last executing test programs: 8m51.862363268s ago: executing program 1 (id=2): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18410, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") semop(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='rpc_pipefs\x00', 0x10, 0x0) chroot(&(0x7f0000000180)='./file0\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x4009031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_setup(0x2004, &(0x7f0000000680)) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 8m49.232718641s ago: executing program 1 (id=7): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd27, 0xfffffffc, 0x1, {0x0, 0x0, 0x0, r3, {0xfff3}, {}, {0xd, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x400c021}, 0x2004c8d4) 8m43.392186084s ago: executing program 1 (id=20): r0 = socket$kcm(0x29, 0x2, 0x0) recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x40000000) 8m40.84751966s ago: executing program 32 (id=20): r0 = socket$kcm(0x29, 0x2, 0x0) recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x40000000) 3m34.971072483s ago: executing program 3 (id=584): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) recvmmsg(0xffffffffffffffff, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) syz_usb_connect(0x2, 0x47, 0x0, 0x0) 3m31.132765694s ago: executing program 3 (id=589): quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0xffffffff80000700, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x24004018}, 0x40) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008800}, 0x40800) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0) sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00) 3m29.419076262s ago: executing program 3 (id=595): socket(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_usbip_server_init(0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r5 = eventfd(0x0) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af25, &(0x7f0000000040)={0x1, r5}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000000) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r7, &(0x7f0000000080)="b3", 0x1) r8 = socket$alg(0x26, 0x5, 0x0) r9 = accept4(r8, 0x0, 0x0, 0x80800) splice(r6, 0x0, r9, 0x0, 0x8001, 0x2) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x9, &(0x7f0000000000)={[{@nombcache}, {@jqfmt_vfsv0}, {@abort}, {}, {@noquota}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x48d, &(0x7f0000000980)="$eJzs3EtvG1UbAOB3xnV6/5qv3wV6AQIFEXFJmrRAF2xAIHWDhARIZRnStCpNG9QEiVYVTREqS9RfACyR+AWsYIOAFYgtSGyQEFKFuqGwGjT2TOpcHGzHjil+HsntOTNnfM47M8c+MyfjAAbWSP5PErErIr4fithTzy4vMFL/79bNy9O/37w8nUSWvfRrUiv3283L02XRcrudRWY0jUjfTeLAGvXOX7x0dmp2duZCkR9fOPfG+PzFS4+fOTd1eub0zPnJY8eOHpl46snJJ7oS5+68rfvfnju47/ir11+YPnH9ta8+yZfvKtY3xlE33PJ7b2+yfCRGlu/LBg9F/JRlWct1/N3tbkgnW/rYENpSiYj8cFXz/h97ohK3D96eeP6dvjYO6Kksy7Ktq5ZWysRiBvyDJdF0VbqpDQE2WflFn1//lq9NHH703Y1n6hdAedy3ild9zZZIizLVFde33TQSEScW//ggf8Wa9yEAALrrs3z889ha4780/t9Q7l9Rnxsajoh/R8TeiPhPRPw3Iv4XUSt7V0Tc3Wb9Iyvyq8c/3zabXumKfPz3dDG3dXv8N1SLvzBcKXK7a/FXk1NnZmcOF/tkNKpb8/zEOnV8/tx37y9lti1f1zj+y195/eVYsC79ZcuKG3QnpxamuhB6zY2rS4GuGP8mSzMBSUTsi4j9Hbx/vs/OPPLxwWbr/zr+dXRhnin7KOLh+vFfjBXxl5L15yfHt8XszOHx8qxY7etvrr3YrP4Nxd8FN65G7Fh1/kdj/MNJ43ztfPt1XPvhvabXNJ2e/0PJy7X0ULHsramFhQsTEUPJ4urlk7e3LfNl+Tz+0UNrxZ/W3uPDYrsDEZGfxPdExL0RcV/R9vsj4oGIOLRO/F8+++DrncffW3n8J9s6/u0nKme/+LRZ/a0d/6O11GixpJXPv1YbuJF9BwAAAHeKtPY38Ek6tpRO07GxiFdq93Z3pLNz8wuPnpp78/zJ+t/KD0c1Le90pQ33QyeKe8NlfnJF/kjtvnGWZdn2Wn5sem62V3PqQGt2Nun/uZ8r/W4d0HNtzaM1e6INuCO11f9XPy0E3ME8rw2Dq9X+X+1xO4DN5/sfBtda/f9KxK0+NAXYZL7/YXDp/zC49H8YXPo/DKSNPNe/XmLv8Y43zzZUe/n7Kh1u/mNP9sZ6iUqnm29t42cOepCIdM1V1YjoS3vaSqS9qyI/+drbKj+QrRa+0umJ3XZi2cfEUD8+mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhzwAAAP//dNfhIw==") 3m25.298110246s ago: executing program 3 (id=598): socket(0x22, 0x2, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000005300)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r2, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 3m24.784258887s ago: executing program 3 (id=601): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socket$netlink(0x10, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x22) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='ip6erspan0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$unix(r2, &(0x7f0000000340)=@file={0x1, './file0\x00'}, 0x6e) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r6}, 0x18) r7 = socket$unix(0x1, 0x1, 0x0) bind$unix(r7, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) 3m21.240993244s ago: executing program 3 (id=606): socket$inet6_sctp(0xa, 0x1, 0x84) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x10400, 0x0, 0xfb, 0x0, &(0x7f0000000000)) mount(&(0x7f0000000080), &(0x7f0000000000)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000040)='trans=rdma,\xfc\xb5%o\x85\x9b\xe1F\xe8*X\xe7\x84\xcc\xfd\xec\xcd\xbe\x9d3\x1a\x00\v_\xcf\xb7\xb5\xe1\xf9\x1eC') 3m5.822659581s ago: executing program 33 (id=606): socket$inet6_sctp(0xa, 0x1, 0x84) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x10400, 0x0, 0xfb, 0x0, &(0x7f0000000000)) mount(&(0x7f0000000080), &(0x7f0000000000)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000040)='trans=rdma,\xfc\xb5%o\x85\x9b\xe1F\xe8*X\xe7\x84\xcc\xfd\xec\xcd\xbe\x9d3\x1a\x00\v_\xcf\xb7\xb5\xe1\xf9\x1eC') 1m43.123148769s ago: executing program 2 (id=774): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) r4 = socket$key(0xf, 0x3, 0x2) recvmmsg(r4, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400}) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) syz_usb_connect(0x2, 0x47, 0x0, 0x0) 1m39.793946668s ago: executing program 2 (id=782): socket$kcm(0x10, 0x2, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = socket$tipc(0x1e, 0x5, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') bind$tipc(r4, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x100000}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) preadv(r5, &(0x7f0000000180)=[{0x0, 0xed}], 0x1, 0x6, 0x6) iopl(0xd) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) sendmsg$kcm(r5, &(0x7f0000000340)={&(0x7f00000001c0)=@hci={0x1f, 0x4, 0x4}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000140)="f78f9236f68a9775c8183efe8fee459ea8e4d16af7992f50c7fcd2f5217ea4f11e52a927029507a8", 0x28}, {&(0x7f0000000280)="c32c8de0c19ba248398877c639ec0b78c6b54234b03b67dcc950519b0dbbec7e50e67f", 0x23}], 0x2, &(0x7f0000000300)}, 0x4000000) close_range(r6, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="bc7761336cbde95ce6a50ebbd0139389486c674deccf47776ceabbd3db0fb808801bf7daaf22d1c8d3a2a0b3723eacdfda7fd313240fe79e59d27fe8b896792b855a23ce470ca544206ac3a5752bb2b7f82044fc0b8839f9bf37e7ea06832eabdfe121fcba9d96744b6341ed742e25815c83149c04e87797561f77513cb6ac5502fdd405cbaa51ec3e9c65e0da12c9ccbe5a9d4efce73e8dd33129df7b372753f034738aea08ea124a8e3ddde32e605be8148a7c59d8460513711251b107095beb0d3a4c", 0xc4}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1m38.096737426s ago: executing program 2 (id=786): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000900), 0x0, 0x0, 0x0}) syz_emit_ethernet(0xc5, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffffffffffffffff884700000000000000000000000000000000401a00a7006500000e219078e0000002e0000001860a346715960ce5e061445433c1e00000017fffffff0a010100000000080000000000000007ac1414aa000089880a016e9ab6960008e000000100000003ac1414bb0000008a0000000000000006ac14140a7eaa00010001ac1414bb00000005890bed0a010102e00000020000004e204e2204519078c84753b9081af4edab9464977e1a668761d696a7c692", @ANYRES16=r1], &(0x7f0000000180)={0x1, 0x1, [0x929, 0x19e, 0x221, 0x66f]}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYRES8=r4], 0x54}, 0x1, 0x0, 0x0, 0x1004c8d3}, 0x80) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='nodots,allow_utime=000000000034,usefree,check=strict,dots,\x00'/70], 0x1, 0x1e9, &(0x7f00000002c0)="$eJzs2k1rVFcYB/Bz05SkCXkppS3Jpoe2i3ZzabIsXSSUBEoHFM0IKkhuyESHGWfC3FnMiItZu/IjuBaX7gTJF8h3cOEuCNFVVl7R0bwRFyrJCPn9NvOHPwPn4cDhWdydf+7frm3k6UbWDkNJEoYWQi/sJWE6DIUPeuHP3/9+ee/y1Wv/L5ZKS5diXF5cmZuPMU7+8vT63Ue/brXHrzyefDIStqdv7OzOP9/+aXtm5/XKrWoeq3lsNNsxi2vNZjtbq1fiejWvpTFerFeyvBKrjbzSOtJv1Jubm92YNdYnxjZblTyPWaMba5VubDdju9WN2c2s2ohpmsaJscCXKD/cK4qwW3y7Goqi+O5BGN8KE8/CVEi+j8kPC8mPq8nPvWRmtyimBn1UToX7P98OPeqjIbzodcqdcv+33y//V1r6K74zffCvV51O+Zv9fq7fx6P9SBh738+f2I+GP37r92+7fy+UjvWzYf30xwcAOHfSuO/E/S5NP9b306H98Nj+Nhxmh89sDD5T3r1Ty+r1SksQBGE/DPpl4iwcXPqgTwIAAAAAAAAAAMCnOIvPCQc9IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HV7EwAA///n0Xgk") r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r6, &(0x7f0000000000)='2', 0x1, 0x4fed0) mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) 1m25.629256194s ago: executing program 2 (id=800): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) r2 = socket$key(0xf, 0x3, 0x2) recvmmsg(r2, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400}) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) syz_usb_connect(0x2, 0x47, 0x0, 0x0) 1m21.784673795s ago: executing program 2 (id=806): socket$key(0xf, 0x3, 0x2) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="9400000013004f0a00020000000000", @ANYRES32=r0, @ANYBLOB="00000000000000000800cfffecc507006c001a8054000a80140007"], 0x94}}, 0x20008841) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x8201, 0x4) 1m18.398951209s ago: executing program 2 (id=809): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000900), 0x0, 0x0, 0x0}) syz_emit_ethernet(0xc5, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffffffffffffffff884700000000000000000000000000000000401a00a7006500000e219078e0000002e0000001860a346715960ce5e061445433c1e00000017fffffff0a010100000000080000000000000007ac1414aa000089880a016e9ab6960008e000000100000003ac1414bb0000008a0000000000000006ac14140a7eaa00010001ac1414bb00000005890bed0a010102e00000020000004e204e2204519078c84753b9081af4edab9464977e1a668761d696a7c692", @ANYRES16=r1], &(0x7f0000000180)={0x1, 0x1, [0x929, 0x19e, 0x221, 0x66f]}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYRES8=r4], 0x54}, 0x1, 0x0, 0x0, 0x1004c8d3}, 0x80) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='nodots,allow_utime=000000000034,usefree,check=strict,dots,\x00'/70], 0x1, 0x1e9, &(0x7f00000002c0)="$eJzs2k1rVFcYB/Bz05SkCXkppS3Jpoe2i3ZzabIsXSSUBEoHFM0IKkhuyESHGWfC3FnMiItZu/IjuBaX7gTJF8h3cOEuCNFVVl7R0bwRFyrJCPn9NvOHPwPn4cDhWdydf+7frm3k6UbWDkNJEoYWQi/sJWE6DIUPeuHP3/9+ee/y1Wv/L5ZKS5diXF5cmZuPMU7+8vT63Ue/brXHrzyefDIStqdv7OzOP9/+aXtm5/XKrWoeq3lsNNsxi2vNZjtbq1fiejWvpTFerFeyvBKrjbzSOtJv1Jubm92YNdYnxjZblTyPWaMba5VubDdju9WN2c2s2ohpmsaJscCXKD/cK4qwW3y7Goqi+O5BGN8KE8/CVEi+j8kPC8mPq8nPvWRmtyimBn1UToX7P98OPeqjIbzodcqdcv+33y//V1r6K74zffCvV51O+Zv9fq7fx6P9SBh738+f2I+GP37r92+7fy+UjvWzYf30xwcAOHfSuO/E/S5NP9b306H98Nj+Nhxmh89sDD5T3r1Ty+r1SksQBGE/DPpl4iwcXPqgTwIAAAAAAAAAAMCnOIvPCQc9IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HV7EwAA///n0Xgk") r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r6, &(0x7f0000000000)='2', 0x1, 0x4fed0) mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) 1m3.355438386s ago: executing program 34 (id=809): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000900), 0x0, 0x0, 0x0}) syz_emit_ethernet(0xc5, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffffffffffffffff884700000000000000000000000000000000401a00a7006500000e219078e0000002e0000001860a346715960ce5e061445433c1e00000017fffffff0a010100000000080000000000000007ac1414aa000089880a016e9ab6960008e000000100000003ac1414bb0000008a0000000000000006ac14140a7eaa00010001ac1414bb00000005890bed0a010102e00000020000004e204e2204519078c84753b9081af4edab9464977e1a668761d696a7c692", @ANYRES16=r1], &(0x7f0000000180)={0x1, 0x1, [0x929, 0x19e, 0x221, 0x66f]}) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYRES8=r4], 0x54}, 0x1, 0x0, 0x0, 0x1004c8d3}, 0x80) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='nodots,allow_utime=000000000034,usefree,check=strict,dots,\x00'/70], 0x1, 0x1e9, &(0x7f00000002c0)="$eJzs2k1rVFcYB/Bz05SkCXkppS3Jpoe2i3ZzabIsXSSUBEoHFM0IKkhuyESHGWfC3FnMiItZu/IjuBaX7gTJF8h3cOEuCNFVVl7R0bwRFyrJCPn9NvOHPwPn4cDhWdydf+7frm3k6UbWDkNJEoYWQi/sJWE6DIUPeuHP3/9+ee/y1Wv/L5ZKS5diXF5cmZuPMU7+8vT63Ue/brXHrzyefDIStqdv7OzOP9/+aXtm5/XKrWoeq3lsNNsxi2vNZjtbq1fiejWvpTFerFeyvBKrjbzSOtJv1Jubm92YNdYnxjZblTyPWaMba5VubDdju9WN2c2s2ohpmsaJscCXKD/cK4qwW3y7Goqi+O5BGN8KE8/CVEi+j8kPC8mPq8nPvWRmtyimBn1UToX7P98OPeqjIbzodcqdcv+33y//V1r6K74zffCvV51O+Zv9fq7fx6P9SBh738+f2I+GP37r92+7fy+UjvWzYf30xwcAOHfSuO/E/S5NP9b306H98Nj+Nhxmh89sDD5T3r1Ty+r1SksQBGE/DPpl4iwcXPqgTwIAAAAAAAAAAMCnOIvPCQc9IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HV7EwAA///n0Xgk") r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r6, &(0x7f0000000000)='2', 0x1, 0x4fed0) mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) 17.515740453s ago: executing program 4 (id=903): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@ipv4_delroute={0x40, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_SRC={0x8, 0x3, @multicast2}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 14.280857885s ago: executing program 4 (id=908): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100000b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2) sendfile(0xffffffffffffffff, r1, 0x0, 0x3a) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_setup(0x8, &(0x7f0000000540)) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0) 12.438935203s ago: executing program 4 (id=913): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x86}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) socket$tipc(0x1e, 0x5, 0x0) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x9a) r3 = fanotify_init(0x8, 0x80000) fanotify_mark(r3, 0x105, 0x4800003a, r2, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x4b66, &(0x7f0000000040)) mount(&(0x7f0000000000)=@filename='./cgroup\x00', &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='gfs2meta\x00', 0x20c400, 0x0) 10.970013862s