (loop3): going read-only [ 207.531682][ T6293] bcachefs (loop3): finished waiting for writes to stop [ 207.567047][T12577] loop0: p1 p2 p3 p4 [ 207.568300][T12577] loop0: p1 size 108922248 extends beyond EOD, truncated [ 207.571159][ T6293] bcachefs (loop3): flushing journal and stopping allocators, journal seq 12 [ 207.572168][T12577] loop0: p2 start 861536256 is beyond EOD, truncated [ 207.573635][ T6293] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 12 [ 207.575233][T12577] loop0: p3 start 851968 is beyond EOD, truncated [ 207.575254][T12577] loop0: p4 size 65536 extends beyond EOD, truncated [ 207.582782][ T6293] bcachefs (loop3): shutdown complete, journal seq 13 [ 207.585192][ T6293] bcachefs (loop3): marking filesystem clean [ 207.592033][T12577] netlink: 'syz.0.2131': attribute type 4 has an invalid length. [ 207.615069][ T6293] bcachefs (loop3): shutdown complete [ 208.930323][ T613] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.041278][ T613] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.140304][ T613] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.248651][ T613] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.434204][ T613] bridge_slave_1: left allmulticast mode [ 211.435772][ T613] bridge_slave_1: left promiscuous mode [ 211.442607][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.450954][ T613] bridge_slave_0: left allmulticast mode [ 211.452371][ T613] bridge_slave_0: left promiscuous mode [ 211.453937][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.132918][ T613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.169123][ T613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.208254][ T613] bond0 (unregistering): Released all slaves [ 214.085613][ T613] hsr_slave_0: left promiscuous mode [ 214.126078][ T613] hsr_slave_1: left promiscuous mode [ 214.226086][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.228110][ T613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.234853][ T613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.238211][ T613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.253866][ T613] veth1_macvtap: left promiscuous mode [ 214.255319][ T613] veth0_macvtap: left promiscuous mode [ 214.256967][ T613] veth1_vlan: left promiscuous mode [ 214.258327][ T613] veth0_vlan: left promiscuous mode [ 216.252915][ T613] team0 (unregistering): Port device team_slave_1 removed [ 216.459307][ T613] team0 (unregistering): Port device team_slave_0 removed