last executing test programs: 7.665086804s ago: executing program 2: mq_open(&(0x7f0000000200)='sys\x84\xb0\x13\xbbu:object_r\x05run_init\a\x00xec_t:s0\x00\x1c[@\t\xb8X\xce\xbd/\x11x\x8c\x9fk_\x82\x1e\xa0~|z\x10j\x7f\xbb\xc1\x94@\b\x001\xba;;\xc2\xbaDwU\x8c!\xb7O\xee\x01-\xedHz \xa1\xb8z\xb2\xdf%\xc4\xd2\xb1\xe3\x8c\xfe\n\x96\xbf\x16\xd6y\xceu\xd0\xa3\xd9mD\xf4F6\x14\x98\xcc\xceT\xe6c\x8f\xe5\x03j{\xf2\xb2\xb6\xe3\xe1\xf7\x8aAa\x94\x05\xdb\xf9\xe9\"\xb916<\x91s\x06J\xac@\xa0\x1d&\xd8\xae\x06h\xba\xad\x19\xdai\xcb\x1dKdn\xa7\x058\xe1\x14\x8df]k<\xbe/9\xe34\xfb\x05\x85\xd19t\x18e;9\x01\xc7\xabX\xc1\xfb\xa3s:\'mi\xcer4\xc5\xb1\x1by\x03`|\xff\rh\xa3q6\xcdU', 0x2, 0x183, 0x0) 7.189516686s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x8}, 0x10) write(r1, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) socket$inet6(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000000000f9000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfed7) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x0, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x3ffffffffffffda, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x64000600) recvmmsg(r1, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000407b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r7}, 0x10) pipe2$9p(&(0x7f0000000040), 0x0) 6.441369749s ago: executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl(r0, 0x5450, 0x0) 6.070901426s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000280), 0x1, 0x76a, &(0x7f0000001b00)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000180)={0x0, 0x6}) 6.02852999s ago: executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000f00)={0x0, 0x1}, 0x8) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) sendmsg$inet6(r0, &(0x7f0000001a80)={&(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c, &(0x7f0000001500)=[{0x0}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={r2}, 0x8) 5.290853262s ago: executing program 4: gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'caif0\x00', 0x1000}) preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = mq_open(&(0x7f0000000000)=':{#\x00', 0x40, 0x0, 0x0) close(r0) signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x6]}, 0x8, 0x0) signalfd(r0, &(0x7f0000000080), 0x8) 4.698246121s ago: executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$GIO_SCRNMAP(r0, 0x5421, &(0x7f00000001c0)=""/261) 4.660294175s ago: executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000700)="af", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d21998000000099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad31540", 0x382}], 0x1}}], 0x2, 0x0) 4.638794453s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x802, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000104000004821178f459c0b7a600", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x13, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x8}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0) 4.209350548s ago: executing program 4: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000003940)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af13, &(0x7f00000002c0)) 3.898997263s ago: executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000002b40), 0x0, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000005480), 0x0, 0x0, 0x0) 3.848578327s ago: executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$P9_RFSYNC(0xffffffffffffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='maps\x00') write$char_usb(r1, 0x0, 0x0) flistxattr(0xffffffffffffffff, 0x0, 0x0) r2 = mq_open(&(0x7f0000000080)='g*&{\x06Y\x00', 0x40, 0x0, &(0x7f00000000c0)={0x0, 0x2b, 0x626}) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)) fadvise64(r3, 0x2822, 0x0, 0x4) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000240)={0x30000007}) ioctl$PIO_FONTX(r0, 0x5450, 0x0) 3.704775724s ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x25) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0xfffffffffffffe82) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000", @ANYRES32, @ANYBLOB="000080"], 0x38}, 0x1, 0x300}, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.29857931s ago: executing program 1: ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x5451, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) epoll_create1(0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) r0 = mq_open(&(0x7f00000000c0)='cmdline\x00', 0x40, 0x0, 0x0) ioctl$FITRIM(r0, 0x5452, &(0x7f0000000080)) 3.243737798s ago: executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000f00)={0x0, 0x1}, 0x8) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) sendmsg$inet6(r0, &(0x7f0000001a80)={&(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c, &(0x7f0000001500)=[{0x0}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={r2}, 0x8) 3.143335635s ago: executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3a0, 0x118, 0x0, 0x330, 0x298, 0x330, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x6, 0x0, {[{{@ip={@multicast1, @remote, 0x0, 0x0, 'ip6erspan0\x00', 'pimreg0\x00'}, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38}}, {{@ip={@multicast2, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 'vlan0\x00', 'veth1_to_bridge\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea72500000001000000000000"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r2, 0x0, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(r3, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, 0x0, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x17, 0x0, 0x4f}) 3.04687391s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, &(0x7f0000000400)='syzkaller\x00', 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000280)={'wg2\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000110018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r3, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) 2.774959577s ago: executing program 1: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000280), 0x1, 0x76a, &(0x7f0000001b00)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000180)={0x0, 0x6}) 2.509324866s ago: executing program 0: r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000001c0)={0x7, {{0xa, 0x0, 0x0, @mcast1={0xff, 0xf}}}, {{0xa, 0x0, 0x0, @private0}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000300)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0xf}}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f00000001c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0xf}}}, {{0xa, 0x0, 0x0, @private0}}}, 0x108) close_range(r0, 0xffffffffffffffff, 0x0) 2.259221911s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffff7f850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000002c0)='ext4_ext_rm_leaf\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) 1.9282215s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x802, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000104000004821178f459c0b7a600", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x13, 0x1e}}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x8, r8}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0) 1.666709837s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) 1.581074482s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000978f0049a148090018110001", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x0, 0x4, 0x6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.527219773s ago: executing program 1: syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket(0xa, 0x6, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.freeze\x00', 0x275a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) getsockopt$inet6_mreq(r1, 0x10d, 0x92, 0x0, &(0x7f0000000040)) 1.324175831s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x400ad00, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) 971.773439ms ago: executing program 0: r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="e00000001000090500000000000000006f6d8864d22a3f2ffaa46c88bca90000002b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27db1f302de337c0004060000000000bf852c8986626691b01b2d44e4ce2d7128"], 0xe0}], 0x1}, 0x0) 786.887949ms ago: executing program 2: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[], 0x1, 0x550e, &(0x7f00000020c0)="$eJzs3E1rY1UYAOCTdjrfjkUE3c2FQWhhEpp+DLqrOoMf2KH4sXClaZKGzCS5pUnT2pULl+LCf+BPEAVXLv0NLsSlO3GhuBOU3HMK7ahQbaax9nng5r335Nz3vicMU957QwJwbs1mv/5cCjfClRDCdAjhegjFfilthdXRy8Vi92YIYerQNprzbDg0MJp2NYRwY5Q85iyltz69Pby18tPrv3z97aUL1z7/6rvJrRqYtOdCCN2tuL/bjTFvxfggjdeG7SJ2l4cpxje6D9NxHuNuc6PIsFs7mFcr4lIrzs+3dvqjuNmp1Uex1d4sxrd68YL9YesgT3HCg9p2cdxobhSx3c+L2NqPde3tx//b9vuDmKeR8n1QpA+DwUGM4829ZlzP1sMi1nuDNB7z5o3m3igOU0yXC/W80yjq2DjJJ/3f9ka7t7OXDZvb/Xbey1Yq1ecr1Tvl6nbeaA6ay+Vat3FnOZtrdUbTyoNmrbvayvNWp1mp5935bK5Vr5er1WzubnOjXetl1WplqbJQXplPe7ezV+6/k3Ua2dwovtTu7QzanX62mW9n8Yz5bLGy9MJ8dquavbW2nq2/ee/e2vrb79199/6La6+9nCb9qaxsbnFhcbFcXSgvVufP7vpHf+v/0fo/SkWPcf1wIqVJFwBw9hy//499vv4fGIez3v8H/f9Y6P/P9/rhRPT/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1g8zX7xa7MzG42tp/Ik09FQ6LoUQpkIIv/+F6XDxSM7plGfmb+bPPFLDN6VQZBhd41LaroYQVtP225OP+1MAAACA/68vP7z5SezW48vspAviNMWbNlPX3x9TvlIIYWb2x39x5qVHsoR0syk8PZ7K4r/vC2FvTNmKG1iXx5Qs3nK7MK5sxzJ9JFw+FEoxTJ1qOQAAwKk42gmcbhcCAADAafp40gUwGcWT1vRd/PQF/vQgNj0QvBK+f2YypQEAAABjUpp0AQAAAMBjV/T/fv8PAAAAzqrPjjUr/v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7BzPzmpQ1EcgE8LfY/3x0iMc7fiDJbhEhw6NCzATbAE3IIbYA04cwkGDG2J1mBi0ts2ku9L2sttyI9TwuTcSwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCl52I1f7y/emibs921k+ZuAAAAgGM2xWpevphW83/19bP60kU9zyIij4hjvfsofjUyR3VO8cX7i081PEWUCfvP+F0ffyPiuj5ez7v+FgAAAOB0rRfLWdWtV6fp0AXRp2rRJv9/kygvi4hi+pIoLd+fLhOFlb/vcdwlSisXsCaJwqolt3GqtG8ZNYbJhyGrhrzXcgAAgF40O4F+uxAAAAD6dDt0AQwji8NW5mEvuPzn/fuG4J/GDAAAAPiBsqELAAAAADpX9v+e/wcAAACnrXr+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF3aFKv5erGctc3Z7tpJczcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb373l/8TU+NMMvfaWHoeSdZOja1TY+/cOPrD+Po1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAX/e6X/xNT40wyd9pYOh5J1q4aW1eNvQeNowfj7d8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/uzs7GVsUYJYeIKHjQi023tbVXD0rw4J8ghHRbo1t/tDnYUoRcvEnOvYgeRQQl3vo/9NxCL/XWwx4qePJQmdmZ5HUtuLZ0ZtN8PvDmfWcY5n3fJIR8580uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTG7+3HWbFZnMTd6tjNe1c3iv7WVF+4vnN7pWhF3Gky6YPh1XSns9xeIgAAABweWV3fR8SdfHet6LuLZf2f1+cUNf8Pz0/iup6frvvrvq79i/b7b3df3htocTJOcdFzm6Ph8X+n0ntys5xvL/znGb3yzpfPXrLyB9L9cPulcV7ez853N2683y/DhSayBQAexbG6r4L6/6GiH7SZGACHRi8pvOv6P1tsNycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJvS349k67kTESm8/Lty6d3Wj7Kf2r+/cXqnb6WvXdtJrFpfII+Lc5mh4vKmJHACXLl/5bH00Gl5sPngtItobvQo+nuGciDYzFDxu0K1+1+cln4MRtPyHCQCAp05etaKuv5PvrhXHOksR9398sP5/M4kjrf+n+rT+v/vJ6ZvpWGn9P2hshvNvdevCl6uXLl95e/PC+vnh+eHn75wYvDs4eebUqTOr5bOSVU9MAAAAeDz9qqX1f3cpYjy1/n80iWPG+v+r7wffpGNl6v+H2l/0azsTAACAw+3F1//6s/OQ451+P75e39q6OJhs9/ZPTLYtpPo/bd9fiIiFqfo/W2o7LwAAAKAJ4+3OA+v/Z5M4Zlz/f+6nV35Jr5lFxJFq/f/Yxhejs81NpyV/z3RWEx8nfuJTBQAAYK4dqVq6/p+X7/9391556EbEW29M4uprAGeq/7MPvv05HSt9//9kc1OcS93lyf0o++WI3nLbGQEAAPA0e6ZqRbH/R7679umvRz/qe/8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGn/BAAA//+5zUFV") syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x80086601, &(0x7f0000000440)) 501.199607ms ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0xa4}}, 0x0) 218.997312ms ago: executing program 3: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x18, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000002000000000000000001801000020786c250000000000202020731af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000550000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000400)) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001240)='cgroup.controllers\x00', 0x275a, 0x0) add_key$keyring(&(0x7f0000000080), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000009, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 0s ago: executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000700)="af", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d21998000000099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76000000", 0x389}], 0x1}}], 0x2, 0x0) kernel console output (not intermixed with test programs): man_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.230037][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.242506][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.253664][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.263828][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.274597][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.284810][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.287269][ T779] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 799.299163][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.316630][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 799.327348][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.343034][T10584] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 799.473498][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.485580][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.495698][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.510386][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.521409][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.532164][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.542381][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.554131][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.564255][T10584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 799.575013][T10584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.590273][T10584] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 799.712869][ T779] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 799.721772][T10738] No control pipe specified [ 799.724465][ T779] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 799.740524][ T779] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 799.754038][ T779] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 799.763482][ T779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.784284][T10584] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.793492][T10584] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.798394][ T779] usb 4-1: config 0 descriptor?? [ 799.802533][T10584] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.822062][T10584] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.824212][T10729] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 800.303527][T10745] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 800.405396][T10747] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 800.427992][ T779] plantronics 0003:047F:FFFF.0012: unknown main item tag 0xd [ 800.526278][ T779] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving [ 800.602593][ T779] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 800.890042][ T5132] usb 4-1: USB disconnect, device number 9 [ 801.336230][T10758] loop4: detected capacity change from 0 to 256 [ 