ago: executing program 6 (id=918): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x400, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x5514, &(0x7f0000005d80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ") socket$nl_generic(0x10, 0x3, 0x10) setresuid(0xee00, 0xee00, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000011c0)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) 10.557219526s ago: executing program 5 (id=919): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_secret(0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r2, 0x0, 0x4040004) ftruncate(r1, 0x4) finit_module(r1, 0x0, 0x1) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1c) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000700)='mm_lru_insertion\x00'}, 0x10) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x87, 0xc, 0x0, 0xdd24, 0xb7, 0x7, 0x75, 0xf2, 0x5, 0x2, 0x61, 0x0, 0x40, 0x7, 0x7, 0x8, 0x60, 0xe1, '\x00', 0x1, 0x1}) r7 = syz_socket_connect_nvme_tcp() recvfrom$inet_nvme(r7, &(0x7f0000000080)=""/155, 0x9b, 0x0, 0x0, 0x0) 6.479517095s ago: executing program 6 (id=921): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[], 0x50) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) timer_create(0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) readv(r1, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 6.411482801s ago: executing program 5 (id=922): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2) sendfile(0xffffffffffffffff, r1, 0x0, 0x3a) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_setup(0x8, &(0x7f0000000540)) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0) 5.647665853s ago: executing program 6 (id=923): socket(0x10, 0x3, 0x0) r0 = socket$kcm(0x29, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000003600)={0x0, 0x0, &(0x7f0000002140)=[{&(0x7f0000002400)="9c", 0x1}], 0x1}, 0x800) r1 = socket$inet6(0xa, 0x803, 0x6) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x2, @empty, 0x7ffe}, 0x1c) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000180)={r1}) syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00') 5.577584568s ago: executing program 4 (id=924): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x589b}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={0x0, 0x0}, 0x28) r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) writev(r1, &(0x7f0000000180)=[{&(0x7f0000000700)}], 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) 5.485201236s ago: executing program 5 (id=926): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff00000002000000", 0x57}], 0x1) 5.350649717s ago: executing program 6 (id=927): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7000000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x39}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) read$FUSE(0xffffffffffffffff, 0x0, 0x0) 5.088961318s ago: executing program 4 (id=928): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @local}, 0xc) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)={0x54, r3, 0x1, 0x14, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x4000000) 4.703321469s ago: executing program 0 (id=929): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) pipe2(0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r5, &(0x7f0000f6f000), 0x0, 0x20000004, 0x0, 0x0) splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x406f413, 0x0) socket(0x1, 0x3, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) connect$unix(r2, &(0x7f0000000380)=@abs={0x1, 0x0, 0x4e23}, 0x6e) mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000240)) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r6}, 0x10) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r7, 0x0, 0x83}, 0x10) syz_mount_image$fuse(&(0x7f00000001c0), 0x0, 0x322020, &(0x7f0000000440)=ANY=[], 0x1, 0x0, 0x0) getresuid(&(0x7f0000000540), &(0x7f0000000580), &(0x7f00000005c0)=0x0) mount$9p_tcp(&(0x7f0000000400), &(0x7f0000000440)='./bus\x00', &(0x7f0000000480), 0x810001, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e21,nodevmap,ignoreqv,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fowner=', @ANYRESDEC=r8, @ANYBLOB='!']) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 2.33309627s ago: executing program 5 (id=930): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xf, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7000000) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020605000000000000000000000000000c00078008000640000019000500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x39}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) read$FUSE(0xffffffffffffffff, 0x0, 0x0) 2.129671597s ago: executing program 0 (id=931): bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r0 = socket$tipc(0x1e, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) bind$tipc(0xffffffffffffffff, 0x0, 0x0) close(0x3) sendmsg$tipc(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4010}, 0x8820) 1.886572087s ago: executing program 0 (id=932): openat$tun(0xffffffffffffff9c, 0x0, 0x110062, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) recvmmsg(r0, &(0x7f0000001740), 0x0, 0x2, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}}, 0x0) socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) 1.700977332s ago: executing program 6 (id=933): socket(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_usbip_server_init(0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r5 = eventfd(0x0) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af25, &(0x7f0000000040)={0x1, r5}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000000) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r7, &(0x7f0000000080)="b3", 0x1) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x80800) splice(r6, 0x0, r9, 0x0, 0x8001, 0x2) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x9, &(0x7f0000000000)={[{@nombcache}, {@jqfmt_vfsv0}, {@abort}, {}, {@noquota}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x48d, &(0x7f0000000980)="$eJzs3EtvG1UbAOB3xnV6/5qv3wV6AQIFEXFJmrRAF2xAIHWDhARIZRnStCpNG9QEiVYVTREqS9RfACyR+AWsYIOAFYgtSGyQEFKFuqGwGjT2TOpcHGzHjil+HsntOTNnfM47M8c+MyfjAAbWSP5PErErIr4fithTzy4vMFL/79bNy9O/37w8nUSWvfRrUiv3283L02XRcrudRWY0jUjfTeLAGvXOX7x0dmp2duZCkR9fOPfG+PzFS4+fOTd1eub0zPnJY8eOHpl46snJJ7oS5+68rfvfnju47/ir11+YPnH9ta8+yZfvKtY3xlE33PJ7b2+yfCRGlu/LBg9F/JRlWct1/N3tbkgnW/rYENpSiYj8cFXz/h97ohK3D96eeP6dvjYO6Kksy7Ktq5ZWysRiBvyDJdF0VbqpDQE2WflFn1//lq9NHH703Y1n6hdAedy3ild9zZZIizLVFde33TQSEScW//ggf8Wa9yEAALrrs3z889ha4780/t9Q7l9Rnxsajoh/R8TeiPhPRPw3Iv4XUSt7V0Tc3Wb9Iyvyq8c/3zabXumKfPz3dDG3dXv8N1SLvzBcKXK7a/FXk1NnZmcOF/tkNKpb8/zEOnV8/tx37y9lti1f1zj+y195/eVYsC79ZcuKG3QnpxamuhB6zY2rS4GuGP8mSzMBSUTsi4j9Hbx/vs/OPPLxwWbr/zr+dXRhnin7KOLh+vFfjBXxl5L15yfHt8XszOHx8qxY7etvrr3YrP4Nxd8FN65G7Fh1/kdj/MNJ43ztfPt1XPvhvabXNJ2e/0PJy7X0ULHsramFhQsTEUPJ4urlk7e3LfNl+Tz+0UNrxZ/W3uPDYrsDEZGfxPdExL0RcV/R9vsj4oGIOLRO/F8+++DrncffW3n8J9s6/u0nKme/+LRZ/a0d/6O11GixpJXPv1YbuJF9BwAAAHeKtPY38Ek6tpRO07GxiFdq93Z3pLNz8wuPnpp78/zJ+t/KD0c1Le90pQ33QyeKe8NlfnJF/kjtvnGWZdn2Wn5sem62V3PqQGt2Nun/uZ8r/W4d0HNtzaM1e6INuCO11f9XPy0E3ME8rw2Dq9X+X+1xO4DN5/sfBtda/f9KxK0+NAXYZL7/YXDp/zC49H8YXPo/DKSNPNe/XmLv8Y43zzZUe/n7Kh1u/mNP9sZ6iUqnm29t42cOepCIdM1V1YjoS3vaSqS9qyI/+drbKj+QrRa+0umJ3XZi2cfEUD8+mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhzwAAAP//dNfhIw==") 1.553058503s ago: executing program 0 (id=934): socket$kcm(0x10, 0x2, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') bind$tipc(0xffffffffffffffff, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x100000}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000180)=[{0x0, 0xed}], 0x1, 0x6, 0x6) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="bc7761336cbde95ce6a50ebbd0139389486c674deccf47776ceabbd3db0fb808801bf7daaf22d1c8d3a2a0b3723eacdfda7fd313240fe79e59d27fe8b896792b855a23ce470ca544206ac3a5752bb2b7f82044fc0b8839f9bf37e7ea06832eabdfe121fcba9d96744b6341ed742e25815c83149c04e87797561f77513cb6ac5502fdd405cbaa51ec3e9c65e0da12c9ccbe5a9d4efce73e8dd33129df7b372753f034738aea08ea124a8e3ddde32e605be8148a7c59d8460513711251b107095beb0d3a4c", 0xc4}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.309891874s ago: executing program 4 (id=935): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) sched_setscheduler(0x0, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0'}, 0xb) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x3, [@bcast, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r2, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) 1.130278278s ago: executing program 5 (id=936): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x589b}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={0x0, 0x0}, 0x28) r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) writev(r1, &(0x7f0000000180)=[{&(0x7f0000000700)}], 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) 548.763595ms ago: executing program 5 (id=937): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2) sendfile(0xffffffffffffffff, r1, 0x0, 0x3a) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_setup(0x8, &(0x7f0000000540)) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0) 373.374919ms ago: executing program 0 (id=938): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c80)={0x20, 0xa, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000) 180.775715ms ago: executing program 0 (id=939): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000340)=0x2) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x189a42, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000040)=0xfffffffd) close(r1) r3 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) close(0x3) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x4000890}, 0x80) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x11}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x60}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000400)="4c5a1d7b44464d14aa8260bca676028f1d71e8ea6927fb0c4949d8cbfdeed9e995e058d6128dd611e93c73f158b8efb03f0b193d5b79b7e52d4d4c9a616888d4767cd5fb3cd13b63734db0810561e22fd069761f1a4cc3fc16ba1601bfb7e9f5112d640b85f7a7f9432da9ca9d95e51e0f00f234bc302dbd060fc324fd5af245411f1df76b19f9b4978f8fc74db99993bc0a886c21be4133d98bf996827bf0e69ae51540e1f53b49e63ea3c1446712d898e00bdf170127a8e0ed1ec17c5a403215f1657a9c9ebdc598bdb4a1ee7bf94d3967b374bfb52f", 0xd7}, {&(0x7f0000000580)="cff1a5110008bb3139cec59f8f99186a49d525d0fba12ccc0abe178b98323ff5256b4e9ff68c29390b1998e4ce07a20ef0b3d32dd68789dac415a63a88203e2c0604b0e91772904b6e16d74d70ed404289206cb99750c501aaa65285a3beff46ce12c53878f6a484e4d1fedbea77daf919c805ff9d2ed1de5739a48e8aa12ee96357a904bceec2c15764939c15e4c3e8e796c53005457df6c57629bd69ef20ab1b261155a340fac24179fbf317071699b75d82fc43edd4f70c33691f263c5b4bd3300d1e7b8b5c547c4b706d331c9aca0b4a5838cffdf5a8f66857d13f", 0xdd}], 0x2) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuset.memory_pressure\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r7, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0x2, &(0x7f0000001a00)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffa}], &(0x7f0000000340)='syzkaller\x00', 0x7, 0x1000, &(0x7f0000000680)=""/4096, 0x41000, 0x14, '\x00', 0x0, @sk_reuseport=0x28, r7, 0x8, &(0x7f0000000500)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000001680)={0x3, 0x9, 0x5, 0x7f}, 0x10, 0x0, 0xffffffffffffffff, 0x8, 0x0, &(0x7f0000001700)=[{0x2, 0x4, 0x9, 0xb}, {0x2, 0x1, 0x7, 0x9}, {0x1, 0x5, 0x10, 0x4}, {0x4, 0x5, 0xc, 0x3}, {0x2, 0x5, 0x6, 0x6}, {0x3, 0x4, 0x7, 0x6}, {0x0, 0x4, 0x8, 0x2}, {0x0, 0x1, 0x10, 0xa}], 0x10, 0x2}, 0x94) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4, 0x0, @loopback}}, {0x12, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) ioctl$sock_inet_SIOCSIFADDR(r8, 0x8916, &(0x7f00000019c0)={'dvmrp0\x00', {0x2, 0x4e20, @loopback}}) 0s ago: executing program 6 (id=940): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) pipe2(0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r5, &(0x7f0000f6f000), 0x0, 0x20000004, 0x0, 0x0) splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x406f413, 0x0) socket(0x1, 0x3, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) connect$unix(r2, &(0x7f0000000380)=@abs={0x1, 0x0, 0x4e23}, 0x6e) mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000240)) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r6}, 0x10) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r7, 0x0, 0x83}, 0x10) syz_mount_image$fuse(&(0x7f00000001c0), 0x0, 0x322020, &(0x7f0000000440)=ANY=[], 0x1, 0x0, 0x0) getresuid(&(0x7f0000000540), &(0x7f0000000580), &(0x7f00000005c0)=0x0) mount$9p_tcp(&(0x7f0000000400), &(0x7f0000000440)='./bus\x00', &(0x7f0000000480), 0x810001, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e21,nodevmap,ignoreqv,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fowner=', @ANYRESDEC=r8, @ANYBLOB='!']) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) kernel console output (not intermixed with test programs): 12.696043][ T6033] netlink: 12 bytes leftover after parsing attributes in process `syz.0.35'. [ 113.916117][ T6034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.947554][ T6034] bond0: (slave rose0): Enslaving as an active interface with an up link [ 113.976943][ T5961] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.984463][ T5961] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.992360][ T5961] bridge_slave_0: entered allmulticast mode [ 114.002668][ T5961] bridge_slave_0: entered promiscuous mode [ 114.022212][ T5961] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.031005][ T5961] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.062468][ T5961] bridge_slave_1: entered allmulticast mode [ 114.081833][ T5961] bridge_slave_1: entered promiscuous mode [ 114.234279][ T5961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.247256][ T5961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.369599][ T5961] team0: Port device team_slave_0 added [ 114.407376][ T5961] team0: Port device team_slave_1 added [ 114.950398][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 114.987440][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.141985][ T5961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.192958][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.219584][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.321461][ T5961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 118.169047][ T5961] hsr_slave_0: entered promiscuous mode [ 118.232089][ T5961] hsr_slave_1: entered promiscuous mode [ 118.258683][ T5961] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 118.281643][ T5961] Cannot create hsr debugfs directory [ 118.354677][ T6090] netlink: 104 bytes leftover after parsing attributes in process `syz.3.48'. [ 120.364182][ T6116] loop3: detected capacity change from 0 to 512 [ 120.371596][ T6116] ======================================================= [ 120.371596][ T6116] WARNING: The mand mount option has been deprecated and [ 120.371596][ T6116] and is ignored by this kernel. Remove the mand [ 120.371596][ T6116] option from the mount to silence this warning. [ 120.371596][ T6116] ======================================================= [ 120.777077][ T6116] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 120.786511][ T6116] System zones: 0-2, 18-18, 34-34 [ 120.837519][ T6116] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.52: corrupted inode contents [ 120.855895][ T6116] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #3: comm syz.3.52: mark_inode_dirty error [ 120.887252][ T6116] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.52: corrupted inode contents [ 120.900906][ T6116] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.52: mark_inode_dirty error [ 120.938496][ T6116] Quota error (device loop3): write_blk: dquota write failed [ 120.947276][ T6116] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 120.957685][ T6116] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.52: Failed to acquire dquot type 0 [ 121.054176][ T6116] EXT4-fs (loop3): 1 orphan inode deleted [ 121.073138][ T6116] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.326949][ T2984] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 122.389161][ T2984] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:9: Failed to release dquot type 1 [ 122.668496][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.311915][ T5781] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 127.604528][ T5781] usb 3-1: unable to get BOS descriptor or descriptor too short [ 127.682607][ T5781] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 127.691033][ T5781] usb 3-1: can't read configurations, error -71 [ 127.744638][ T1037] hsr_slave_0: left promiscuous mode [ 127.944047][ T1037] hsr_slave_1: left promiscuous mode [ 127.951363][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.958898][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.982798][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.001139][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 128.015454][ T1037] bridge_slave_1: left allmulticast mode [ 128.023514][ T1037] bridge_slave_1: left promiscuous mode [ 128.036721][ T1037] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.764278][ T1037] bridge_slave_0: left allmulticast mode [ 128.784711][ T1037] bridge_slave_0: left promiscuous mode [ 128.791562][ T1037] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.872408][ T1037] veth1_macvtap: left promiscuous mode [ 128.878468][ T1037] veth0_macvtap: left promiscuous mode [ 128.889368][ T1037] veth1_vlan: left promiscuous mode [ 128.896781][ T1037] veth0_vlan: left promiscuous mode [ 130.404904][ T6167] loop0: detected capacity change from 0 to 128 [ 130.583307][ T6168] virtio-fs: tag not found [ 130.940158][ T6167] syz.0.61 (6167) used greatest stack depth: 20080 bytes left [ 131.104634][ T1037] team0 (unregistering): Port device team_slave_1 removed [ 131.198455][ T1037] team0 (unregistering): Port device team_slave_0 removed [ 131.239778][ T1037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 131.310270][ T1037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 131.818021][ T1037] bond0 (unregistering): Released all slaves [ 131.920672][ T6146] tipc: Started in network mode [ 131.937481][ T6146] tipc: Node identity 02af518473c9, cluster identity 4711 [ 131.961996][ T6146] tipc: Enabled bearer , priority 0 [ 131.969339][ T6147] syzkaller0: entered promiscuous mode [ 131.975701][ T6147] syzkaller0: entered allmulticast mode [ 132.056917][ T6179] loop2: detected capacity change from 0 to 128 [ 132.073241][ T6179] ADFS-fs (loop2): error: can't find an ADFS filesystem on dev loop2. [ 132.165628][ T6157] tipc: Resetting bearer [ 132.309855][ T6157] tipc: Disabling bearer [ 133.158677][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.165664][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.226424][ T5961] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 133.300401][ T6188] tipc: Failed to remove unknown binding: 66,1,1/0:1584514116/1584514118 [ 133.326947][ T6188] tipc: Failed to remove unknown binding: 66,1,1/0:1584514116/1584514118 [ 133.483943][ T6191] loop0: detected capacity change from 0 to 512 [ 133.549764][ T6191] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 133.559582][ T6191] System zones: 0-2, 18-18, 34-34 [ 133.591169][ T6188] tipc: Failed to remove unknown binding: 66,1,1/0:1584514116/1584514118 [ 133.695237][ T6191] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #3: comm syz.0.64: corrupted inode contents [ 133.710737][ T6191] EXT4-fs error (device loop0): ext4_dirty_inode:6106: inode #3: comm syz.0.64: mark_inode_dirty error [ 133.733639][ T6191] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #3: comm syz.0.64: corrupted inode contents [ 133.747344][ T6191] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #3: comm syz.0.64: mark_inode_dirty error [ 133.764187][ T6191] Quota error (device loop0): write_blk: dquota write failed [ 133.772943][ T6191] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 133.783361][ T6191] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.64: Failed to acquire dquot type 0 [ 133.799227][ T5961] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 133.874881][ T6191] EXT4-fs (loop0): 1 orphan inode deleted [ 133.890104][ T6191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.311066][ C0] sched: RT throttling activated [ 134.465335][ T11] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 134.475288][ T11] EXT4-fs error (device loop0): ext4_release_dquot:6974: comm kworker/u4:0: Failed to release dquot type 1 [ 135.514814][ T5961] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 135.622076][ T5961] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 135.876391][ T6200] loop2: detected capacity change from 0 to 2048 [ 136.021601][ T5993] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 136.106338][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.302866][ T5961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.480884][ T6217] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.631643][ T5961] 8021q: adding VLAN 0 to HW filter on device team0 [ 136.761009][ T2975] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.768312][ T2975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.847712][ T2975] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.855005][ T2975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.115171][ T5961] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 137.350620][ T6232] loop3: detected capacity change from 0 to 16 [ 137.459240][ T6232] erofs: (device loop3): mounted with root inode @ nid 36. [ 139.749941][ T6247] loop0: detected capacity change from 0 to 64 [ 139.888698][ T6252] loop2: detected capacity change from 0 to 512 [ 140.197461][ T6252] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.330692][ T5961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.116213][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.076246][ T6284] loop3: detected capacity change from 0 to 2048 [ 146.272677][ T6284] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 146.643284][ T5961] veth0_vlan: entered promiscuous mode [ 146.690499][ T5961] veth1_vlan: entered promiscuous mode [ 146.858997][ T5961] veth0_macvtap: entered promiscuous mode [ 146.949415][ T5961] veth1_macvtap: entered promiscuous mode [ 147.072167][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.125941][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.147940][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.291121][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.363953][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.414824][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.445761][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.478735][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.510833][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.541407][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.571593][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.611517][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.668598][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.723211][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.756140][ T5961] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.765317][ T5961] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.781127][ T5961] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.861872][ T5961] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.725928][ T2984] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.770911][ T2984] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.926836][ T5935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.941114][ T5935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.869423][ T6320] process 'syz.0.88' launched '/dev/fd/3' with NULL argv: empty string added [ 155.031412][ T6354] binder: 6348:6354 ioctl 4018620d 0 returned -22 [ 155.201240][ T6352] loop2: detected capacity change from 0 to 128 [ 155.254769][ T6352] virtio-fs: tag not found [ 155.898444][ T6364] netlink: 60 bytes leftover after parsing attributes in process `syz.4.96'. [ 155.931209][ T6364] netlink: 60 bytes leftover after parsing attributes in process `syz.4.96'. [ 157.961528][ T8] IPVS: starting estimator thread 0... [ 158.051368][ T6387] IPVS: using max 16 ests per chain, 38400 per kthread [ 161.120596][ T6417] loop4: detected capacity change from 0 to 128 [ 161.356254][ T5993] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 161.732783][ T6423] netlink: 168 bytes leftover after parsing attributes in process `syz.0.107'. [ 168.717513][ T6471] loop3: detected capacity change from 0 to 512 [ 168.743229][ T6471] EXT4-fs: Ignoring removed mblk_io_submit option [ 168.781429][ T6471] EXT4-fs: Ignoring removed nomblk_io_submit option [ 168.795913][ T6471] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 168.820548][ T6471] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 168.979163][ T6471] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4036: comm syz.3.120: Allocating blocks 41-42 which overlap fs metadata [ 169.061520][ T6471] Quota error (device loop3): write_blk: dquota write failed [ 169.069115][ T6471] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5 [ 169.079480][ T6471] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4036: comm syz.3.120: Allocating blocks 41-42 which overlap fs metadata [ 169.317575][ T6471] Quota error (device loop3): write_blk: dquota write failed [ 169.325937][ T6471] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 169.336520][ T6471] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.120: Failed to acquire dquot type 1 [ 169.365586][ T6485] netlink: 8 bytes leftover after parsing attributes in process `syz.2.122'. [ 169.488944][ T6471] EXT4-fs error (device loop3): mb_free_blocks:1943: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 169.509687][ T6471] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #12: comm syz.3.120: corrupted inode contents [ 169.539555][ T6471] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #12: comm syz.3.120: mark_inode_dirty error [ 169.562725][ T6471] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #12: comm syz.3.120: corrupted inode contents [ 169.591711][ T6471] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #12: comm syz.3.120: mark_inode_dirty error [ 169.610277][ T6471] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #12: comm syz.3.120: corrupted inode contents [ 169.848528][ T6471] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 169.907653][ T6471] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #12: comm syz.3.120: corrupted inode contents [ 170.115575][ T6501] loop2: detected capacity change from 0 to 24 [ 170.136829][ T6501] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 172.449178][ T6501] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 172.641889][ T6471] EXT4-fs error (device loop3): ext4_truncate:4288: inode #12: comm syz.3.120: mark_inode_dirty error [ 172.829770][ T6471] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 172.886841][ T6471] EXT4-fs (loop3): 1 truncate cleaned up [ 172.970391][ T6471] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.034035][ T6471] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.631193][ T28] audit: type=1326 audit(176.431:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6534 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 176.689688][ T28] audit: type=1326 audit(176.431:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6534 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 176.956300][ T28] audit: type=1326 audit(176.431:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6534 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 177.037055][ T28] audit: type=1326 audit(176.431:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6534 comm="syz.2.132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 182.837999][ T6576] loop2: detected capacity change from 0 to 256 [ 184.124004][ T6576] FAT-fs (loop2): Directory bread(block 64) failed [ 184.130989][ T6576] FAT-fs (loop2): Directory bread(block 65) failed [ 184.436501][ T6576] FAT-fs (loop2): Directory bread(block 66) failed [ 184.493357][ T6576] FAT-fs (loop2): Directory bread(block 67) failed [ 184.500889][ T6576] FAT-fs (loop2): Directory bread(block 68) failed [ 184.694546][ T6576] FAT-fs (loop2): Directory bread(block 69) failed [ 184.828500][ T6576] FAT-fs (loop2): Directory bread(block 70) failed [ 184.952827][ T6576] FAT-fs (loop2): Directory bread(block 71) failed [ 185.311870][ T6576] FAT-fs (loop2): Directory bread(block 72) failed [ 185.318492][ T6576] FAT-fs (loop2): Directory bread(block 73) failed [ 185.737797][ T6587] tipc: Started in network mode [ 185.757802][ T6587] tipc: Node identity ac1414aa, cluster identity 4711 [ 186.021232][ T6587] tipc: Enabled bearer , priority 10 [ 186.131317][ T6592] netlink: 8 bytes leftover after parsing attributes in process `syz.4.144'. [ 187.023179][ T5835] tipc: Node number set to 2886997162 [ 190.216396][ T6609] loop0: detected capacity change from 0 to 32768 [ 190.970806][ T6609] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 192.988213][ T6609] XFS (loop0): Ending clean mount [ 193.105289][ T6609] XFS (loop0): Quotacheck needed: Please wait. [ 193.349054][ T6609] XFS (loop0): Quotacheck: Done. [ 193.557661][ T5790] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 194.871988][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.878469][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.552830][ T6689] loop4: detected capacity change from 0 to 1024 [ 197.561861][ T6689] hfsplus: unable to parse mount options [ 199.749212][ T5796] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 204.463689][ T6746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.168'. [ 204.977361][ T6746] syz.2.168 (6746) used greatest stack depth: 16696 bytes left [ 206.737141][ T28] audit: type=1326 audit(206.681:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6772 comm="syz.2.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 206.931932][ T28] audit: type=1326 audit(206.681:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6772 comm="syz.2.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 207.851338][ T28] audit: type=1326 audit(206.711:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6772 comm="syz.2.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 207.926237][ T28] audit: type=1326 audit(206.711:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6772 comm="syz.2.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 212.341233][ T5799] Bluetooth: hci0: command 0x0406 tx timeout [ 212.347449][ T5799] Bluetooth: hci3: command 0x0406 tx timeout [ 212.355119][ T5798] Bluetooth: hci2: command 0x0406 tx timeout [ 214.716285][ T6834] loop4: detected capacity change from 0 to 256 [ 214.742981][ T6830] tipc: Enabled bearer , priority 0 [ 214.764810][ T6830] syzkaller0: entered promiscuous mode [ 214.770368][ T6830] syzkaller0: entered allmulticast mode [ 214.813775][ T6834] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 214.862097][ T6834] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 214.949694][ T6830] tipc: Resetting bearer [ 215.025171][ T6828] tipc: Resetting bearer [ 215.048153][ T6834] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 215.206778][ T6828] tipc: Disabling bearer [ 215.737272][ T6849] loop4: detected capacity change from 0 to 32768 [ 215.745210][ T6849] XFS: ikeep mount option is deprecated. [ 215.869626][ T6849] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 216.676801][ T6849] XFS (loop4): Ending clean mount [ 216.715531][ T6849] XFS (loop4): Quotacheck needed: Please wait. [ 217.494550][ T6849] XFS (loop4): Quotacheck: Done. [ 218.958583][ T6870] netlink: 'syz.4.192': attribute type 10 has an invalid length. [ 218.968747][ T6870] netlink: 40 bytes leftover after parsing attributes in process `syz.4.192'. [ 218.991105][ T6870] dummy0: entered promiscuous mode [ 219.007386][ T6870] bridge0: port 3(dummy0) entered blocking state [ 219.014328][ T6870] bridge0: port 3(dummy0) entered disabled state [ 219.029069][ T6870] dummy0: entered allmulticast mode [ 219.104494][ T6870] bridge0: port 3(dummy0) entered blocking state [ 219.112896][ T6870] bridge0: port 3(dummy0) entered forwarding state [ 220.079067][ T6872] program syz.0.195 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 220.985857][ T5961] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 224.557927][ T6902] tipc: Started in network mode [ 224.691597][ T6902] tipc: Node identity 86f9ac5f51f2, cluster identity 4711 [ 224.733119][ T6902] tipc: Enabled bearer , priority 0 [ 224.763409][ T6905] syzkaller0: entered promiscuous mode [ 224.768971][ T6905] syzkaller0: entered allmulticast mode [ 225.850172][ T5835] tipc: Node number set to 3607866463 [ 225.870015][ T6905] tipc: Resetting bearer [ 225.910180][ T6899] tipc: Resetting bearer [ 226.791528][ T6899] tipc: Disabling bearer [ 227.461470][ T5801] Bluetooth: hci1: command 0x0406 tx timeout [ 230.122718][ T6926] loop3: detected capacity change from 0 to 512 [ 230.203354][ T6926] EXT4-fs warning (device loop3): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop3. [ 230.216830][ T6931] vivid-007: ================= START STATUS ================= [ 230.226280][ T6931] vivid-007: Generate PTS: true [ 230.231862][ T6931] vivid-007: Generate SCR: true [ 230.237267][ T6931] tpg source WxH: 640x360 (Y'CbCr) [ 230.242773][ T6931] tpg field: 1 [ 230.246303][ T6931] tpg crop: 640x360@0x0 [ 230.250643][ T6931] tpg compose: 640x360@0x0 [ 230.255344][ T6931] tpg colorspace: 8 [ 230.259399][ T6931] tpg transfer function: 0/0 [ 230.264208][ T6931] tpg Y'CbCr encoding: 0/0 [ 230.315094][ T6931] tpg quantization: 0/0 [ 230.319532][ T6931] tpg RGB range: 0/2 [ 230.323714][ T6931] vivid-007: ================== END STATUS ================== [ 230.739611][ T6933] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 230.746639][ T6933] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 230.756066][ T6933] vhci_hcd vhci_hcd.0: Device attached [ 230.935225][ T6934] vhci_hcd: connection closed [ 231.311367][ T1037] vhci_hcd: stop threads [ 231.398711][ T1037] vhci_hcd: release socket [ 231.449344][ T1037] vhci_hcd: disconnect device [ 232.921189][ T6952] loop0: detected capacity change from 0 to 32768 [ 233.030740][ T6952] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 233.124862][ T6961] netlink: 4 bytes leftover after parsing attributes in process `syz.4.210'. [ 233.187868][ T6961] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 233.197013][ T6961] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 233.215272][ T6952] XFS (loop0): Ending clean mount [ 233.222413][ T6961] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 233.230078][ T6961] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 234.007436][ T6976] netlink: 8 bytes leftover after parsing attributes in process `syz.0.211'. [ 234.016481][ T6976] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'. [ 234.033996][ T6976] geneve2: entered promiscuous mode [ 234.039272][ T6976] geneve2: entered allmulticast mode [ 237.787454][ T6996] tipc: Started in network mode [ 237.823489][ T6996] tipc: Node identity aa552407e0c4, cluster identity 4711 [ 237.830847][ T6996] tipc: Enabled bearer , priority 0 [ 237.909007][ T6998] syzkaller0: entered promiscuous mode [ 237.928017][ T6998] syzkaller0: entered allmulticast mode [ 238.061425][ T6998] tipc: Resetting bearer [ 238.131825][ T6995] tipc: Resetting bearer [ 238.262772][ T6995] tipc: Disabling bearer [ 238.668678][ T7008] loop3: detected capacity change from 0 to 128 [ 241.157485][ T7029] netlink: 4 bytes leftover after parsing attributes in process `syz.3.222'. [ 241.183378][ T5790] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 241.261510][ T7029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 241.287364][ T7029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 241.328957][ T7029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 241.343711][ T7029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 243.883552][ T7043] netlink: 32 bytes leftover after parsing attributes in process `syz.2.227'. [ 243.973621][ T7053] loop4: detected capacity change from 0 to 512 [ 244.142647][ T7053] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 244.183768][ T7053] UDF-fs: Scanning with blocksize 512 failed [ 244.222099][ T7053] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 244.311609][ T7053] UDF-fs: Scanning with blocksize 1024 failed [ 244.386688][ T7066] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 244.526618][ T7066] loop0: detected capacity change from 0 to 512 [ 244.666215][ T7053] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 244.779349][ T7066] EXT4-fs (loop0): orphan cleanup on readonly fs [ 244.785946][ T7066] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 244.864106][ T7066] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 244.891957][ T7066] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.229: attempt to clear invalid blocks 2 len 1 [ 244.950958][ T7066] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.229: invalid indirect mapped block 1819239214 (level 0) [ 244.965284][ T7053] UDF-fs: Scanning with blocksize 2048 failed [ 244.974342][ T7066] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.229: invalid indirect mapped block 1819239214 (level 1) [ 245.000838][ T7053] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 245.007237][ T7066] EXT4-fs (loop0): 1 truncate cleaned up [ 245.019137][ T7066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 245.153950][ T7053] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 245.838314][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.660558][ T7093] netlink: 'syz.2.236': attribute type 1 has an invalid length. [ 246.738217][ T7099] tipc: Enabled bearer , priority 10 [ 247.806748][ T7088] CUSE: unknown device info "ÿ" [ 247.811877][ T7088] CUSE: zero length info key specified [ 247.818542][ T7088] ALSA: mixer_oss: invalid OSS volume 'u' [ 247.851470][ T5862] tipc: Node number set to 1902530948 [ 250.873919][ T7128] bridge0: port 3(syz_tun) entered blocking state [ 250.911309][ T7128] bridge0: port 3(syz_tun) entered disabled state [ 250.918045][ T7128] syz_tun: entered allmulticast mode [ 251.012857][ T7128] syz_tun: entered promiscuous mode [ 251.070633][ T7128] bridge0: port 3(syz_tun) entered blocking state [ 251.078607][ T7128] bridge0: port 3(syz_tun) entered forwarding state [ 252.627678][ T5799] Bluetooth: hci1: unexpected event for opcode 0x2040 [ 256.504669][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.521496][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.776184][ T7179] loop3: detected capacity change from 0 to 40427 [ 257.828216][ T7179] F2FS-fs (loop3): invalid crc value [ 257.863359][ T7179] F2FS-fs (loop3): Found nat_bits in checkpoint [ 257.967495][ T7179] F2FS-fs (loop3): Start checkpoint disabled! [ 257.990093][ T7179] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 258.082296][ T7179] bio_check_eod: 182 callbacks suppressed [ 258.082314][ T7179] syz.3.257: attempt to access beyond end of device [ 258.082314][ T7179] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 258.362433][ T7203] tipc: Enabled bearer , priority 10 [ 258.392083][ T7207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.263'. [ 258.405876][ T6121] kworker/u4:13: attempt to access beyond end of device [ 258.405876][ T6121] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 258.437142][ T6121] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 258.452625][ T6121] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 258.475069][ T6121] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 259.021355][ T54] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 259.246187][ T54] usb 1-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00 [ 259.256832][ T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.054923][ T5862] tipc: Node number set to 1251025927 [ 261.146603][ T54] usb 1-1: config 0 descriptor?? [ 262.114064][ T54] usbhid 1-1:0.0: can't add hid device: -71 [ 262.120474][ T54] usbhid: probe of 1-1:0.0 failed with error -71 [ 262.345685][ T54] usb 1-1: USB disconnect, device number 2 [ 263.611769][ T7235] netlink: 28 bytes leftover after parsing attributes in process `syz.0.269'. [ 264.275824][ T7258] loop3: detected capacity change from 0 to 256 [ 264.382889][ T7258] FAT-fs (loop3): Directory bread(block 64) failed [ 264.390765][ T7258] FAT-fs (loop3): Directory bread(block 65) failed [ 264.398128][ T7258] FAT-fs (loop3): Directory bread(block 66) failed [ 264.405326][ T7258] FAT-fs (loop3): Directory bread(block 67) failed [ 264.414780][ T7258] FAT-fs (loop3): Directory bread(block 68) failed [ 264.422618][ T7258] FAT-fs (loop3): Directory bread(block 69) failed [ 264.430493][ T7258] FAT-fs (loop3): Directory bread(block 70) failed [ 264.438692][ T7258] FAT-fs (loop3): Directory bread(block 71) failed [ 264.456703][ T7258] FAT-fs (loop3): Directory bread(block 72) failed [ 264.472694][ T7258] FAT-fs (loop3): Directory bread(block 73) failed [ 266.729194][ T7269] loop0: detected capacity change from 0 to 16 [ 266.896991][ T7269] erofs: (device loop0): mounted with root inode @ nid 36. [ 268.275808][ T7275] loop4: detected capacity change from 0 to 128 [ 268.305222][ T7275] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 268.570965][ T7275] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 269.873902][ T7280] loop0: detected capacity change from 0 to 256 [ 271.495425][ T7280] FAT-fs (loop0): Directory bread(block 64) failed [ 271.502269][ T7280] FAT-fs (loop0): Directory bread(block 65) failed [ 271.509274][ T7280] FAT-fs (loop0): Directory bread(block 66) failed [ 271.574083][ T7280] FAT-fs (loop0): Directory bread(block 67) failed [ 271.603679][ T7280] FAT-fs (loop0): Directory bread(block 68) failed [ 271.610616][ T7280] FAT-fs (loop0): Directory bread(block 69) failed [ 271.792908][ T7280] FAT-fs (loop0): Directory bread(block 70) failed [ 271.800832][ T7280] FAT-fs (loop0): Directory bread(block 71) failed [ 271.810625][ T7280] FAT-fs (loop0): Directory bread(block 72) failed [ 271.818605][ T7280] FAT-fs (loop0): Directory bread(block 73) failed [ 274.290700][ T7312] tipc: Enabling of bearer rejected, already enabled [ 274.421306][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 274.621310][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 274.639835][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 274.662105][ T9] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 274.701139][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.720706][ T9] usb 5-1: config 0 descriptor?? [ 274.868740][ T7318] gfs2: gfs2 mount does not exist [ 275.532903][ T9] hid (null): global environment stack underflow [ 275.549677][ T9] hid (null): global environment stack underflow [ 275.571723][ T9] hid (null): report_id 3899690137 is invalid [ 275.589566][ T9] hid (null): report_id 1862125167 is invalid [ 275.722907][ T7314] loop3: detected capacity change from 0 to 40427 [ 275.784383][ T7314] F2FS-fs (loop3): invalid crc value [ 275.821891][ T5861] usb 5-1: USB disconnect, device number 2 [ 275.830122][ T7314] F2FS-fs (loop3): Found nat_bits in checkpoint [ 276.652976][ T7314] F2FS-fs (loop3): Start checkpoint disabled! [ 276.662694][ T7327] loop4: detected capacity change from 0 to 512 [ 276.687225][ T7327] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 276.697861][ T7314] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 276.766032][ T7327] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 276.792749][ T7327] System zones: 0-2, 18-18, 34-34 [ 276.818343][ T7314] syz.3.291: attempt to access beyond end of device [ 276.818343][ T7314] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 276.838936][ T7327] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 277.007614][ T28] audit: type=1800 audit(276.951:11): pid=7327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.295" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 277.053822][ T34] kworker/u4:2: attempt to access beyond end of device [ 277.053822][ T34] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 277.073763][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 277.084573][ T7327] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 277.089406][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 277.109583][ T7337] netlink: 4 bytes leftover after parsing attributes in process `syz.2.298'. [ 277.125038][ T7327] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 32896 with max blocks 1 with error 28 [ 277.150204][ T34] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 277.171628][ T7327] EXT4-fs (loop4): This should not happen!! Data will be lost [ 277.171628][ T7327] [ 277.192498][ T7327] EXT4-fs (loop4): Total free blocks count 0 [ 277.214303][ T7327] EXT4-fs (loop4): Free/Dirty block details [ 277.220480][ T7327] EXT4-fs (loop4): free_blocks=39626 [ 277.241292][ T7327] EXT4-fs (loop4): dirty_blocks=1 [ 277.255673][ T7327] EXT4-fs (loop4): Block reservation details [ 277.269443][ T7327] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 277.447193][ T5961] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.194591][ T7349] tipc: Enabling of bearer rejected, already enabled [ 279.496942][ T7357] loop0: detected capacity change from 0 to 16 [ 279.532792][ T7357] erofs: (device loop0): mounted with root inode @ nid 36. [ 281.338885][ T7366] serio: Serial port ptm0 [ 284.331972][ T7363] netlink: 4 bytes leftover after parsing attributes in process `syz.3.307'. [ 284.548169][ T7370] loop4: detected capacity change from 0 to 2048 [ 284.658970][ T7372] netlink: 8 bytes leftover after parsing attributes in process `syz.0.308'. [ 284.709428][ T7370] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 285.386254][ T7370] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 285.449675][ T7387] bpq0: entered allmulticast mode [ 285.464810][ T7370] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2097151 with max blocks 1 with error 28 [ 285.479474][ T7370] EXT4-fs (loop4): This should not happen!! Data will be lost [ 285.479474][ T7370] [ 285.489371][ T7370] EXT4-fs (loop4): Total free blocks count 0 [ 285.495587][ T7370] EXT4-fs (loop4): Free/Dirty block details [ 285.501750][ T7370] EXT4-fs (loop4): free_blocks=2415919504 [ 285.507756][ T7370] EXT4-fs (loop4): dirty_blocks=32 [ 285.513202][ T7370] EXT4-fs (loop4): Block reservation details [ 285.519405][ T7370] EXT4-fs (loop4): i_reserved_data_blocks=2 [ 285.673055][ T7369] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 287.951479][ T7404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.317'. [ 287.970128][ T7404] IPv6: NLM_F_CREATE should be specified when creating new route [ 287.994887][ T7404] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 288.002771][ T7404] IPv6: NLM_F_CREATE should be set when creating new route [ 288.010175][ T7404] IPv6: NLM_F_CREATE should be set when creating new route [ 288.017486][ T7404] IPv6: NLM_F_CREATE should be set when creating new route [ 296.722230][ T7486] Bluetooth: MGMT ver 1.22 [ 296.896469][ T7492] loop3: detected capacity change from 0 to 512 [ 296.917221][ T7492] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 296.961667][ T7492] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 296.981380][ T7492] System zones: 0-2, 18-18, 34-34 [ 296.992325][ T7492] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 297.072984][ T28] audit: type=1800 audit(297.011:12): pid=7492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.340" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 297.121645][ T7492] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 297.162546][ T7492] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 32896 with max blocks 1 with error 28 [ 297.193631][ T7492] EXT4-fs (loop3): This should not happen!! Data will be lost [ 297.193631][ T7492] [ 297.217369][ T7492] EXT4-fs (loop3): Total free blocks count 0 [ 297.233529][ T7492] EXT4-fs (loop3): Free/Dirty block details [ 297.250186][ T7492] EXT4-fs (loop3): free_blocks=39626 [ 297.269216][ T7492] EXT4-fs (loop3): dirty_blocks=1 [ 297.319181][ T7492] EXT4-fs (loop3): Block reservation details [ 297.325417][ T7492] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 297.729197][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.591112][ T7506] batadv0: entered allmulticast mode [ 298.606567][ T7506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.883075][ T7537] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 300.890543][ T7537] IPv6: NLM_F_CREATE should be set when creating new route [ 300.897973][ T7537] IPv6: NLM_F_CREATE should be set when creating new route [ 300.905249][ T7537] IPv6: NLM_F_CREATE should be set when creating new route [ 307.053774][ T7556] netlink: 4 bytes leftover after parsing attributes in process `syz.3.360'. [ 307.915982][ T7574] gfs2: gfs2 mount does not exist [ 308.736614][ T7590] netlink: 4 bytes leftover after parsing attributes in process `syz.3.371'. [ 310.064304][ T7607] IPVS: length: 73 != 24 [ 312.018585][ T7634] batadv1: entered allmulticast mode [ 312.031457][ T7634] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 312.643765][ T48] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 313.055357][ T7645] loop0: detected capacity change from 0 to 2048 [ 313.063178][ T7645] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 313.120883][ T7564] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 313.181685][ T7645] loop0: detected capacity change from 0 to 128 [ 313.433772][ T7645] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 313.918654][ T7543] udevd[7543]: incorrect ext4 checksum on /dev/loop0 [ 313.939438][ T7658] loop0: detected capacity change from 0 to 1024 [ 315.958139][ T7682] gfs2: gfs2 mount does not exist [ 316.721654][ T7689] tipc: Enabling of bearer rejected, already enabled [ 317.278708][ T7698] loop0: detected capacity change from 0 to 2048 [ 317.306459][ T7698] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 317.376050][ T7543] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 317.469725][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.476324][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.982210][ T7698] loop0: detected capacity change from 0 to 128 [ 318.013485][ T7698] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 318.055691][ T7543] udevd[7543]: incorrect ext4 checksum on /dev/loop0 [ 318.158997][ T7711] loop0: detected capacity change from 0 to 1024 [ 319.520058][ T7726] loop0: detected capacity change from 0 to 128 [ 319.678280][ T7727] virtio-fs: tag not found [ 320.598326][ T7734] loop4: detected capacity change from 0 to 256 [ 320.660516][ T7734] FAT-fs (loop4): Directory bread(block 64) failed [ 320.676753][ T7735] tipc: Enabling of bearer rejected, already enabled [ 320.677545][ T7734] FAT-fs (loop4): Directory bread(block 65) failed [ 320.704426][ T7734] FAT-fs (loop4): Directory bread(block 66) failed [ 320.721845][ T7734] FAT-fs (loop4): Directory bread(block 67) failed [ 320.734216][ T7734] FAT-fs (loop4): Directory bread(block 68) failed [ 320.753311][ T7734] FAT-fs (loop4): Directory bread(block 69) failed [ 320.770334][ T7734] FAT-fs (loop4): Directory bread(block 70) failed [ 320.778771][ T7734] FAT-fs (loop4): Directory bread(block 71) failed [ 320.785888][ T7734] FAT-fs (loop4): Directory bread(block 72) failed [ 320.802332][ T7734] FAT-fs (loop4): Directory bread(block 73) failed [ 322.686728][ T7748] loop0: detected capacity change from 0 to 2048 [ 322.705168][ T7748] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 323.065539][ T7543] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 323.119902][ T7748] loop0: detected capacity change from 0 to 128 [ 323.121731][ T7543] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 323.183675][ T7543] udevd[7543]: incorrect ext4 checksum on /dev/loop0 [ 323.190569][ T7748] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 323.263539][ T7543] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 323.354941][ T7755] loop0: detected capacity change from 0 to 1024 [ 324.107226][ T7762] loop4: detected capacity change from 0 to 128 [ 324.285909][ T7763] virtio-fs: tag not found [ 324.948526][ T7773] loop0: detected capacity change from 0 to 256 [ 325.008723][ T7773] FAT-fs (loop0): Directory bread(block 64) failed [ 325.008767][ T7773] FAT-fs (loop0): Directory bread(block 65) failed [ 325.008868][ T7773] FAT-fs (loop0): Directory bread(block 66) failed [ 325.008898][ T7773] FAT-fs (loop0): Directory bread(block 67) failed [ 325.009048][ T7773] FAT-fs (loop0): Directory bread(block 68) failed [ 325.009077][ T7773] FAT-fs (loop0): Directory bread(block 69) failed [ 325.009181][ T7773] FAT-fs (loop0): Directory bread(block 70) failed [ 325.009210][ T7773] FAT-fs (loop0): Directory bread(block 71) failed [ 325.009312][ T7773] FAT-fs (loop0): Directory bread(block 72) failed [ 325.009340][ T7773] FAT-fs (loop0): Directory bread(block 73) failed [ 326.967595][ T7789] tipc: Enabled bearer , priority 10 [ 328.319696][ T7807] loop2: detected capacity change from 0 to 128 [ 329.068874][ T7806] virtio-fs: tag not found [ 329.380770][ T7809] loop4: detected capacity change from 0 to 2048 [ 329.392931][ T7809] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 329.461515][ T7764] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 329.475546][ T7809] loop4: detected capacity change from 0 to 128 [ 329.490150][ T7764] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 329.516951][ T7764] Buffer I/O error on dev loop4, logical block 0, async page read [ 329.541214][ T7809] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 329.563442][ T7764] udevd[7764]: incorrect ext4 checksum on /dev/loop4 [ 329.689569][ T7817] loop4: detected capacity change from 0 to 1024 [ 330.111971][ T7820] loop3: detected capacity change from 0 to 256 [ 330.200665][ T7820] FAT-fs (loop3): Directory bread(block 64) failed [ 330.215801][ T7820] FAT-fs (loop3): Directory bread(block 65) failed [ 330.234114][ T7820] FAT-fs (loop3): Directory bread(block 66) failed [ 330.248579][ T7820] FAT-fs (loop3): Directory bread(block 67) failed [ 330.269072][ T7820] FAT-fs (loop3): Directory bread(block 68) failed [ 330.287807][ T7820] FAT-fs (loop3): Directory bread(block 69) failed [ 330.304656][ T7820] FAT-fs (loop3): Directory bread(block 70) failed [ 330.323617][ T7820] FAT-fs (loop3): Directory bread(block 71) failed [ 330.334965][ T7820] FAT-fs (loop3): Directory bread(block 72) failed [ 330.361132][ T7820] FAT-fs (loop3): Directory bread(block 73) failed [ 334.009833][ T7838] loop2: detected capacity change from 0 to 40427 [ 334.066388][ T7838] F2FS-fs (loop2): invalid crc value [ 334.578293][ T7838] F2FS-fs (loop2): Found nat_bits in checkpoint [ 334.995957][ T7838] F2FS-fs (loop2): Start checkpoint disabled! [ 335.050163][ T7838] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 335.468451][ T7865] loop0: detected capacity change