801.588079][T10758] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea8fed2, utbl_chksum : 0xe619d30d) [ 801.602288][T10758] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 802.610320][T10773] No control pipe specified [ 802.749488][T10774] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 802.851466][ T5132] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 803.122214][ T5132] usb 4-1: Using ep0 maxpacket: 32 [ 803.234323][T10786] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 803.256459][ T5132] usb 4-1: config 0 has no interfaces? [ 803.286550][T10786] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 803.432224][ T5132] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 803.432391][ T5132] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 803.432529][ T5132] usb 4-1: Product: syz [ 803.432631][ T5132] usb 4-1: Manufacturer: syz [ 803.432744][ T5132] usb 4-1: SerialNumber: syz [ 803.443816][ T5132] usb 4-1: config 0 descriptor?? [ 803.696517][ T5132] usb 4-1: USB disconnect, device number 10 [ 804.261305][ T5132] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 804.631687][ T5132] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 804.631883][ T5132] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 804.632059][ T5132] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 804.632284][ T5132] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 804.632437][ T5132] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 804.642330][ T5132] usb 3-1: config 0 descriptor?? [ 804.662745][T10796] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 804.670054][T10804] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 804.719119][T10805] loop3: detected capacity change from 0 to 256 [ 804.800141][T10805] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea8fed2, utbl_chksum : 0xe619d30d) [ 804.801079][T10805] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 804.950266][ T3820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 804.950357][ T3820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 805.162878][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 805.162968][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 805.167039][ T5132] plantronics 0003:047F:FFFF.0013: unknown main item tag 0xd [ 805.248505][ T5132] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 805.316734][ T5132] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 805.574551][ T10] usb 3-1: USB disconnect, device number 25 [ 806.219933][T10816] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 806.987011][T10822] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 807.033306][T10822] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 807.559632][T10828] loop3: detected capacity change from 0 to 256 [ 809.319529][T10842] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 809.320488][T10842] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 809.345422][T10842] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 809.764585][ T5086] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 810.292623][T10851] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 810.693158][T10856] loop4: detected capacity change from 0 to 256 [ 810.788133][T10856] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d) [ 810.851518][ T25] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 811.272143][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 811.286954][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 811.299228][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 811.312814][ T25] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 811.322236][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 811.369532][ T25] usb 3-1: config 0 descriptor?? [ 811.395523][T10853] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 811.772775][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 811.772850][ T29] audit: type=1804 audit(1717247350.862:131): pid=10863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2293962250/syzkaller.pN95hS/3/file0" dev="sda1" ino=1945 res=1 errno=0 [ 811.908029][ T25] plantronics 0003:047F:FFFF.0014: unknown main item tag 0xd [ 812.016856][ T25] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 812.068562][ T25] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 812.251853][ T29] audit: type=1800 audit(1717247351.302:132): pid=10870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 812.288676][ T25] usb 3-1: USB disconnect, device number 26 [ 812.510150][T10872] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 812.522238][T10872] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 812.576548][T10872] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 813.617037][T10890] loop1: detected capacity change from 0 to 256 [ 813.722399][T10890] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d) [ 814.493135][ T29] audit: type=1800 audit(1717247353.542:133): pid=10901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1967 res=0 errno=0 [ 815.165526][T10908] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 815.180342][T10908] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 815.286817][T10910] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 815.620211][ T5086] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 816.122033][T10924] loop1: detected capacity change from 0 to 256 [ 816.267205][T10924] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d) [ 816.859800][ T29] audit: type=1800 audit(1717247355.912:134): pid=10933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 817.707873][T10944] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 817.717339][T10944] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 817.734123][T10944] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 818.452474][ T5086] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 819.075328][T10963] loop4: detected capacity change from 0 to 256 [ 819.184157][T10963] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d) [ 819.750018][ T29] audit: type=1800 audit(1717247358.812:135): pid=10972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1940 res=0 errno=0 [ 820.041582][T10977] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 820.051090][T10977] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 820.109730][T10979] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 821.537244][ T5086] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 822.324735][T11020] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 822.338867][T11020] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 822.350749][T11017] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 822.399761][T11020] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 822.601784][ T29] audit: type=1804 audit(1717247361.612:136): pid=11019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1911898925/syzkaller.8tTHMQ/343/file0" dev="sda1" ino=1947 res=1 errno=0 [ 823.283170][T11030] hsr0: entered promiscuous mode [ 824.231567][ T5086] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 824.274993][T11042] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 825.214040][T11051] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 825.223376][T11051] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 825.268754][T11054] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 826.488041][ T29] audit: type=1804 audit(1717247365.502:137): pid=11071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir4242496869/syzkaller.Eis3dc/326/bus" dev="sda1" ino=1955 res=1 errno=0 [ 827.055460][T11076] loop1: detected capacity change from 0 to 256 [ 827.070070][T11077] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 827.189533][T11077] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 827.972090][T11090] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 827.981526][T11090] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 828.015125][ T5086] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 828.052152][T11092] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 828.461652][T11096] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 828.703816][T11100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 828.714619][T11100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 828.724773][T11100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 828.735500][T11100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 828.745758][T11100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 828.756511][T11100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 828.766710][T11100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 828.777484][T11100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 828.791545][T11100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 828.803316][T11100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 828.813508][T11100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 828.824225][T11100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 828.860094][T11101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 828.868269][T11101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 828.912899][T11101] team0: Device batadv_slave_0 is up. Set it down before adding it as a team port [ 829.341284][ T29] audit: type=1800 audit(1717247368.392:138): pid=11108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1961 res=0 errno=0 [ 829.362635][ T29] audit: type=1800 audit(1717247368.432:139): pid=11108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1961 res=0 errno=0 [ 829.933373][T11116] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 830.075787][T11117] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 830.342999][T11121] loop1: detected capacity change from 0 to 256 [ 830.625696][T11123] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 830.639766][T11123] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 830.685437][T11123] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 830.926082][T11128] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 830.963978][ T5086] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 831.891738][ T29] audit: type=1800 audit(1717247370.922:140): pid=11146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1940 res=0 errno=0 [ 831.913265][ T29] audit: type=1800 audit(1717247370.932:141): pid=11146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1940 res=0 errno=0 [ 832.342622][T11155] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 832.441520][T11157] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 832.593730][ T29] audit: type=1804 audit(1717247371.612:142): pid=11158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2293962250/syzkaller.pN95hS/19/bus" dev="sda1" ino=1953 res=1 errno=0 [ 833.289198][T11164] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 833.665216][ T1220] ieee802154 phy0 wpan0: encryption failed: -22 [ 833.672071][ T1220] ieee802154 phy1 wpan1: encryption failed: -22 [ 834.351412][ T29] audit: type=1800 audit(1717247373.382:143): pid=11185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1945 res=0 errno=0 [ 834.529202][T11190] validate_nla: 3 callbacks suppressed [ 834.529276][T11190] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 834.600303][ T29] audit: type=1804 audit(1717247373.642:144): pid=11191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir4242496869/syzkaller.Eis3dc/338/bus" dev="sda1" ino=1960 res=1 errno=0 [ 834.644056][T11192] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 835.195054][T11200] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 835.204523][T11200] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 835.260611][T11200] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 835.272870][T11202] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 835.518277][T11205] autofs: Unknown parameter '0x0000000000000000' [ 836.583180][T11225] hsr0: entered promiscuous mode [ 836.675592][ T29] audit: type=1800 audit(1717247375.702:145): pid=11227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 837.300230][T11238] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 837.371858][T11238] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 837.411965][T11237] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 837.472010][T11240] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 837.807650][T11248] autofs: Unknown parameter '0x0000000000000000' [ 838.252631][ T5086] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 838.529315][ T29] audit: type=1800 audit(1717247377.542:146): pid=11262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1959 res=0 errno=0 [ 838.963149][T11266] hsr0: entered promiscuous mode [ 840.174826][T11282] autofs: Unknown parameter '0x0000000000000000' [ 840.211442][ T5079] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 840.222914][ T5079] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 840.260030][ T5079] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 840.275703][ T5079] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 840.292436][ T5079] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 840.301638][ T5079] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 841.545984][ T5086] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 841.847103][ T2788] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 841.986764][T11285] chnl_net:caif_netlink_parms(): no params data found [ 842.084170][ T2788] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 842.275462][ T2788] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 842.431368][ T5086] Bluetooth: hci2: command tx timeout [ 842.484708][T11316] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 842.519811][ T2788] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 842.583560][T11316] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 842.594215][T11319] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 842.740474][T11323] autofs: Unknown parameter '0x0000000000000000' [ 842.879784][ T2788] bridge_slave_1: left allmulticast mode [ 842.887513][ T2788] bridge_slave_1: left promiscuous mode [ 842.894239][ T2788] bridge0: port 2(bridge_slave_1) entered disabled state [ 842.927242][ T2788] bridge_slave_0: left allmulticast mode [ 842.934860][ T2788] bridge_slave_0: left promiscuous mode [ 842.941527][ T2788] bridge0: port 1(bridge_slave_0) entered disabled state [ 843.779105][ T2788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 843.902445][ T2788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 843.962862][ T2788] bond0 (unregistering): Released all slaves [ 843.982981][ T2788] bond1 (unregistering): Released all slaves [ 844.003040][ T2788] bond2 (unregistering): Released all slaves [ 844.029849][ T2788] bond3 (unregistering): Released all slaves [ 844.066474][ T5086] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 844.099368][ T2788] bond4 (unregistering): Released all slaves [ 844.514637][ T5086] Bluetooth: hci2: command tx timeout [ 844.956771][T11355] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 