from 0 to 2048 [ 335.496632][ T7865] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 335.503615][ T7868] syz.2.443: attempt to access beyond end of device [ 335.503615][ T7868] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 335.756025][ T7872] loop0: detected capacity change from 0 to 1024 [ 335.829783][ T7870] program syz.3.453 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 335.845265][ T7870] program syz.3.453 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 335.854790][ T7870] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 336.715456][ T7877] loop0: detected capacity change from 0 to 256 [ 336.791754][ T7877] FAT-fs (loop0): Directory bread(block 64) failed [ 336.798493][ T7877] FAT-fs (loop0): Directory bread(block 65) failed [ 336.821745][ T7877] FAT-fs (loop0): Directory bread(block 66) failed [ 336.828372][ T7877] FAT-fs (loop0): Directory bread(block 67) failed [ 336.864229][ T7877] FAT-fs (loop0): Directory bread(block 68) failed [ 336.870866][ T7877] FAT-fs (loop0): Directory bread(block 69) failed [ 336.879828][ T2984] kworker/u4:9: attempt to access beyond end of device [ 336.879828][ T2984] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 336.895826][ T7877] FAT-fs (loop0): Directory bread(block 70) failed [ 336.912566][ T7877] FAT-fs (loop0): Directory bread(block 71) failed [ 336.919262][ T7877] FAT-fs (loop0): Directory bread(block 72) failed [ 336.938518][ T2984] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 336.946116][ T7877] FAT-fs (loop0): Directory bread(block 73) failed [ 340.556673][ T7904] loop2: detected capacity change from 0 to 2048 [ 340.572337][ T7904] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 341.338456][ T7917] serio: Serial port ptm0 [ 345.005386][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 345.071833][ T7960] loop2: detected capacity change from 0 to 2048 [ 345.079657][ T7960] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 345.412104][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 345.420377][ T9] usb 4-1: config 8 has an invalid interface number: 57 but max is 0 [ 345.428839][ T9] usb 4-1: config 8 has no interface number 0 [ 345.436532][ T9] usb 4-1: config 8 interface 57 altsetting 5 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 345.448233][ T9] usb 4-1: config 8 interface 57 has no altsetting 0 [ 345.966727][ T9] usb 4-1: New USB device found, idVendor=39c6, idProduct=8f68, bcdDevice=dd.44 [ 345.976220][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.984921][ T9] usb 4-1: Product: syz [ 345.989663][ T9] usb 4-1: Manufacturer: syz [ 345.994924][ T9] usb 4-1: SerialNumber: syz [ 346.650456][ T9] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 346.669792][ T9] usb 4-1: MIDIStreaming interface descriptor not found [ 346.893378][ T9] usb 4-1: USB disconnect, device number 2 [ 361.321286][ T8064] vivid-007: ================= START STATUS ================= [ 364.049331][ T8064] vivid-007: Generate PTS: true [ 364.201110][ T8064] vivid-007: Generate SCR: true [ 364.261199][ T8064] tpg source WxH: 640x360 (Y'CbCr) [ 364.294197][ T8064] tpg field: 1 [ 364.333594][ T8064] tpg crop: 640x360@0x0 [ 364.370201][ T8064] tpg compose: 640x360@0x0 [ 364.391337][ T8064] tpg colorspace: 8 [ 364.399060][ T8064] tpg transfer function: 0/0 [ 364.420697][ T8064] tpg Y'CbCr encoding: 0/0 [ 364.447257][ T8064] tpg quantization: 0/0 [ 364.451716][ T8064] tpg RGB range: 0/2 [ 364.463154][ T8064] vivid-007: ================== END STATUS ================== [ 366.311576][ T8093] gfs2: gfs2 mount does not exist [ 370.746329][ T8113] vivid-007: ================= START STATUS ================= [ 370.754741][ T8113] vivid-007: Generate PTS: true [ 370.759748][ T8113] vivid-007: Generate SCR: true [ 370.764919][ T8113] tpg source WxH: 640x360 (Y'CbCr) [ 370.770221][ T8113] tpg field: 1 [ 370.773827][ T8113] tpg crop: 640x360@0x0 [ 370.778089][ T8113] tpg compose: 640x360@0x0 [ 370.782896][ T8113] tpg colorspace: 8 [ 370.786752][ T8113] tpg transfer function: 0/0 [ 370.791480][ T8113] tpg Y'CbCr encoding: 0/0 [ 370.796065][ T8113] tpg quantization: 0/0 [ 370.800339][ T8113] tpg RGB range: 0/2 [ 370.804336][ T8113] vivid-007: ================== END STATUS ================== [ 372.014718][ T8122] loop4: detected capacity change from 0 to 512 [ 372.040412][ T8122] FAT-fs (loop4): Unrecognized mount option "nodo|s" or missing value [ 373.197493][ T8136] gfs2: gfs2 mount does not exist [ 377.139625][ T8154] vivid-007: ================= START STATUS ================= [ 378.895989][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.904616][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.097714][ T8154] vivid-007: Generate PTS: true [ 381.378017][ T8154] vivid-007: Generate SCR: true [ 381.389096][ T8154] tpg source WxH: 640x360 (Y'CbCr) [ 381.400041][ T8154] tpg field: 1 [ 381.407721][ T8154] tpg crop: 640x360@0x0 [ 381.416811][ T8154] tpg compose: 640x360@0x0 [ 381.427094][ T8154] tpg colorspace: 8 [ 381.434468][ T8154] tpg transfer function: 0/0 [ 381.444772][ T8154] tpg Y'CbCr encoding: 0/0 [ 381.453790][ T8154] tpg quantization: 0/0 [ 381.462539][ T8154] tpg RGB range: 0/2 [ 381.469954][ T8154] vivid-007: ================== END STATUS ================== [ 382.572887][ T8179] gfs2: gfs2 mount does not exist [ 384.871206][ T28] audit: type=1326 audit(384.751:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8185 comm="syz.3.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 386.092653][ T28] audit: type=1326 audit(384.751:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8185 comm="syz.3.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 388.833375][ T8206] vivid-007: ================= START STATUS ================= [ 388.841263][ T8206] vivid-007: Generate PTS: true [ 388.846385][ T8206] vivid-007: Generate SCR: true [ 388.851538][ T8206] tpg source WxH: 640x360 (Y'CbCr) [ 388.857077][ T8206] tpg field: 1 [ 388.860551][ T8206] tpg crop: 640x360@0x0 [ 388.865115][ T8206] tpg compose: 640x360@0x0 [ 388.869663][ T8206] tpg colorspace: 8 [ 388.873613][ T8206] tpg transfer function: 0/0 [ 388.878319][ T8206] tpg Y'CbCr encoding: 0/0 [ 388.883194][ T8206] tpg quantization: 0/0 [ 388.887739][ T8206] tpg RGB range: 0/2 [ 388.892072][ T8206] vivid-007: ================== END STATUS ================== [ 389.414054][ T8213] loop2: detected capacity change from 0 to 764 [ 390.173597][ T8221] gfs2: gfs2 mount does not exist [ 392.248910][ T8244] tipc: Enabling of bearer rejected, already enabled [ 393.481771][ T28] audit: type=1326 audit(393.431:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8241 comm="syz.3.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 393.644718][ T28] audit: type=1326 audit(393.431:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8241 comm="syz.3.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 393.876526][ T28] audit: type=1326 audit(393.621:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8241 comm="syz.3.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 394.049264][ T28] audit: type=1326 audit(393.621:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8241 comm="syz.3.557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 395.511799][ T8253] vivid-007: ================= START STATUS ================= [ 395.532473][ T8253] vivid-007: Generate PTS: true [ 395.547694][ T8253] vivid-007: Generate SCR: true [ 395.558137][ T8253] tpg source WxH: 640x360 (Y'CbCr) [ 395.584453][ T8253] tpg field: 1 [ 395.591538][ T8253] tpg crop: 640x360@0x0 [ 395.636665][ T8253] tpg compose: 640x360@0x0 [ 395.648200][ T8253] tpg colorspace: 8 [ 395.661099][ T8253] tpg transfer function: 0/0 [ 395.688113][ T8253] tpg Y'CbCr encoding: 0/0 [ 395.696558][ T8253] tpg quantization: 0/0 [ 395.715297][ T8253] tpg RGB range: 0/2 [ 395.732948][ T8253] vivid-007: ================== END STATUS ================== [ 396.459968][ T8262] gfs2: gfs2 mount does not exist [ 400.217236][ T28] audit: type=1326 audit(400.161:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.2.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 400.465023][ T28] audit: type=1326 audit(400.161:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.2.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 400.648196][ T28] audit: type=1326 audit(400.331:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.2.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 400.834385][ T28] audit: type=1326 audit(400.331:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.2.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 400.895303][ T8294] vivid-007: ================= START STATUS ================= [ 400.949929][ T8294] vivid-007: Generate PTS: true [ 400.989358][ T8294] vivid-007: Generate SCR: true [ 401.041812][ T8294] tpg source WxH: 640x360 (Y'CbCr) [ 401.080500][ T8294] tpg field: 1 [ 401.106670][ T8294] tpg crop: 640x360@0x0 [ 401.151843][ T8294] tpg compose: 640x360@0x0 [ 401.179160][ T8294] tpg colorspace: 8 [ 401.202038][ T8294] tpg transfer function: 0/0 [ 401.222689][ T8294] tpg Y'CbCr encoding: 0/0 [ 401.260717][ T8294] tpg quantization: 0/0 [ 401.294794][ T8294] tpg RGB range: 0/2 [ 401.324375][ T8289] tipc: Enabling of bearer rejected, already enabled [ 401.331248][ T8294] vivid-007: ================== END STATUS ================== [ 403.670293][ T8311] gfs2: gfs2 mount does not exist [ 406.842870][ T8327] vivid-007: ================= START STATUS ================= [ 406.851163][ T8327] vivid-007: Generate PTS: true [ 406.856100][ T8327] vivid-007: Generate SCR: true [ 406.866011][ T8327] tpg source WxH: 640x360 (Y'CbCr) [ 406.871736][ T8327] tpg field: 1 [ 406.875156][ T8327] tpg crop: 640x360@0x0 [ 406.887717][ T8328] tipc: Enabling of bearer rejected, already enabled [ 406.895623][ T8327] tpg compose: 640x360@0x0 [ 406.900090][ T8327] tpg colorspace: 8 [ 406.912948][ T8327] tpg transfer function: 0/0 [ 406.918266][ T8327] tpg Y'CbCr encoding: 0/0 [ 406.924716][ T8327] tpg quantization: 0/0 [ 406.929160][ T8327] tpg RGB range: 0/2 [ 406.935110][ T8327] vivid-007: ================== END STATUS ================== [ 407.666840][ T8333] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 407.686597][ T8333] loop0: detected capacity change from 0 to 512 [ 408.002430][ T8333] EXT4-fs (loop0): orphan cleanup on readonly fs [ 408.009108][ T8333] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 408.024683][ T8333] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 408.040566][ T8333] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.583: attempt to clear invalid blocks 2 len 1 [ 408.054125][ T8333] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.583: invalid indirect mapped block 1819239214 (level 0) [ 408.068620][ T8333] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.583: invalid indirect mapped block 1819239214 (level 1) [ 408.084295][ T8333] EXT4-fs (loop0): 1 truncate cleaned up [ 408.091428][ T8333] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 409.507532][ T28] audit: type=1326 audit(409.041:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.3.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 411.369102][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 411.412357][ T28] audit: type=1326 audit(409.041:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.3.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 411.531226][ T28] audit: type=1326 audit(409.161:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.3.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 411.655281][ T28] audit: type=1326 audit(409.161:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.3.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f715f58ebe9 code=0x7ffc0000 [ 413.353213][ T8361] vivid-007: ================= START STATUS ================= [ 413.361644][ T8361] vivid-007: Generate PTS: true [ 413.367855][ T8361] vivid-007: Generate SCR: true [ 413.374357][ T8361] tpg source WxH: 640x360 (Y'CbCr) [ 413.389780][ T8361] tpg field: 1 [ 413.393676][ T8361] tpg crop: 640x360@0x0 [ 413.398193][ T8361] tpg compose: 640x360@0x0 [ 413.402918][ T8361] tpg colorspace: 8 [ 413.406985][ T8361] tpg transfer function: 0/0 [ 413.411913][ T8361] tpg Y'CbCr encoding: 0/0 [ 413.416792][ T8361] tpg quantization: 0/0 [ 413.421388][ T8361] tpg RGB range: 0/2 [ 413.425557][ T8361] vivid-007: ================== END STATUS ================== [ 413.473387][ T8362] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 413.479987][ T8362] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 413.488415][ T8362] vhci_hcd vhci_hcd.0: Device attached [ 413.619654][ T8363] vhci_hcd: connection closed [ 413.632383][ T2996] vhci_hcd: stop threads [ 413.645651][ T2996] vhci_hcd: release socket [ 413.650295][ T2996] vhci_hcd: disconnect device [ 414.712126][ T8375] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 414.827777][ T8371] loop3: detected capacity change from 0 to 512 [ 414.872614][ T8371] EXT4-fs (loop3): orphan cleanup on readonly fs [ 414.879034][ T8371] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 414.893190][ T8371] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 414.911719][ T8371] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.595: attempt to clear invalid blocks 2 len 1 [ 414.941509][ T8371] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.595: invalid indirect mapped block 1819239214 (level 0) [ 414.956226][ T8371] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.595: invalid indirect mapped block 1819239214 (level 1) [ 414.972793][ T8371] EXT4-fs (loop3): 1 truncate cleaned up [ 414.979898][ T8371] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 415.371202][ T28] audit: type=1326 audit(415.211:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8377 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 415.531234][ T28] audit: type=1326 audit(415.211:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8377 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 415.564643][ T28] audit: type=1326 audit(415.211:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8377 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 416.365225][ T28] audit: type=1326 audit(415.221:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8377 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 417.459193][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.672083][ T8384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.598'. [ 421.770152][ T8403] gfs2: gfs2 mount does not exist [ 421.820912][ T8405] vivid-007: ================= START STATUS ================= [ 421.829041][ T8405] vivid-007: Generate PTS: true [ 421.834146][ T8405] vivid-007: Generate SCR: true [ 421.839161][ T8405] tpg source WxH: 640x360 (Y'CbCr) [ 421.844586][ T8405] tpg field: 1 [ 421.848126][ T8405] tpg crop: 640x360@0x0 [ 421.852459][ T8405] tpg compose: 640x360@0x0 [ 421.857008][ T8405] tpg colorspace: 8 [ 421.861008][ T8405] tpg transfer function: 0/0 [ 421.865727][ T8405] tpg Y'CbCr encoding: 0/0 [ 421.870262][ T8405] tpg quantization: 0/0 [ 421.874669][ T8405] tpg RGB range: 0/2 [ 421.958877][ T8405] vivid-007: ================== END STATUS ================== [ 422.432792][ T8405] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 422.439381][ T8405] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 422.447667][ T8405] vhci_hcd vhci_hcd.0: Device attached [ 422.453612][ T8407] vhci_hcd: connection closed [ 422.473700][ T2996] vhci_hcd: stop threads [ 422.619942][ T2996] vhci_hcd: release socket [ 422.771239][ T965] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 422.784579][ T2996] vhci_hcd: disconnect device [ 423.290404][ T8421] netlink: 4 bytes leftover after parsing attributes in process `syz.0.609'. [ 423.313657][ T8421] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 423.334690][ T8421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 423.347059][ T8414] loop4: detected capacity change from 0 to 32768 [ 423.408799][ T8414] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 423.418856][ T8421] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 423.433683][ T8421] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 423.495863][ T8414] XFS (loop4): Ending clean mount [ 425.138502][ T5961] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 426.528050][ T28] audit: type=1326 audit(426.461:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.0.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 426.633731][ T28] audit: type=1326 audit(426.471:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.0.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 426.757294][ T28] audit: type=1326 audit(426.471:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.0.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 426.887052][ T28] audit: type=1326 audit(426.471:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.0.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 428.549444][ T965] vhci_hcd: vhci_device speed not set [ 430.585565][ T8467] loop0: detected capacity change from 0 to 128 [ 432.268634][ T8470] virtio-fs: tag not found [ 433.448547][ T8482] netlink: 4 bytes leftover after parsing attributes in process `syz.4.623'. [ 434.129518][ T28] audit: type=1326 audit(434.071:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.4.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 434.167146][ T28] audit: type=1326 audit(434.071:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.4.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 434.201135][ T28] audit: type=1326 audit(434.071:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.4.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 434.234835][ T28] audit: type=1326 audit(434.071:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8485 comm="syz.4.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 436.867680][ T8475] batadv1: entered allmulticast mode [ 436.885867][ T8475] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 436.952835][ T2984] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 439.383433][ T8510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.632'. [ 439.401166][ T8510] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 439.408657][ T8510] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 439.701943][ T8510] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 439.702273][ T5801] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 439.719151][ T8510] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 439.720199][ T5801] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 439.742474][ T5801] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 439.753801][ T5801] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 439.768530][ T5801] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 439.777300][ T5801] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 439.939362][ T8436] bridge0: port 3(syz_tun) entered disabled state [ 439.977675][ T8436] syz_tun (unregistering): left allmulticast mode [ 439.984294][ T8436] syz_tun (unregistering): left promiscuous mode [ 439.990779][ T8436] bridge0: port 3(syz_tun) entered disabled state [ 440.338250][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.344988][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.055011][ T28] audit: type=1326 audit(441.001:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8518 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 441.354998][ T28] audit: type=1326 audit(441.001:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8518 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 441.387618][ T8508] chnl_net:caif_netlink_parms(): no params data found [ 441.852600][ T5799] Bluetooth: hci4: command tx timeout [ 444.161322][ T5799] Bluetooth: hci4: command tx timeout [ 446.121837][ T28] audit: type=1326 audit(446.051:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 446.171120][ T5799] Bluetooth: hci4: command tx timeout [ 446.187707][ T28] audit: type=1326 audit(446.051:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 446.212485][ T28] audit: type=1326 audit(446.051:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 447.081898][ T28] audit: type=1326 audit(446.051:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 447.114086][ T28] audit: type=1326 audit(446.051:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 447.202695][ T28] audit: type=1326 audit(446.051:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 447.489619][ T28] audit: type=1326 audit(446.051:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 447.530626][ T8553] serio: Serial port ptm0 [ 447.572436][ T28] audit: type=1326 audit(446.051:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 447.590756][ T1037] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.621090][ T28] audit: type=1326 audit(446.051:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 447.659689][ T28] audit: type=1326 audit(446.051:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8539 comm="syz.2.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 447.695370][ T8556] netlink: 4 bytes leftover after parsing attributes in process `syz.2.642'. [ 447.772757][ T1037] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.894532][ T8508] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.911235][ T8508] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.918533][ T8508] bridge_slave_0: entered allmulticast mode [ 447.939778][ T8563] loop2: detected capacity change from 0 to 2048 [ 447.954896][ T8508] bridge_slave_0: entered promiscuous mode [ 447.961710][ T8563] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 447.994972][ T1037] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 448.033188][ T8508] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.040429][ T8508] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.062888][ T8508] bridge_slave_1: entered allmulticast mode [ 448.099788][ T8565] loop2: detected capacity change from 0 to 1024 [ 448.194780][ T8508] bridge_slave_1: entered promiscuous mode [ 448.251157][ T5799] Bluetooth: hci4: command tx timeout [ 448.306313][ T1037] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 448.484257][ T8508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.507398][ T8508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.796136][ T8508] team0: Port device team_slave_0 added [ 448.805256][ T8508] team0: Port device team_slave_1 added [ 449.885785][ T8508] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.959432][ T8508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 450.222112][ T8508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 450.313073][ T8508] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 450.331593][ T8508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 450.615376][ T8508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 452.141189][ T1037] tipc: Disabling bearer [ 452.162794][ T1037] tipc: Left network mode [ 452.241948][ T8508] hsr_slave_0: entered promiscuous mode [ 452.272919][ T8508] hsr_slave_1: entered promiscuous mode [ 452.335274][ T8508] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 452.418787][ T8508] Cannot create hsr debugfs directory [ 455.970381][ T8596] loop0: detected capacity change from 0 to 2048 [ 456.042306][ T8596] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 456.072028][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.4.652'. [ 456.149572][ T8071] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 456.215384][ T8596] loop0: detected capacity change from 0 to 128 [ 456.231767][ T8071] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 456.266252][ T8596] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 456.279576][ T8071] udevd[8071]: incorrect ext4 checksum on /dev/loop0 [ 456.427156][ T8610] loop0: detected capacity change from 0 to 1024 [ 457.159310][ T8508] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 457.383657][ T8592] loop2: detected capacity change from 0 to 40427 [ 457.455864][ T8508] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 457.482262][ T8592] F2FS-fs (loop2): invalid crc value [ 457.529042][ T8592] F2FS-fs (loop2): Found nat_bits in checkpoint [ 457.653583][ T8508] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 457.706214][ T8508] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 457.712828][ T8592] F2FS-fs (loop2): Start checkpoint disabled! [ 457.727690][ T8592] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 457.940134][ T8592] syz.2.651: attempt to access beyond end of device [ 457.940134][ T8592] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 458.334076][ T1037] hsr_slave_0: left promiscuous mode [ 458.340427][ T1037] hsr_slave_1: left promiscuous mode [ 458.348556][ T1037] bridge_slave_1: left allmulticast mode [ 458.375176][ T1037] bridge_slave_1: left promiscuous mode [ 458.389782][ T34] kworker/u4:2: attempt to access beyond end of device [ 458.389782][ T34] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 458.391853][ T1037] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.404503][ T34] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 458.425289][ T34] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 458.503016][ T1037] bridge_slave_0: left allmulticast mode [ 458.510363][ T34] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 458.517618][ T1037] bridge_slave_0: left promiscuous mode [ 458.523706][ T1037] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.571528][ T1037] veth1_macvtap: left promiscuous mode [ 458.578082][ T1037] veth0_macvtap: left promiscuous mode [ 458.585339][ T1037] veth1_vlan: left promiscuous mode [ 458.591115][ T1037] veth0_vlan: left promiscuous mode [ 459.889999][ T1037] team0 (unregistering): Port device team_slave_1 removed [ 459.978251][ T1037] team0 (unregistering): Port device team_slave_0 removed [ 460.049054][ T1037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 460.127406][ T1037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 460.632729][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 460.632743][ T28] audit: type=1326 audit(460.581:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8649 comm="syz.4.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 460.661633][ T28] audit: type=1326 audit(460.581:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8649 comm="syz.4.