844.973215][T11354] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 844.991612][T11285] bridge0: port 1(bridge_slave_0) entered blocking state [ 844.999360][T11285] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.007406][T11285] bridge_slave_0: entered allmulticast mode [ 845.017232][T11285] bridge_slave_0: entered promiscuous mode [ 845.030279][T11355] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 845.072273][T11357] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 845.127197][ T2788] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 845.135090][ T2788] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 845.207580][ T2788] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 845.215579][ T2788] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 845.286411][ T2788] veth1_macvtap: left promiscuous mode [ 845.292432][ T2788] veth0_macvtap: left promiscuous mode [ 845.298334][ T2788] veth1_vlan: left promiscuous mode [ 845.300665][T11359] autofs: Unknown parameter 'fd0x0000000000000000' [ 845.304086][ T2788] veth0_vlan: left promiscuous mode [ 846.386649][ T2788] team0 (unregistering): Port device team_slave_1 removed [ 846.532822][ T2788] team0 (unregistering): Port device team_slave_0 removed [ 846.591769][ T5086] Bluetooth: hci2: command tx timeout [ 846.813890][ T5086] Bluetooth: hci5: ACL packet for unknown connection handle 0 [ 846.938958][T11285] bridge0: port 2(bridge_slave_1) entered blocking state [ 846.949208][T11285] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.957178][T11285] bridge_slave_1: entered allmulticast mode [ 846.966692][T11285] bridge_slave_1: entered promiscuous mode [ 847.427853][T11285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 847.513900][T11285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 847.824343][T11285] team0: Port device team_slave_0 added [ 847.896266][T11285] team0: Port device team_slave_1 added [ 848.248335][T11285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 848.256003][T11285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 848.284771][T11285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 848.362578][T11394] autofs: Unknown parameter 'fd0x0000000000000000' [ 848.440490][T11285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 848.452125][T11285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 848.479474][T11285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 848.671434][ T5086] Bluetooth: hci2: command tx timeout [ 849.036679][T11285] hsr_slave_0: entered promiscuous mode [ 849.089316][T11285] hsr_slave_1: entered promiscuous mode [ 849.531613][T11406] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 849.703368][ T5086] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 850.034105][T11416] netlink: 88 bytes leftover after parsing attributes in process `syz-executor.2'. [ 850.105663][ T29] audit: type=1800 audit(1717247389.152:147): pid=11415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 850.833543][T11426] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 850.867407][T11285] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 850.968576][T11285] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 851.029803][T11429] autofs: Unknown parameter 'fd0x0000000000000000' [ 851.093663][T11285] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 851.165850][T11285] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 851.674466][T11439] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 852.177868][ T5086] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 852.274596][T11285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 852.313925][ T29] audit: type=1800 audit(1717247391.352:148): pid=11449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 852.336460][ T29] audit: type=1800 audit(1717247391.402:149): pid=11449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1952 res=0 errno=0 [ 852.570239][T11285] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.705778][ T8421] bridge0: port 1(bridge_slave_0) entered blocking state [ 852.713564][ T8421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 852.829996][ T8421] bridge0: port 2(bridge_slave_1) entered blocking state [ 852.837829][ T8421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 853.523405][T11465] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 853.611795][T11465] bond2: entered promiscuous mode [ 853.803768][T11469] 8021q: adding VLAN 0 to HW filter on device bond3 [ 853.819497][T11469] bond2: (slave bond3): Enslaving as an active interface with a down link [ 853.897744][T11465] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 854.014191][T11465] bond2 (unregistering): (slave bond3): Releasing active interface [ 854.047054][T11465] bond2 (unregistering): Released all slaves [ 854.606425][T11481] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 855.141575][T11488] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 855.165713][T11285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 855.274895][ T5086] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 855.685942][T11285] veth0_vlan: entered promiscuous mode [ 855.813241][T11285] veth1_vlan: entered promiscuous mode [ 856.219105][T11285] veth0_macvtap: entered promiscuous mode [ 856.295300][T11285] veth1_macvtap: entered promiscuous mode [ 856.479113][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 856.492465][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.502684][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 856.513598][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.523746][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 856.534480][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.547772][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 856.560736][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.576478][T11285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 856.772861][T11510] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 856.870564][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.881499][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.892540][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.903330][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.913554][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.924288][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.934379][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.948943][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.959913][T11285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.970750][T11285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.985955][T11285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 857.283346][T11285] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.292552][T11285] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.301643][T11285] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.310667][T11285] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.604649][ T5086] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 859.242153][T11542] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.0'. [ 859.345906][ T5079] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 859.363351][ T5079] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 859.373061][ T5079] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 859.424004][ T5079] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 859.443455][ T5079] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 859.454966][ T5079] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 859.812018][T11549] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 860.489402][ T2788] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 860.696605][ T2788] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 860.862131][ T5079] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 860.919073][ T2788] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 861.048854][T11543] chnl_net:caif_netlink_parms(): no params data found [ 861.113624][ T2788] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 861.562957][ T5079] Bluetooth: hci0: command tx timeout [ 861.622390][ T2788] bridge_slave_1: left allmulticast mode [ 861.628291][ T2788] bridge_slave_1: left promiscuous mode [ 861.637828][ T2788] bridge0: port 2(bridge_slave_1) entered disabled state [ 861.651868][ T2788] bridge_slave_0: left allmulticast mode [ 861.663509][ T2788] bridge_slave_0: left promiscuous mode [ 861.672918][ T2788] bridge0: port 1(bridge_slave_0) entered disabled state [ 862.361667][ T2788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 862.401644][ T2788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 862.422196][ T2788] bond0 (unregistering): Released all slaves [ 862.449854][ T2788] bond1 (unregistering): Released all slaves [ 862.469899][ T2788] bond2 (unregistering): Released all slaves [ 862.494439][ T2788] bond3 (unregistering): Released all slaves [ 863.452915][ T2788] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 863.460664][ T2788] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 863.497928][ T2788] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 863.508945][ T2788] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 863.562362][ T2788] veth1_macvtap: left promiscuous mode [ 863.568122][ T2788] veth0_macvtap: left promiscuous mode [ 863.574133][ T2788] veth1_vlan: left promiscuous mode [ 863.579682][ T2788] veth0_vlan: left promiscuous mode [ 863.651264][ T5079] Bluetooth: hci0: command tx timeout [ 864.334610][ T2788] team0 (unregistering): Port device team_slave_1 removed [ 864.381526][ T2788] team0 (unregistering): Port device team_slave_0 removed [ 864.967533][T11594] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 865.047323][T11543] bridge0: port 1(bridge_slave_0) entered blocking state [ 865.056111][T11543] bridge0: port 1(bridge_slave_0) entered disabled state [ 865.063940][T11543] bridge_slave_0: entered allmulticast mode [ 865.075531][T11543] bridge_slave_0: entered promiscuous mode [ 865.163834][T11543] bridge0: port 2(bridge_slave_1) entered blocking state [ 865.172856][T11543] bridge0: port 2(bridge_slave_1) entered disabled state [ 865.180639][T11543] bridge_slave_1: entered allmulticast mode [ 865.189835][T11543] bridge_slave_1: entered promiscuous mode [ 865.458363][T11543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 865.534513][T11543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 865.604606][ T5079] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 865.711441][ T5079] Bluetooth: hci0: command tx timeout [ 865.802075][T11543] team0: Port device team_slave_0 added [ 865.867686][T11543] team0: Port device team_slave_1 added [ 866.238354][T11543] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 866.245710][T11543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.281790][T11543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 866.422615][T11543] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 866.429789][T11543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.456420][T11543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 867.105879][T11543] hsr_slave_0: entered promiscuous mode [ 867.143055][T11543] hsr_slave_1: entered promiscuous mode [ 867.169504][T11543] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 867.177732][T11543] Cannot create hsr debugfs directory [ 867.403974][ T3496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 867.412226][ T3496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 867.778277][ T3820] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 867.786646][ T3820] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 867.816127][ T5079] Bluetooth: hci0: command tx timeout [ 868.145888][T11633] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 868.575652][T11636] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 868.898375][T11543] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 868.989537][T11543] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 869.064862][T11543] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 869.174003][T11543] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 869.516058][ T5079] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 870.408142][T11662] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 870.545403][T11662] bond4: entered promiscuous mode [ 870.818164][T11543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 870.972475][T11662] 8021q: adding VLAN 0 to HW filter on device bond5 [ 870.995584][T11662] bond4: (slave bond5): Enslaving as an active interface with a down link [ 871.095598][T11667] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 871.364241][T11667] bond4 (unregistering): (slave bond5): Releasing active interface [ 871.421799][T11667] bond4 (unregistering): Released all slaves [ 871.814882][T11672] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 871.841505][T11543] 8021q: adding VLAN 0 to HW filter on device team0 [ 872.060125][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 872.067940][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 872.083813][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 872.091580][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 872.118539][T11671] team0: Device ip6gre0 is of different type [ 872.482920][T11679] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 872.893308][T11685] No control pipe specified [ 873.462149][ T5079] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 874.082462][T11543] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 874.583815][T11713] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 875.875902][T11725] No control pipe specified [ 876.662069][T11730] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 876.804048][ T5079] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 877.274684][T11746] netem: unknown loss type 8 [ 877.279495][T11746] netem: change failed [ 877.569333][T11543] veth0_vlan: entered promiscuous mode [ 877.662431][T11752] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 877.685667][T11543] veth1_vlan: entered promiscuous mode [ 877.883891][T11753] team0: Device veth1_to_bridge is up. Set it down before adding it as a team port [ 878.030154][T11543] veth0_macvtap: entered promiscuous mode [ 878.100692][T11543] veth1_macvtap: entered promiscuous mode [ 878.315382][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 878.327376][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.337989][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 878.352031][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.363113][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 878.373809][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.383968][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 878.394683][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.397982][T11758] No control pipe specified [ 878.409860][T11543] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 878.663567][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 878.674362][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.684477][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 878.696647][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.706752][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 878.717469][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.727689][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 878.738444][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.748558][T11543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 878.762858][T11543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 878.778969][T11543] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 878.913863][T11543] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 878.923192][T11543] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 878.932408][T11543] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 878.941535][T11543] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 879.383018][T11773] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 879.688971][ T5079] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 881.894375][T11810] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 882.199917][ T5079] Bluetooth: hci5: ACL packet for unknown connection handle 0 [ 883.795428][T11848] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 884.368898][ T5079] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 884.461956][ T3820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 884.470106][ T3820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 884.708008][ T3820] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 884.716361][ T3820] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 885.992774][T11878] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 891.205242][T11978] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 891.343066][T11980] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 891.416640][T11980] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 895.087163][ T1220] ieee802154 phy0 wpan0: encryption failed: -22 [ 895.093932][ T1220] ieee802154 phy1 wpan1: encryption failed: -22 [ 895.660620][T12059] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 896.357187][T12069] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 897.567577][T12092] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 898.458732][T12108] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 899.828876][T12131] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 900.660097][T12142] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 902.095460][T12159] loop3: detected capacity change from 0 to 1024 [ 902.175765][T12159] hfsplus: bad catalog entry type [ 902.826182][T12175] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 903.434370][T12184] loop4: detected capacity change from 0 to 1024 [ 903.814346][T12189] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 904.661974][T12203] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 905.094377][ T29] audit: type=1800 audit(1717247444.122:150): pid=12196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1953 res=0 errno=0 [ 905.116827][ T29] audit: type=1804 audit(1717247444.122:151): pid=12196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2293962250/syzkaller.pN95hS/108/bus" dev="sda1" ino=1953 res=1 errno=0 [ 905.143653][ T29] audit: type=1804 audit(1717247444.132:152): pid=12196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2293962250/syzkaller.pN95hS/108/bus" dev="sda1" ino=1953 res=1 errno=0 [ 906.651543][T12227] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 906.801525][T12222] loop3: detected capacity change from 0 to 1764 [ 907.399186][T12207] Bluetooth: hci1: command 0x0406 tx timeout [ 907.758028][T12239] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 908.283253][T12243] loop4: detected capacity change from 0 to 512 [ 908.388339][T12243] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2250: inode #15: comm syz-executor.4: corrupted in-inode xattr: invalid ea_ino [ 908.483830][T12243] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 908.558598][T12243] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 908.930552][T12243] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 908.983596][T12255] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 909.506466][T12264] Bluetooth: MGMT ver 1.22 [ 909.511396][T12264] Bluetooth: hci3: unsupported parameter 65535 [ 909.517776][T12264] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 909.654115][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 910.313721][T12272] loop2: detected capacity change from 0 to 1024 [ 910.358581][T12272] EXT4-fs: Ignoring removed orlov option [ 910.389654][T12272] EXT4-fs (loop2): Test dummy encryption mode enabled [ 910.428517][T12272] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 910.583540][T12272] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 910.871831][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 911.455504][T12291] loop4: detected capacity change from 0 to 512 [ 911.548695][T12291] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2250: inode #15: comm syz-executor.4: corrupted in-inode xattr: invalid ea_ino [ 911.622980][T12291] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 911.705483][T12291] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 911.727961][T12297] Bluetooth: hci3: unsupported parameter 65535 [ 911.740618][T12297] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 912.034000][T12301] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 912.162269][T12291] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 913.213551][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 914.356342][T12332] Bluetooth: hci3: unsupported parameter 65535 [ 914.363186][T12332] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 914.704849][T12337] loop3: detected capacity change from 0 to 512 [ 914.798074][T12337] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2250: inode #15: comm syz-executor.3: corrupted in-inode xattr: invalid ea_ino [ 914.899715][T12337] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 914.971443][T12337] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 915.329059][T12337] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 915.749072][T12347] loop4: detected capacity change from 0 to 4096 [ 915.861886][T12347] NILFS (loop4): invalid segment: Checksum error in segment payload [ 915.870182][T12347] NILFS (loop4): trying rollback from an earlier position [ 916.005534][T12347] NILFS (loop4): recovery complete [ 916.061595][T12350] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 916.451890][ T29] audit: type=1800 audit(1717247455.472:153): pid=12354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=12 res=0 errno=0 [ 916.538145][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 917.430114][T12366] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 918.009924][T12378] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 918.129581][T12380] loop2: detected capacity change from 0 to 512 [ 918.253166][T12380] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2250: inode #15: comm syz-executor.2: corrupted in-inode xattr: invalid ea_ino [ 918.336765][T12380] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 918.411724][T12380] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 918.989415][T12380] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 919.361298][T12406] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 919.960843][T12414] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 920.155745][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 921.307981][T12434] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 921.468763][T12439] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 923.165057][T12467] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 923.877081][T12473] overlayfs: overlapping lowerdir path [ 924.913903][ T8] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 925.321603][ T8] usb 3-1: New USB device found, idVendor=2040, idProduct=2900, bcdDevice=d4.52 [ 925.331104][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 925.391983][ T8] usb 3-1: config 0 descriptor?? [ 925.448308][ T8] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 925.557923][T12497] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 925.820683][ T1954] usb 3-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 925.831161][ T1954] usb 3-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 925.908897][ T8] usb 3-1: USB disconnect, device number 27 [ 926.103649][T12501] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 926.871511][ T5132] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 927.122035][ T5132] usb 1-1: Using ep0 maxpacket: 32 [ 927.282194][ T5132] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 927.295953][ T5132] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 927.306598][ T5132] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 927.316017][ T5132] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 927.402701][ T5132] hub 1-1:4.0: USB hub found [ 927.642560][ T5132] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 927.753547][T12523] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 927.990104][ T5132] usb 1-1: USB disconnect, device number 10 [ 928.083970][T12528] vxcan2: entered promiscuous mode [ 928.882120][ T5132] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 929.242874][ T5132] usb 1-1: New USB device found, idVendor=2040, idProduct=2900, bcdDevice=d4.52 [ 929.252759][ T5132] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 929.303778][ T5132] usb 1-1: config 0 descriptor?? [ 929.353281][ T5132] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 929.839148][ T5132] usb 1-1: USB disconnect, device number 11 [ 929.846354][ T5132] pvrusb2: Device being rendered inoperable [ 930.423810][T12563] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 931.003236][T12567] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 931.395201][ T779] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 931.663217][ T779] usb 4-1: Using ep0 maxpacket: 32 [ 931.792374][ T779] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 931.808413][ T779] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 931.820157][ T779] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 931.829723][ T779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 931.955865][ T779] hub 4-1:4.0: USB hub found [ 932.281742][ T779] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 932.652929][ T5132] usb 4-1: USB disconnect, device number 11 [ 933.257019][T12593] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 933.324994][ T5132] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 933.664397][T12599] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 933.732229][ T5132] usb 1-1: New USB device found, idVendor=2040, idProduct=2900, bcdDevice=d4.52 [ 933.741688][ T5132] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 933.808443][ T5132] usb 1-1: config 0 descriptor?? [ 933.903281][ T5132] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 934.384730][ T5132] usb 1-1: USB disconnect, device number 12 [ 934.392949][ T5132] pvrusb2: Device being rendered inoperable [ 935.500787][T12625] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 935.882323][T12629] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 936.114917][T12635] loop1: detected capacity change from 0 to 64 [ 937.241330][ T5132] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 937.611852][ T5132] usb 4-1: New USB device found, idVendor=2040, idProduct=2900, bcdDevice=d4.52 [ 937.621346][ T5132] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 937.666795][ T5132] usb 4-1: config 0 descriptor?? [ 937.744875][ T5132] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 937.940105][T12661] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 938.203409][ T5132] usb 4-1: USB disconnect, device number 12 [ 938.210420][ T5132] pvrusb2: Device being rendered inoperable [ 938.448351][T12667] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 938.581531][T12666] loop4: detected capacity change from 0 to 2048 [ 938.695452][T12666] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 939.287855][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 939.459745][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 939.900209][T12692] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 940.008876][T12689] loop3: detected capacity change from 0 to 2048 [ 940.190349][T12689] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 940.461741][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 940.732071][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 940.794614][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 940.861637][ T10] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 940.863759][T12704] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 940.872982][ T10] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 940.892561][ T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 940.901989][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 940.999447][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 941.006515][ T10] hub 1-1:4.0: USB hub found [ 941.281378][ T779] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 941.402305][ T10] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 941.589364][T12709] loop4: detected capacity change from 0 to 2048 [ 941.667626][T12709] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 941.702197][ T779] usb 2-1: New USB device found, idVendor=2040, idProduct=2900, bcdDevice=d4.52 [ 941.713485][ T779] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 941.819720][ T779] usb 2-1: config 0 descriptor?? [ 941.879401][ T779] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 941.983421][ T5137] usb 1-1: USB disconnect, device number 13 [ 942.035753][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 942.131164][ T779] usb 2-1: USB disconnect, device number 15 [ 942.138219][ T779] pvrusb2: Device being rendered inoperable [ 942.252864][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 943.237343][T12728] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 943.858552][T12738] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 944.001061][T12739] loop3: detected capacity change from 0 to 2048 [ 944.225701][T12739] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 944.646370][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 944.724382][T12745] loop1: detected capacity change from 0 to 2048 [ 944.847159][T12745] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 944.936883][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 945.371568][ T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 945.463793][T11285] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 945.662598][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 945.712306][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 945.803666][ T10] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 945.815141][ T10] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 945.825328][ T10] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 945.839303][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 945.944765][ T10] hub 5-1:4.0: USB hub found [ 946.119189][T12765] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 946.303064][ T10] hub 5-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 946.797629][ T10] usb 5-1: USB disconnect, device number 22 [ 946.826936][T12774] loop2: detected capacity change from 0 to 2048 [ 946.915408][T12774] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 947.441732][ T8259] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 947.698488][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 948.733489][T12800] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 949.505963][ T43] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 949.575534][T12811] loop2: detected capacity change from 0 to 2048 [ 949.707734][T12811] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 949.776713][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 949.922090][ T43] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 949.935205][ T43] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 949.945875][ T43] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 949.948462][ T8259] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1216: group 0, [ 949.955178][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 949.972562][ T8259] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 950.061289][ T43] hub 5-1:4.0: USB hub found [ 950.250334][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 950.386719][ T43] hub 5-1:4.0: config failed, can't read hub descriptor (err -22) [ 950.488486][ T43] usb 5-1: USB disconnect, device number 23 [ 951.184068][T12831] loop3: detected capacity change from 0 to 2048 [ 951.217779][T12836] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 951.291264][T12831] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 951.742553][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 952.065169][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 952.783286][T12860] loop3: detected capacity change from 0 to 2048 [ 952.901329][T12860] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 953.341921][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 953.564818][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 954.114527][T12878] Bluetooth: hci3: invalid length 0, exp 2 for type 8 [ 955.704734][T12886] loop4: detected capacity change from 0 to 4096 [ 955.759234][T12886] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 956.333885][T12886] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 956.531285][ T1220] ieee802154 phy0 wpan0: encryption failed: -22 [ 956.537966][ T1220] ieee802154 phy1 wpan1: encryption failed: -22 [ 957.634059][T12910] Bluetooth: hci3: invalid length 0, exp 2 for type 8 [ 958.461420][T12919] loop1: detected capacity change from 0 to 2048 [ 958.525479][T12919] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 958.895519][T11285] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 959.165594][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 959.594617][T12938] loop2: detected capacity change from 0 to 2048 [ 959.726195][T12938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 959.958564][T12953] Bluetooth: hci3: invalid length 0, exp 2 for type 8 [ 960.331632][ T8259] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 960.644527][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 960.796171][T12962] loop1: detected capacity change from 0 to 2048 [ 960.867231][T12962] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 961.435243][T11285] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 961.609297][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 962.173603][T12983] Bluetooth: hci3: invalid length 0, exp 2 for type 8 [ 963.711633][T12207] Bluetooth: hci2: command 0x0406 tx timeout [ 964.017988][T13003] loop3: detected capacity change from 0 to 2048 [ 964.228707][T13003] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 964.717998][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 964.860762][T13022] Bluetooth: hci3: invalid length 0, exp 2 for type 8 [ 964.998208][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 966.196117][ T5079] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 966.204941][ T5079] Bluetooth: hci0: Injecting HCI hardware error event [ 966.218169][T12207] Bluetooth: hci0: hardware error 0x00 [ 966.882105][ T43] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 967.096347][ T43] usb 2-1: device descriptor read/64, error -71 [ 967.167937][T13055] loop3: detected capacity change from 0 to 2048 [ 967.279599][T13055] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 967.357745][T13062] Bluetooth: hci3: invalid length 0, exp 2 for type 8 [ 967.431747][ T43] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 967.636544][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 967.676329][ T43] usb 2-1: device descriptor read/64, error -71 [ 967.834957][ T43] usb usb2-port1: attempt power cycle [ 967.853485][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 968.271387][T12207] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 968.278069][ T43] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 968.402188][ T43] usb 2-1: device descriptor read/8, error -71 [ 968.624208][T13076] loop2: detected capacity change from 0 to 2048 [ 968.658506][T13076] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 968.701845][ T43] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 968.713213][T13080] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 968.756598][T13076] NILFS (loop2): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 968.769683][T13076] NILFS error (device loop2): nilfs_bmap_last_key: broken bmap (inode number=16) [ 968.831829][ T43] usb 2-1: device descriptor read/8, error -71 [ 968.833962][T13076] Remounting filesystem read-only [ 968.843678][T13076] NILFS (loop2): error -5 truncating bmap (ino=16) [ 968.975454][ T43] usb usb2-port1: unable to enumerate USB device [ 969.053767][ T8259] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 969.061901][ T8259] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [ 969.069427][ T8259] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 969.083355][ T8259] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 969.093321][ T8259] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 969.165493][ T8259] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 969.845537][T13100] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 970.125819][T13098] loop3: detected capacity change from 0 to 2048 [ 970.360409][T13098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 970.596000][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 970.821683][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 972.050336][T13135] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 974.396538][T13176] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 974.970799][ T29] audit: type=1326 audit(1717247514.022:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13178 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ff579 code=0x7ffc0000 [ 974.994426][ T29] audit: type=1326 audit(1717247514.042:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13178 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73ff579 code=0x7ffc0000 [ 975.019228][ T29] audit: type=1326 audit(1717247514.062:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13178 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ff579 code=0x7ffc0000 [ 975.042661][ T29] audit: type=1326 audit(1717247514.082:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13178 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf73ff579 code=0x7ffc0000 [ 975.065968][ T29] audit: type=1326 audit(1717247514.082:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13178 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ff579 code=0x7ffc0000 [ 975.089147][ T29] audit: type=1326 audit(1717247514.082:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13178 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf73ff579 code=0x7ffc0000 [ 975.112259][ T29] audit: type=1326 audit(1717247514.082:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13178 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ff579 code=0x7ffc0000 [ 975.798179][T13188] loop2: detected capacity change from 0 to 2048 [ 975.921131][T13188] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 976.272862][ T8259] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 976.396377][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 976.805449][T13211] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 977.363878][T13220] netlink: 'syz-executor.0': attribute type 12 has an invalid length. [ 977.395414][T13218] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 978.390531][T13232] loop3: detected capacity change from 0 to 2048 [ 978.576236][T13232] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 978.759231][T13243] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 979.019290][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 979.228284][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 980.141058][T13264] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 980.895218][T13279] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 982.333598][T13302] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 983.064591][T13308] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 983.581366][T13311] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 984.335717][T13327] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 984.618591][T13325] loop3: detected capacity change from 0 to 2048 [ 984.830272][T13325] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 985.015468][ T29] audit: type=1326 audit(1717247524.042:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13318 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747a579 code=0x7fc00000 [ 985.059440][T13325] overlayfs: failed to resolve './file0': -2 [ 985.245660][T13336] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 985.473732][ T8183] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 985.724103][ T8183] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 986.311618][T13347] loop3: detected capacity change from 0 to 256 [ 986.323115][T13348] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 986.507197][T13347] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 987.071923][T13352] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 987.322786][ T1954] pvrusb2: request_firmware fatal error with code=-110 [ 987.329860][ T1954] pvrusb2: Failure uploading firmware1 [ 987.335734][ T1954] pvrusb2: Device initialization was not successful. [ 987.342717][ T1954] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 987.353066][ T1954] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 987.362836][ T8] pvrusb2: Device being rendered inoperable [ 987.907780][T13361] loop4: detected capacity change from 0 to 512 [ 988.004202][T13361] EXT4-fs (loop4): 1 truncate cleaned up [ 988.010112][T13361] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 988.664052][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 988.709541][T13368] overlayfs: failed to resolve './file0': -2 [ 988.925785][T13375] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 989.109594][T13378] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 989.493331][T13383] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 990.107440][T13390] loop2: detected capacity change from 0 to 64 [ 991.225683][T13407] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 991.342418][T13404] overlayfs: failed to resolve './file0': -2 [ 991.751512][T13411] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 991.905647][T13415] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 992.718541][T13426] loop2: detected capacity change from 0 to 64 [ 993.575373][T13434] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 993.872331][T13441] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 994.241934][T13438] overlayfs: failed to resolve './file1': -2 [ 994.759654][T13454] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 995.276465][T13460] loop3: detected capacity change from 0 to 64 [ 996.486913][T13472] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 996.922421][T13478] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 997.104512][T13476] loop1: detected capacity change from 0 to 2048 [ 997.398833][T13476] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 997.406986][T13481] overlayfs: failed to resolve './file1': -2 [ 998.062847][T13497] Bluetooth: hci3: invalid length 0, exp 2 for type 9 [ 998.283249][T13489] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 998.781650][T13504] loop2: detected capacity change from 0 to 64 [ 999.135697][T13511] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 999.572111][T13517] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1000.737570][T13526] loop4: detected capacity change from 0 to 2048 [ 1000.809921][T13526] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1000.990066][T13526] overlayfs: failed to resolve './file1': -2 [ 1001.270593][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1001.397647][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1002.094235][T13551] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 1002.750147][T13561] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 1003.272772][T13570] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1003.981639][T13578] loop4: detected capacity change from 0 to 2048 [ 1004.115709][T13583] overlayfs: failed to resolve './file0': -2 [ 1004.256521][T13578] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1004.790799][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1004.835343][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1004.925752][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1005.641456][T13608] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 1006.070321][ T29] audit: type=1800 audit(1717247545.122:162): pid=13615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1948 res=0 errno=0 [ 1006.092224][ T29] audit: type=1800 audit(1717247545.142:163): pid=13615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1948 res=0 errno=0 [ 1006.201683][T13619] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1006.818663][T13628] loop2: detected capacity change from 0 to 2048 [ 1008.144108][T13652] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 1008.781595][ T29] audit: type=1800 audit(1717247547.802:164): pid=13663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1937 res=0 errno=0 [ 1008.803549][ T29] audit: type=1800 audit(1717247547.812:165): pid=13663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1937 res=0 errno=0 [ 1009.056892][T13667] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1010.203467][T13686] loop1: detected capacity change from 0 to 2048 [ 1010.422585][T13686] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1010.582419][T13686] overlay: ./file1 is not a directory [ 1010.841512][T13702] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 1011.003257][T11285] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1011.310715][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1011.620402][ T29] audit: type=1800 audit(1717247550.632:166): pid=13712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1937 res=0 errno=0 [ 1011.643519][ T29] audit: type=1800 audit(1717247550.652:167): pid=13712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1937 res=0 errno=0 [ 1011.789855][T13714] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1013.594427][T13737] loop4: detected capacity change from 0 to 2048 [ 1013.748736][T13737] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1013.892305][T13737] overlay: ./file0 is not a directory [ 1014.077147][T13749] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 1014.216474][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1014.447210][ T29] audit: type=1800 audit(1717247553.482:168): pid=13754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1936 res=0 errno=0 [ 1014.468982][ T29] audit: type=1800 audit(1717247553.512:169): pid=13754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1936 res=0 errno=0 [ 1014.817653][T13764] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1016.203210][T13785] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 1017.195607][ T29] audit: type=1800 audit(1717247556.232:170): pid=13794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1935 res=0 errno=0 [ 1017.219167][ T29] audit: type=1800 audit(1717247556.242:171): pid=13794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1935 res=0 errno=0 [ 1017.587787][T13796] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1017.999517][ T1220] ieee802154 phy0 wpan0: encryption failed: -22 [ 1018.007274][ T1220] ieee802154 phy1 wpan1: encryption failed: -22 [ 1018.926294][T13811] loop1: detected capacity change from 0 to 2048 [ 1020.410559][T13834] loop1: detected capacity change from 0 to 2048 [ 1020.630717][T13834] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1020.717159][T13834] overlay: ./file0 is not a directory [ 1021.117600][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1021.192862][T13847] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1024.855079][T13884] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1028.141984][T13928] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1029.987548][ T5079] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1029.997986][ T5079] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1030.027439][ T5079] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1030.062737][ T5079] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1030.077379][ T5079] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1030.094615][ T5079] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1031.254745][ T3174] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.357548][T13947] chnl_net:caif_netlink_parms(): no params data found [ 1031.423582][ T3174] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.630294][ T3174] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1031.863566][ T3174] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1032.191259][ T5079] Bluetooth: hci4: command tx timeout [ 1032.317727][ T3174] bridge_slave_1: left allmulticast mode [ 1032.324211][ T3174] bridge_slave_1: left promiscuous mode [ 1032.330459][ T3174] bridge0: port 2(bridge_slave_1) entered disabled state [ 1032.362264][ T3174] bridge_slave_0: left allmulticast mode [ 1032.368101][ T3174] bridge_slave_0: left promiscuous mode [ 1032.374630][ T3174] bridge0: port 1(bridge_slave_0) entered disabled state [ 1033.187027][ T3174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1033.272586][ T3174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1033.326937][ T3174] bond0 (unregistering): Released all slaves [ 1033.347095][ T3174] bond1 (unregistering): Released all slaves [ 1033.366868][ T3174] bond2 (unregistering): Released all slaves [ 1033.388927][ T3174] bond3 (unregistering): Released all slaves [ 1033.409789][ T3174] bond5 (unregistering): Released all slaves [ 1033.430830][ T3174] bond4 (unregistering): Released all slaves [ 1034.230516][T13947] bridge0: port 1(bridge_slave_0) entered blocking state [ 1034.239042][T13947] bridge0: port 1(bridge_slave_0) entered disabled state [ 1034.247005][T13947] bridge_slave_0: entered allmulticast mode [ 1034.256350][T13947] bridge_slave_0: entered promiscuous mode [ 1034.274545][ T5079] Bluetooth: hci4: command tx timeout [ 1034.402155][T13992] loop2: detected capacity change from 0 to 2048 [ 1034.437331][T13947] bridge0: port 2(bridge_slave_1) entered blocking state [ 1034.445306][T13947] bridge0: port 2(bridge_slave_1) entered disabled state [ 1034.453197][T13947] bridge_slave_1: entered allmulticast mode [ 1034.462452][T13947] bridge_slave_1: entered promiscuous mode [ 1034.579614][T13992] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1034.645572][ T3174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1034.653527][ T3174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1034.688805][ T3174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1034.696760][ T3174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1034.700606][T13992] overlay: ./file0 is not a directory [ 1034.748929][ T3174] veth1_macvtap: left promiscuous mode [ 1034.754903][ T3174] veth0_macvtap: left promiscuous mode [ 1034.760785][ T3174] veth1_vlan: left promiscuous mode [ 1034.766826][ T3174] veth0_vlan: left promiscuous mode [ 1034.987333][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1035.685358][ T3174] team0 (unregistering): Port device team_slave_1 removed [ 1035.733402][ T3174] team0 (unregistering): Port device team_slave_0 removed [ 1036.137152][T13947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1036.258065][T13947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1036.352284][ T5079] Bluetooth: hci4: command tx timeout [ 1036.487730][T13947] team0: Port device team_slave_0 added [ 1036.548145][T13947] team0: Port device team_slave_1 added [ 1036.749648][T13947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1036.757050][T13947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1036.787995][T13947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1036.933345][T13947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1036.940513][T13947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1036.971584][T13947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1037.345205][T13947] hsr_slave_0: entered promiscuous mode [ 1037.395282][T13947] hsr_slave_1: entered promiscuous mode [ 1037.416243][T13947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1037.424357][T13947] Cannot create hsr debugfs directory [ 1037.861686][T14034] loop1: detected capacity change from 0 to 2048 [ 1038.088251][T14034] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1038.242096][T14034] overlay: ./file0 is not a directory [ 1038.432475][ T5079] Bluetooth: hci4: command tx timeout [ 1038.725420][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1038.986642][T13947] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1039.044299][T13947] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1039.109125][T13947] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1039.190615][T13947] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1040.488942][T13947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1040.680468][T13947] 8021q: adding VLAN 0 to HW filter on device team0 [ 1040.782353][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state [ 1040.790021][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1040.870719][ T5138] bridge0: port 2(bridge_slave_1) entered blocking state [ 1040.878535][ T5138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1041.396869][T14080] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1041.468122][T14076] loop1: detected capacity change from 0 to 2048 [ 1041.541750][T14080] team0: Port device bridge1 added [ 1041.621120][T14076] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1041.649862][T14076] overlay: ./file0 is not a directory [ 1041.785438][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1042.913493][T13947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1043.281282][T13947] veth0_vlan: entered promiscuous mode [ 1043.374678][T13947] veth1_vlan: entered promiscuous mode [ 1043.601387][ T43] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1043.726420][T13947] veth0_macvtap: entered promiscuous mode [ 1043.778974][T13947] veth1_macvtap: entered promiscuous mode [ 1043.884023][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 1043.916262][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.928104][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.939534][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.950343][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.963730][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.975859][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.985944][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.996729][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.011881][T13947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1044.111871][ T43] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1044.122077][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1044.171398][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.182163][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.192341][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.203358][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.213683][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.224911][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.236754][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.247627][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.257745][T13947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.270152][T13947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.285219][T13947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1044.306625][ T43] usb 1-1: config 0 descriptor?? [ 1044.325947][T14115] loop2: detected capacity change from 0 to 2048 [ 1044.341772][T13947] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.350817][T13947] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.363470][T13947] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.372587][T13947] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.466797][T14115] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1044.513311][T14118] loop4: detected capacity change from 0 to 16 [ 1044.618705][T14118] erofs: (device loop4): mounted with root inode @ nid 36. [ 1044.744499][T14125] overlay: ./file0 is not a directory [ 1044.884534][ T43] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1044.895891][ T43] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 1044.906913][ T43] asix 1-1:0.0: probe with driver asix failed with error -71 [ 1044.997640][ T43] usb 1-1: USB disconnect, device number 14 [ 1045.189516][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1045.331429][T14131] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1045.546116][T14131] team0: Port device bridge2 added [ 1047.491165][ T5138] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1047.782616][T14170] loop1: detected capacity change from 0 to 2048 [ 1047.882693][ T5138] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1047.896193][ T5138] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 1047.906005][ T5138] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1047.939300][T14170] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1048.001782][ T5138] usb 3-1: config 0 descriptor?? [ 1048.087427][ T5138] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1048.096530][T14181] overlay: ./file0 is not a directory [ 1048.353849][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1048.554750][ T25] usb 3-1: USB disconnect, device number 28 [ 1049.024679][T14193] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1049.158041][T14193] team0: Port device bridge1 added [ 1049.478507][ T3174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1049.487039][ T3174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1049.619139][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1049.628108][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1050.474951][ T5138] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 1050.872581][ T5138] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1050.884206][ T5138] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1050.899014][ T5138] usb 1-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 1050.909703][ T5138] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1050.935661][T14215] loop4: detected capacity change from 0 to 2048 [ 1050.962030][ T5138] usb 1-1: config 0 descriptor?? [ 1051.040285][T14215] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1051.091226][ T43] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1051.208327][T14226] overlay: ./file0 is not a directory [ 1051.381557][ T43] usb 3-1: Using ep0 maxpacket: 8 [ 1051.502148][ T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1051.514630][ T43] usb 3-1: config 0 has no interfaces? [ 1051.520727][ T43] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1051.530179][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1051.613561][ T43] usb 3-1: config 0 descriptor?? [ 1051.615778][ T5138] wacom 0003:056A:0043.0015: Unknown device_type for 'HID 056a:0043'. Assuming pen. [ 1051.645735][ T5138] wacom 0003:056A:0043.0015: hidraw0: USB HID v0.00 Device [HID 056a:0043] on usb-dummy_hcd.0-1/input0 [ 1051.655860][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1051.660044][ T5138] input: Wacom Intuos2 9x12 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:0043.0015/input/input14 [ 1051.800799][ T5138] usb 1-1: USB disconnect, device number 15 [ 1051.801826][T14230] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1051.866906][T14231] team0: Device sit0 is of different type [ 1052.002413][ T43] usb 3-1: USB disconnect, device number 29 [ 1053.945540][T14262] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1054.098702][T14262] team0: Port device bridge2 added [ 1054.773271][ T43] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1055.381455][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1055.394218][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1055.407215][ T43] usb 4-1: New USB device found, idVendor=056a, idProduct=0043, bcdDevice= 0.00 [ 1055.416916][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1055.478200][ T43] usb 4-1: config 0 descriptor?? [ 1056.087053][ T43] wacom 0003:056A:0043.0016: Unknown device_type for 'HID 056a:0043'. Assuming pen. [ 1056.148041][ T43] wacom 0003:056A:0043.0016: hidraw0: USB HID v0.00 Device [HID 056a:0043] on usb-dummy_hcd.3-1/input0 [ 1056.163468][ T43] input: Wacom Intuos2 9x12 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0043.0016/input/input17 [ 1056.471359][ T43] usb 4-1: USB disconnect, device number 13 [ 1056.570345][T14302] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1056.636945][T14299] loop4: detected capacity change from 0 to 2048 [ 1056.695389][T14299] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1056.740661][T14302] team0: Port device bridge2 added [ 1056.849539][T14299] overlay: ./file1 is not a directory [ 1057.070125][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1057.298719][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1057.663339][T14311] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1058.226659][T14322] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1059.140191][T14335] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1059.251447][T14335] team0: Device vxcan0 is of different type [ 1060.514413][T14352] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1060.980489][T14360] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1061.539957][T14366] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1061.808859][T14366] team0: Port device bridge3 added [ 1062.180310][T14373] loop3: detected capacity change from 0 to 2048 [ 1062.317488][T14373] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1062.501243][T14373] overlayfs: failed to resolve './file1': -2 [ 1062.874177][T13947] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1062.952055][T14386] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1063.058854][T13947] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1063.249785][T14393] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1063.856519][T14401] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1064.048413][T14401] team0: Port device bridge3 added [ 1064.978111][T14418] loop4: detected capacity change from 0 to 2048 [ 1065.095394][T14418] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1065.211693][T14418] overlayfs: failed to resolve './file1': -2 [ 1065.519104][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1065.642434][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1065.700360][T14429] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1066.405058][T14441] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1066.635394][T14441] team0: Port device bridge5 added [ 1068.439652][T14459] loop3: detected capacity change from 0 to 2048 [ 1068.623634][T14459] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1068.778793][T14459] overlayfs: failed to resolve './file1': -2 [ 1069.013288][T13947] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1069.079081][T14467] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1069.190368][T13947] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1070.851627][T14480] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1071.030298][T14481] team0: Port device bridge4 added [ 1072.770417][T14495] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1072.916469][T14496] loop4: detected capacity change from 0 to 2048 [ 1073.025179][T14496] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1073.137558][T14496] overlayfs: failed to resolve './file0': -2 [ 1073.328935][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1073.548517][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1074.133653][T14518] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1074.343799][T14518] team0: Port device bridge4 added [ 1074.362631][ T43] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 1074.562879][T14524] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1074.641572][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 1074.772106][ T43] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 1074.783122][ T43] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1074.792582][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1074.914669][ T43] usb 1-1: config 0 descriptor?? [ 1074.944045][T14514] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1075.008804][ T43] hub 1-1:0.0: bad descriptor, ignoring hub [ 1075.015249][ T43] hub 1-1:0.0: probe with driver hub failed with error -5 [ 1075.029259][ T43] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1075.281681][T14530] Illegal XDP return value 4294966772 on prog (id 526) dev syz_tun, expect packet loss! [ 1075.492684][T14535] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1076.088858][T14543] loop1: detected capacity change from 0 to 2048 [ 1076.160001][T14543] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1076.248716][T14543] overlayfs: failed to resolve './file0': -2 [ 1076.263824][ T43] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1076.552289][ T43] usb 3-1: Using ep0 maxpacket: 8 [ 1076.552540][T11285] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1076.613728][T14556] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1076.692653][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1076.711743][ T43] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 1076.721213][ T43] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 1076.755852][T14556] team0: Port device bridge5 added [ 1076.942239][ T43] usb 3-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 1076.952486][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1076.960725][ T43] usb 3-1: Product: syz [ 1076.965176][ T43] usb 3-1: Manufacturer: syz [ 1076.969988][ T43] usb 3-1: SerialNumber: syz [ 1077.027927][ T43] usb 3-1: config 0 descriptor?? [ 1077.053251][T14546] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1077.089476][ T43] powermate 3-1:0.0: probe with driver powermate failed with error -22 [ 1077.321200][ T43] usb 3-1: USB disconnect, device number 30 [ 1077.333027][ T5138] usb 1-1: USB disconnect, device number 16 [ 1077.442048][T14563] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1078.491939][T14573] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1079.141709][T14582] process 'syz-executor.4' launched '/dev/fd/6' with NULL argv: empty string added [ 1079.429406][ T1220] ieee802154 phy0 wpan0: encryption failed: -22 [ 1079.436424][ T1220] ieee802154 phy1 wpan1: encryption failed: -22 [ 1079.441770][T14583] loop2: detected capacity change from 0 to 2048 [ 1079.633289][T14583] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1079.818960][T14583] overlayfs: failed to resolve './file0': -2 [ 1079.852643][T14590] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1080.122439][ T29] audit: type=1326 audit(1717247619.172:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14591 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 1080.145797][ T29] audit: type=1326 audit(1717247619.172:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14591 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=424 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 1080.159614][ T8259] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1216: group 0, [ 1080.168706][ T29] audit: type=1326 audit(1717247619.182:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14591 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 1080.168714][ T8259] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1080.168940][ T29] audit: type=1326 audit(1717247619.182:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14591 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000 [ 1080.233302][T14590] team0: Port device bridge6 added [ 1080.379885][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1081.037081][T14608] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1081.114451][ T779] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1081.384726][ T779] usb 5-1: Using ep0 maxpacket: 32 [ 1081.521667][ T779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1081.533279][ T779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1081.543432][ T779] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1081.556725][ T779] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 1081.566311][ T779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1081.616470][ T779] usb 5-1: config 0 descriptor?? [ 1082.117189][ T779] ntrig 0003:1B96:000A.0017: unknown main item tag 0x0 [ 1082.119966][T14613] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1082.132052][ T779] ntrig 0003:1B96:000A.0017: unknown main item tag 0x0 [ 1082.145353][ T779] ntrig 0003:1B96:000A.0017: unknown main item tag 0x0 [ 1082.152619][ T779] ntrig 0003:1B96:000A.0017: unknown main item tag 0x0 [ 1082.159759][ T779] ntrig 0003:1B96:000A.0017: unknown main item tag 0x0 [ 1082.236012][ T779] ntrig 0003:1B96:000A.0017: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.4-1/input0 [ 1082.437612][ T779] ntrig 0003:1B96:000A.0017: Firmware version: 1.9.12.48.0 (a5f3 189e) [ 1082.601927][ T779] usb 5-1: USB disconnect, device number 24 [ 1083.335971][ T25] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1083.431440][T14625] loop2: detected capacity change from 0 to 2048 [ 1083.617665][T14625] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1083.631555][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 1083.765066][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1083.776754][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1083.787234][ T25] usb 1-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 1083.796729][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1083.856922][ T25] usb 1-1: config 0 descriptor?? [ 1084.087096][ T8259] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1084.123494][T14635] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1084.234831][T14635] team0: Device wlan0 is up. Set it down before adding it as a team port [ 1084.311452][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1084.385185][ T25] elo 0003:04E7:0009.0018: unknown main item tag 0x0 [ 1084.392390][ T25] elo 0003:04E7:0009.0018: unknown main item tag 0x0 [ 1084.399380][ T25] elo 0003:04E7:0009.0018: unknown main item tag 0x0 [ 1084.406446][ T25] elo 0003:04E7:0009.0018: unknown main item tag 0x0 [ 1084.413528][ T25] elo 0003:04E7:0009.0018: unknown main item tag 0x0 [ 1084.420502][ T25] elo 0003:04E7:0009.0018: unknown main item tag 0x0 [ 1084.427577][ T25] elo 0003:04E7:0009.0018: unknown main item tag 0x0 [ 1084.493829][ T25] elo 0003:04E7:0009.0018: hidraw0: USB HID v0.00 Device [HID 04e7:0009] on usb-dummy_hcd.0-1/input0 [ 1084.603600][ T779] usb 1-1: USB disconnect, device number 17 [ 1085.116559][T14647] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1086.158304][T14663] loop3: detected capacity change from 0 to 2048 [ 1086.265755][T14663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1086.368517][T14670] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1086.585080][T13947] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1086.602810][T14673] capability: warning: `syz-executor.4' uses deprecated v2 capabilities in a way that may be insecure [ 1086.648315][T14670] team0: Port device bridge7 added [ 1086.729084][T13947] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1087.262603][T14685] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1087.324254][T14687] syz-executor.3 (pid 14687) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 1088.578378][T14705] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1088.638811][T14702] loop1: detected capacity change from 0 to 2048 [ 1088.810330][T14702] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1088.978856][T14712] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1089.131491][T14712] team0: Port device bridge1 added [ 1089.304138][T11285] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1089.538117][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1090.072388][T14720] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1090.669834][ T43] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 1091.100333][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1091.111820][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1091.125266][ T43] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1091.136504][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1091.197378][ T43] usb 2-1: config 0 descriptor?? [ 1091.720217][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.728276][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.736308][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.744115][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.755055][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.763263][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.771025][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.778689][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.786528][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.797394][ T43] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1091.805738][ T43] plantronics 0003:047F:FFFF.0019: unbalanced collection at end of report description [ 1092.036450][ T43] plantronics 0003:047F:FFFF.0019: parse failed [ 1092.043444][ T43] plantronics 0003:047F:FFFF.0019: probe with driver plantronics failed with error -22 [ 1092.152297][ T43] usb 2-1: USB disconnect, device number 20 [ 1092.215409][T14741] loop3: detected capacity change from 0 to 2048 [ 1092.377677][T14741] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1092.689056][T13947] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1092.873824][T13947] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1093.004054][T14750] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1093.119755][T14754] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1093.204339][T14750] team0: Port device bridge7 added [ 1093.296846][T14754] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1094.944737][T14779] loop4: detected capacity change from 0 to 2048 [ 1095.112937][T14779] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1095.632998][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1095.724640][T14795] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1095.853576][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1095.903187][T14797] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1096.177917][T14800] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1096.523519][T14806] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1096.755240][T14806] team0: Port device bridge9 added [ 1098.314949][T14830] loop1: detected capacity change from 0 to 2048 [ 1098.407918][T14830] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1098.629215][T14840] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1098.797643][T11285] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1098.905194][T14840] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1098.984782][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1099.274707][T14846] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1101.302571][T14867] loop4: detected capacity change from 0 to 2048 [ 1101.427697][T14867] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1101.608951][T14875] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1101.971567][ T779] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1102.118195][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1102.233042][ T779] usb 2-1: Using ep0 maxpacket: 16 [ 1102.338637][T14885] devtmpfs: Too few inodes for current use [ 1102.378920][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1102.572423][ T779] usb 2-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=99.81 [ 1102.582012][ T779] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1102.590253][ T779] usb 2-1: Product: syz [ 1102.594842][ T779] usb 2-1: Manufacturer: syz [ 1102.599672][ T779] usb 2-1: SerialNumber: syz [ 1102.652344][ T779] usb 2-1: config 0 descriptor?? [ 1102.702315][ T779] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1102.718924][ T779] ftdi_sio ttyUSB0: unknown device type: 0x9981 [ 1103.015492][T14890] loop2: detected capacity change from 0 to 1024 [ 1104.177909][ T5132] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1104.441583][ T5132] usb 3-1: Using ep0 maxpacket: 16 [ 1104.472025][T14907] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1104.761710][ T5132] usb 3-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=99.81 [ 1104.771382][ T5132] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1104.779641][ T5132] usb 3-1: Product: syz [ 1104.784144][ T5132] usb 3-1: Manufacturer: syz [ 1104.788970][ T5132] usb 3-1: SerialNumber: syz [ 1104.825689][ T43] usb 2-1: USB disconnect, device number 21 [ 1104.833598][ T43] ftdi_sio 2-1:0.0: device disconnected [ 1104.843731][ T5132] usb 3-1: config 0 descriptor?? [ 1104.895882][ T5132] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1104.905204][ T5132] ftdi_sio ttyUSB0: unknown device type: 0x9981 [ 1105.129165][T14913] devtmpfs: Too few inodes for current use [ 1105.134162][ T779] usb 3-1: USB disconnect, device number 31 [ 1105.143129][ T779] ftdi_sio 3-1:0.0: device disconnected [ 1105.322107][T14912] loop4: detected capacity change from 0 to 2048 [ 1105.495449][T14912] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1105.811550][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1106.834552][T14940] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1107.566170][ T5079] Bluetooth: hci2: unexpected cc 0x2027 length: 2 > 1 [ 1107.573460][ T5079] Bluetooth: hci2: unexpected event for opcode 0x2027 [ 1107.659410][T14948] loop3: detected capacity change from 0 to 2048 [ 1107.807450][T14948] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1108.110814][ T5079] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 1108.463155][T13947] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1108.597839][T13947] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1110.699178][T14978] netlink: 'syz-executor.1': attribute type 64 has an invalid length. [ 1110.708112][T14978] netlink: 196 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1110.737893][T14977] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1111.631827][ T5079] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1111.640494][ T5079] Bluetooth: hci2: Injecting HCI hardware error event [ 1111.648454][ T5079] Bluetooth: hci2: hardware error 0x00 [ 1111.699095][T14987] loop4: detected capacity change from 0 to 2048 [ 1111.786983][T14993] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1111.889236][T14987] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1112.004779][T14987] overlayfs: missing 'lowerdir' [ 1112.366378][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1112.538114][T11543] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1113.115166][T15015] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1113.711339][ T5079] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1113.723730][T15023] loop3: detected capacity change from 0 to 256 [ 1113.899463][ T29] audit: type=1800 audit(1717247652.942:176): pid=15023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=1048674 res=0 errno=0 [ 1114.981553][T15042] loop2: detected capacity change from 0 to 2048 [ 1115.116618][T15042] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1115.202118][T15042] overlayfs: missing 'lowerdir' [ 1115.523728][ T8259] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1115.765999][ T8259] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1117.556552][T15068] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1118.516319][T15076] sit0: entered allmulticast mode [ 1118.622154][T15076] sit0: entered promiscuous mode [ 1119.763486][T15092] overlayfs: missing 'lowerdir' [ 1120.661442][T15109] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1121.389609][T15119] sit0: entered allmulticast mode [ 1121.528214][T15119] sit0: entered promiscuous mode [ 1122.288073][T15129] loop3: detected capacity change from 0 to 2048 [ 1122.352660][T15129] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1122.566610][T15129] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1122.581320][T15129] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1122.928541][T13947] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1123.133132][T13947] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1123.271808][T15144] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1125.466406][T15170] loop1: detected capacity change from 0 to 2048 [ 1125.633939][T15170] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1125.707444][T15170] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1125.717723][T15170] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1125.732925][T15178] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1216: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1126.119229][T11285] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1126.205461][T15183] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1126.303618][T15185] syz-executor.3[15185] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1126.304208][T15185] syz-executor.3[15185] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1127.703888][T15201] ===================================================== [ 1127.722962][T15201] BUG: KMSAN: uninit-value in strnchr+0x90/0xd0 [ 1127.729394][T15201] strnchr+0x90/0xd0 [ 1127.733461][T15201] bpf_bprintf_prepare+0x1c2/0x23c0 [ 1127.738855][T15201] bpf_trace_printk+0xec/0x3e0 [ 1127.743800][T15201] ___bpf_prog_run+0x13fe/0xe0f0 [ 1127.748904][T15201] __bpf_prog_run32+0xb2/0xe0 [ 1127.753745][T15201] bpf_trace_run2+0x116/0x300 [ 1127.758576][T15201] __bpf_trace_tlb_flush+0x2c/0x40 [ 1127.763858][T15201] switch_mm_irqs_off+0x9d2/0x1010 [ 1127.769132][T15201] __text_poke+0xb4e/0xfb0 [ 1127.773723][T15201] text_poke_bp_batch+0x17f/0x960 [ 1127.778937][T15201] text_poke_finish+0x7d/0xd0 [ 1127.783801][T15201] arch_jump_label_transform_apply+0x23/0x40 [ 1127.789940][T15201] __jump_label_update+0x6af/0x6d0 [ 1127.795240][T15201] jump_label_update+0x6a0/0x7a0 [ 1127.800357][T15201] static_key_enable_cpuslocked+0x229/0x260 [ 1127.806444][T15201] static_key_enable+0x23/0x30 [ 1127.811390][T15201] tracepoint_add_func+0x1084/0x1280 [ 1127.816870][T15201] tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 1127.823849][T15201] bpf_probe_register+0x201/0x250 [ 1127.829035][T15201] bpf_raw_tp_link_attach+0x627/0x8a0 [ 1127.834599][T15201] bpf_raw_tracepoint_open+0x485/0x8a0 [ 1127.840236][T15201] __sys_bpf+0x5a6/0xd90 [ 1127.844630][T15201] __ia32_sys_bpf+0xa0/0xe0 [ 1127.849278][T15201] ia32_sys_call+0xf7e/0x40a0 [ 1127.854150][T15201] __do_fast_syscall_32+0xb4/0x120 [ 1127.859507][T15201] do_fast_syscall_32+0x38/0x80 [ 1127.864548][T15201] do_SYSENTER_32+0x1f/0x30 [ 1127.869232][T15201] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1127.875807][T15201] [ 1127.878205][T15201] Local variable stack created at: [ 1127.883403][T15201] __bpf_prog_run32+0x43/0xe0 [ 1127.888239][T15201] bpf_trace_run2+0x116/0x300 [ 1127.893063][T15201] [ 1127.895476][T15201] CPU: 1 PID: 15201 Comm: syz-executor.3 Not tainted 6.9.0-syzkaller-02339-g101b7a97143a #0 [ 1127.905701][T15201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 1127.915874][T15201] ===================================================== [ 1127.922902][T15201] Disabling lock debugging due to kernel taint [ 1127.929138][T15201] Kernel panic - not syncing: kmsan.panic set ... [ 1127.935643][T15201] CPU: 1 PID: 15201 Comm: syz-executor.3 Tainted: G B 6.9.0-syzkaller-02339-g101b7a97143a #0 [ 1127.947308][T15201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 1127.957463][T15201] Call Trace: [ 1127.960815][T15201] [ 1127.963814][T15201] dump_stack_lvl+0x216/0x2d0 [ 1127.968646][T15201] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1127.974591][T15201] dump_stack+0x1e/0x30 [ 1127.978885][T15201] panic+0x4e2/0xcd0 [ 1127.982962][T15201] ? kmsan_get_metadata+0xf1/0x1d0 [ 1127.988214][T15201] kmsan_report+0x2d5/0x2e0 [ 1127.992854][T15201] ? __msan_warning+0x95/0x120 [ 1127.997727][T15201] ? strnchr+0x90/0xd0 [ 1128.001933][T15201] ? bpf_bprintf_prepare+0x1c2/0x23c0 [ 1128.007468][T15201] ? bpf_trace_printk+0xec/0x3e0 [ 1128.012546][T15201] ? ___bpf_prog_run+0x13fe/0xe0f0 [ 1128.017790][T15201] ? __bpf_prog_run32+0xb2/0xe0 [ 1128.022769][T15201] ? bpf_trace_run2+0x116/0x300 [ 1128.027737][T15201] ? __bpf_trace_tlb_flush+0x2c/0x40 [ 1128.033163][T15201] ? switch_mm_irqs_off+0x9d2/0x1010 [ 1128.038577][T15201] ? __text_poke+0xb4e/0xfb0 [ 1128.043307][T15201] ? text_poke_bp_batch+0x17f/0x960 [ 1128.048656][T15201] ? text_poke_finish+0x7d/0xd0 [ 1128.053653][T15201] ? arch_jump_label_transform_apply+0x23/0x40 [ 1128.059931][T15201] ? __jump_label_update+0x6af/0x6d0 [ 1128.065373][T15201] ? jump_label_update+0x6a0/0x7a0 [ 1128.070624][T15201] ? static_key_enable_cpuslocked+0x229/0x260 [ 1128.076844][T15201] ? static_key_enable+0x23/0x30 [ 1128.081920][T15201] ? tracepoint_add_func+0x1084/0x1280 [ 1128.087539][T15201] ? tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 1128.094653][T15201] ? bpf_probe_register+0x201/0x250 [ 1128.099981][T15201] ? bpf_raw_tp_link_attach+0x627/0x8a0 [ 1128.105679][T15201] ? bpf_raw_tracepoint_open+0x485/0x8a0 [ 1128.111452][T15201] ? __sys_bpf+0x5a6/0xd90 [ 1128.115988][T15201] ? __ia32_sys_bpf+0xa0/0xe0 [ 1128.120786][T15201] ? ia32_sys_call+0xf7e/0x40a0 [ 1128.125791][T15201] ? __do_fast_syscall_32+0xb4/0x120 [ 1128.131226][T15201] ? do_fast_syscall_32+0x38/0x80 [ 1128.136400][T15201] ? do_SYSENTER_32+0x1f/0x30 [ 1128.141217][T15201] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1128.147889][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.153216][T15201] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1128.159154][T15201] ? bpf_bprintf_prepare+0x193/0x23c0 [ 1128.164694][T15201] ? filter_irq_stacks+0x60/0x1a0 [ 1128.169878][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.175195][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.180525][T15201] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1128.186461][T15201] __msan_warning+0x95/0x120 [ 1128.191162][T15201] strnchr+0x90/0xd0 [ 1128.195199][T15201] bpf_bprintf_prepare+0x1c2/0x23c0 [ 1128.200560][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.205878][T15201] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 1128.212290][T15201] ? __msan_memcpy+0x108/0x1c0 [ 1128.217214][T15201] bpf_trace_printk+0xec/0x3e0 [ 1128.222127][T15201] ? __bpf_prog_run32+0x5c/0xe0 [ 1128.227117][T15201] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1128.233061][T15201] ___bpf_prog_run+0x13fe/0xe0f0 [ 1128.238132][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.243473][T15201] __bpf_prog_run32+0xb2/0xe0 [ 1128.248278][T15201] ? kmsan_get_metadata+0x110/0x1d0 [ 1128.253619][T15201] ? __pfx___bpf_prog_run32+0x10/0x10 [ 1128.259175][T15201] bpf_trace_run2+0x116/0x300 [ 1128.263975][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.269300][T15201] __bpf_trace_tlb_flush+0x2c/0x40 [ 1128.274555][T15201] switch_mm_irqs_off+0x9d2/0x1010 [ 1128.279812][T15201] __text_poke+0xb4e/0xfb0 [ 1128.284373][T15201] ? __pfx_text_poke_memcpy+0x10/0x10 [ 1128.289898][T15201] ? switch_mm_irqs_off+0x920/0x1010 [ 1128.295402][T15201] ? switch_mm_irqs_off+0x920/0x1010 [ 1128.300816][T15201] text_poke_bp_batch+0x17f/0x960 [ 1128.305995][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.311316][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.316641][T15201] ? kmsan_get_shadow_origin_ptr+0x16/0xb0 [ 1128.322585][T15201] text_poke_finish+0x7d/0xd0 [ 1128.327413][T15201] arch_jump_label_transform_apply+0x23/0x40 [ 1128.333520][T15201] __jump_label_update+0x6af/0x6d0 [ 1128.338801][T15201] jump_label_update+0x6a0/0x7a0 [ 1128.343883][T15201] ? kmsan_report+0x2a0/0x2e0 [ 1128.348679][T15201] static_key_enable_cpuslocked+0x229/0x260 [ 1128.354729][T15201] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 1128.360677][T15201] static_key_enable+0x23/0x30 [ 1128.365580][T15201] ? __SCT__tp_func_exit_mmap+0x8/0x8 [ 1128.371175][T15201] tracepoint_add_func+0x1084/0x1280 [ 1128.376627][T15201] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 1128.383046][T15201] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 1128.388993][T15201] tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 1128.395928][T15201] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 1128.401878][T15201] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 1128.407825][T15201] bpf_probe_register+0x201/0x250 [ 1128.412991][T15201] bpf_raw_tp_link_attach+0x627/0x8a0 [ 1128.418533][T15201] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 1128.424762][T15201] ? kmsan_get_metadata+0x146/0x1d0 [ 1128.430101][T15201] bpf_raw_tracepoint_open+0x485/0x8a0 [ 1128.435713][T15201] __sys_bpf+0x5a6/0xd90 [ 1128.440107][T15201] __ia32_sys_bpf+0xa0/0xe0 [ 1128.444819][T15201] ia32_sys_call+0xf7e/0x40a0 [ 1128.449652][T15201] __do_fast_syscall_32+0xb4/0x120 [ 1128.454916][T15201] ? switch_fpu_return+0x17/0x20 [ 1128.460005][T15201] do_fast_syscall_32+0x38/0x80 [ 1128.465003][T15201] do_SYSENTER_32+0x1f/0x30 [ 1128.469648][T15201] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1128.476147][T15201] RIP: 0023:0xf73ab579 [ 1128.480309][T15201] Code: Unable to access opcode bytes at 0xf73ab54f. [ 1128.487052][T15201] RSP: 002b:00000000f5e345ac EFLAGS: 00000206 ORIG_RAX: 0000000000000165 [ 1128.495586][T15201] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000020000080 [ 1128.503655][T15201] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 1128.511715][T15201] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1128.519778][T15201] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1128.527838][T15201] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1128.535914][T15201] [ 1129.922226][T15201] Shutting down cpus with NMI [ 1129.927232][T15201] Kernel Offset: disabled [ 1129.931614][T15201] Rebooting in 86400 seconds..