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 460.949600][ T1037] bond0 (unregistering): Released all slaves [ 461.035740][ T8648] netlink: 116 bytes leftover after parsing attributes in process `syz.2.657'. [ 461.288461][ T8508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.499312][ T8508] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.537353][ T2996] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.544715][ T2996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.612841][ T2996] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.620115][ T2996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.948911][ T8666] loop2: detected capacity change from 0 to 2048 [ 461.985677][ T1037] IPVS: stop unused estimator thread 0... [ 461.995075][ T8666] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 462.335609][ T8680] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 462.387363][ T8508] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 462.500675][ T8683] netlink: 16 bytes leftover after parsing attributes in process `syz.0.663'. [ 463.022088][ T8508] veth0_vlan: entered promiscuous mode [ 463.341966][ T8508] veth1_vlan: entered promiscuous mode [ 463.523441][ T8699] vivid-007: ================= START STATUS ================= [ 464.084996][ T8508] veth0_macvtap: entered promiscuous mode [ 464.210119][ T8508] veth1_macvtap: entered promiscuous mode [ 465.405516][ T8508] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 465.825437][ T8508] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 465.904344][ T8699] vivid-007: Generate PTS: true [ 465.909460][ T8699] vivid-007: Generate SCR: true [ 465.914902][ T8699] tpg source WxH: 640x360 (Y'CbCr) [ 465.920230][ T8699] tpg field: 1 [ 465.925881][ T8699] tpg crop: 640x360@0x0 [ 465.930232][ T8699] tpg compose: 640x360@0x0 [ 465.935008][ T8699] tpg colorspace: 8 [ 465.938973][ T8699] tpg transfer function: 0/0 [ 465.943792][ T8699] tpg Y'CbCr encoding: 0/0 [ 465.948383][ T8699] tpg quantization: 0/0 [ 465.952889][ T8699] tpg RGB range: 0/2 [ 465.956957][ T8699] vivid-007: ================== END STATUS ================== [ 466.005452][ T8508] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.106242][ T8508] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.136476][ T8508] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.167010][ T8508] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.249447][ T8709] netlink: 116 bytes leftover after parsing attributes in process `syz.2.667'. [ 466.403025][ T8714] overlayfs: missing 'lowerdir' [ 466.538470][ T8715] 9pnet_fd: p9_fd_create_tcp (8715): problem connecting socket to 127.0.0.1 [ 467.038165][ T6871] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.111304][ T6871] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.214985][ T6871] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.229413][ T6871] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.270614][ T5781] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 469.605939][ T5781] usb 3-1: Using ep0 maxpacket: 16 [ 469.633937][ T5781] usb 3-1: config 1 has an invalid interface number: 76 but max is 0 [ 469.654901][ T5781] usb 3-1: config 1 has no interface number 0 [ 469.684588][ T5781] usb 3-1: config 1 interface 76 has no altsetting 0 [ 469.706310][ T5781] usb 3-1: New USB device found, idVendor=2692, idProduct=9005, bcdDevice=aa.0a [ 469.750609][ T5781] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.795525][ T5781] usb 3-1: Product: syz [ 469.805702][ T5781] usb 3-1: Manufacturer: syz [ 469.816187][ T5781] usb 3-1: SerialNumber: syz [ 469.926187][ T8754] overlayfs: missing 'lowerdir' [ 469.979933][ T8754] 9pnet_fd: p9_fd_create_tcp (8754): problem connecting socket to 127.0.0.1 [ 470.741158][ T5781] usb 3-1: can't set config #1, error -71 [ 470.772776][ T5781] usb 3-1: USB disconnect, device number 4 [ 471.633604][ T8777] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 471.765966][ T8770] loop0: detected capacity change from 0 to 512 [ 471.967336][ T8770] EXT4-fs (loop0): orphan cleanup on readonly fs [ 471.974038][ T8770] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 471.991930][ T8770] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 472.008630][ T8770] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.679: attempt to clear invalid blocks 2 len 1 [ 472.024728][ T8770] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.679: invalid indirect mapped block 1819239214 (level 0) [ 472.042431][ T8770] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.679: invalid indirect mapped block 1819239214 (level 1) [ 472.057883][ T8770] EXT4-fs (loop0): 1 truncate cleaned up [ 472.065071][ T8770] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 472.528456][ T8788] warning: `syz.2.686' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 472.859223][ T8797] gfs2: gfs2 mount does not exist [ 472.979460][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 475.157445][ T8814] loop4: detected capacity change from 0 to 2048 [ 475.262040][ T8814] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 475.732557][ T8804] overlayfs: missing 'lowerdir' [ 475.775501][ T8804] 9pnet_fd: p9_fd_create_tcp (8804): problem connecting socket to 127.0.0.1 [ 475.868525][ T8827] netlink: 16 bytes leftover after parsing attributes in process `syz.2.693'. [ 476.647842][ T28] audit: type=1326 audit(476.591:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8844 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 476.715471][ T28] audit: type=1326 audit(476.591:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8844 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 476.833509][ T28] audit: type=1326 audit(476.591:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8844 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 476.860052][ T8858] netlink: 4 bytes leftover after parsing attributes in process `syz.2.697'. [ 476.899355][ T28] audit: type=1326 audit(476.591:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8844 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 477.612117][ T8867] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 477.726269][ T8863] loop2: detected capacity change from 0 to 512 [ 477.763204][ T8863] EXT4-fs (loop2): orphan cleanup on readonly fs [ 477.769675][ T8863] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 477.779058][ T8863] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 477.793901][ T8863] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.698: attempt to clear invalid blocks 2 len 1 [ 477.810996][ T8863] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.698: invalid indirect mapped block 1819239214 (level 0) [ 477.827249][ T8863] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.698: invalid indirect mapped block 1819239214 (level 1) [ 477.853665][ T8863] EXT4-fs (loop2): 1 truncate cleaned up [ 477.860747][ T8863] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 478.127409][ T8878] loop0: detected capacity change from 0 to 256 [ 478.257459][ T8878] FAT-fs (loop0): Directory bread(block 64) failed [ 478.272204][ T8878] FAT-fs (loop0): Directory bread(block 65) failed [ 478.296651][ T8878] FAT-fs (loop0): Directory bread(block 66) failed [ 478.346304][ T8878] FAT-fs (loop0): Directory bread(block 67) failed [ 478.381193][ T8878] FAT-fs (loop0): Directory bread(block 68) failed [ 478.402473][ T8878] FAT-fs (loop0): Directory bread(block 69) failed [ 478.418080][ T8878] FAT-fs (loop0): Directory bread(block 70) failed [ 478.432240][ T8878] FAT-fs (loop0): Directory bread(block 71) failed [ 478.448821][ T8878] FAT-fs (loop0): Directory bread(block 72) failed [ 478.458879][ T8878] FAT-fs (loop0): Directory bread(block 73) failed [ 478.784166][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 480.521473][ T8886] loop5: detected capacity change from 0 to 32768 [ 480.530738][ T8895] loop0: detected capacity change from 0 to 2048 [ 480.555899][ T8895] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 480.713684][ T8886] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 480.761776][ T8906] loop0: detected capacity change from 0 to 1024 [ 481.199174][ T8886] XFS (loop5): Ending clean mount [ 481.522913][ T8508] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 484.013415][ T8938] syzkaller0: entered promiscuous mode [ 484.036619][ T8938] syzkaller0: entered allmulticast mode [ 484.083546][ T8945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.706'. [ 484.385360][ T8955] loop2: detected capacity change from 0 to 256 [ 484.447294][ T8955] FAT-fs (loop2): Directory bread(block 64) failed [ 484.462607][ T8955] FAT-fs (loop2): Directory bread(block 65) failed [ 484.478886][ T8955] FAT-fs (loop2): Directory bread(block 66) failed [ 484.496306][ T8955] FAT-fs (loop2): Directory bread(block 67) failed [ 484.512400][ T8955] FAT-fs (loop2): Directory bread(block 68) failed [ 484.533875][ T8955] FAT-fs (loop2): Directory bread(block 69) failed [ 484.552857][ T8955] FAT-fs (loop2): Directory bread(block 70) failed [ 484.575618][ T8955] FAT-fs (loop2): Directory bread(block 71) failed [ 484.595644][ T8955] FAT-fs (loop2): Directory bread(block 72) failed [ 484.617476][ T8955] FAT-fs (loop2): Directory bread(block 73) failed [ 489.787565][ T9006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.718'. [ 490.172582][ T9004] loop2: detected capacity change from 0 to 2048 [ 490.375578][ T9004] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 490.864352][ T9013] syzkaller0: entered promiscuous mode [ 490.869909][ T9013] syzkaller0: entered allmulticast mode [ 492.554090][ T9042] loop5: detected capacity change from 0 to 256 [ 492.637137][ T9042] FAT-fs (loop5): Directory bread(block 64) failed [ 492.672506][ T9042] FAT-fs (loop5): Directory bread(block 65) failed [ 492.695689][ T9042] FAT-fs (loop5): Directory bread(block 66) failed [ 492.712268][ T9042] FAT-fs (loop5): Directory bread(block 67) failed [ 492.729755][ T9042] FAT-fs (loop5): Directory bread(block 68) failed [ 492.750537][ T9042] FAT-fs (loop5): Directory bread(block 69) failed [ 492.757902][ T9042] FAT-fs (loop5): Directory bread(block 70) failed [ 492.780309][ T9042] FAT-fs (loop5): Directory bread(block 71) failed [ 492.797886][ T9042] FAT-fs (loop5): Directory bread(block 72) failed [ 492.811029][ T9042] FAT-fs (loop5): Directory bread(block 73) failed [ 493.022064][ T9047] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 493.132017][ T9045] loop4: detected capacity change from 0 to 512 [ 493.176434][ T9045] EXT4-fs (loop4): orphan cleanup on readonly fs [ 493.183182][ T9045] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 493.291409][ T9045] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 493.306407][ T9045] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.722: attempt to clear invalid blocks 2 len 1 [ 494.011362][ T9045] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.722: invalid indirect mapped block 1819239214 (level 0) [ 494.031204][ T9045] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.722: invalid indirect mapped block 1819239214 (level 1) [ 494.056575][ T9045] EXT4-fs (loop4): 1 truncate cleaned up [ 494.063779][ T9045] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 494.842725][ T5961] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 494.911248][ T9044] loop0: detected capacity change from 0 to 40427 [ 494.954068][ T9044] F2FS-fs (loop0): invalid crc value [ 494.980163][ T9044] F2FS-fs (loop0): Found nat_bits in checkpoint [ 495.577020][ T9044] F2FS-fs (loop0): Start checkpoint disabled! [ 495.610523][ T9044] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 496.138612][ T28] audit: type=1326 audit(496.081:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9077 comm="syz.4.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 496.203371][ T28] audit: type=1326 audit(496.081:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9077 comm="syz.4.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 496.271271][ T28] audit: type=1326 audit(496.081:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9077 comm="syz.4.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 496.358432][ T28] audit: type=1326 audit(496.081:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9077 comm="syz.4.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c4298ebe9 code=0x7ffc0000 [ 497.307025][ T9105] tipc: Started in network mode [ 497.312147][ T9105] tipc: Node identity ac1414aa, cluster identity 4711 [ 497.319491][ T9105] tipc: Enabled bearer , priority 10 [ 497.480752][ T9112] loop2: detected capacity change from 0 to 2048 [ 497.492448][ T9112] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 498.356140][ T5861] tipc: Node number set to 2886997162 [ 499.010475][ T9129] netlink: 4 bytes leftover after parsing attributes in process `syz.4.740'. [ 499.527413][ T9123] loop5: detected capacity change from 0 to 40427 [ 499.554029][ T9123] F2FS-fs (loop5): invalid crc value [ 499.585650][ T9123] F2FS-fs (loop5): Found nat_bits in checkpoint [ 499.759572][ T9123] F2FS-fs (loop5): Start checkpoint disabled! [ 499.794658][ T9123] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 499.832083][ T9137] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 499.948559][ T9134] loop4: detected capacity change from 0 to 512 [ 499.968686][ T9134] EXT4-fs (loop4): orphan cleanup on readonly fs [ 499.975423][ T9134] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 499.992298][ T9134] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 500.008726][ T9134] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.741: attempt to clear invalid blocks 2 len 1 [ 500.023893][ T9134] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.741: invalid indirect mapped block 1819239214 (level 0) [ 500.057293][ T9134] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.741: invalid indirect mapped block 1819239214 (level 1) [ 500.077656][ T9134] EXT4-fs (loop4): 1 truncate cleaned up [ 500.084882][ T9134] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 500.318201][ T9142] syz.5.738: attempt to access beyond end of device [ 500.318201][ T9142] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 501.508728][ T5961] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 501.728308][ T2996] kworker/u4:10: attempt to access beyond end of device [ 501.728308][ T2996] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 501.760313][ T2996] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 501.776369][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.785861][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.901538][ T9177] tipc: Enabling of bearer rejected, already enabled [ 503.653559][ T28] audit: type=1326 audit(503.591:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9184 comm="syz.0.749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 503.700853][ T28] audit: type=1326 audit(503.591:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9184 comm="syz.0.749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 503.750768][ T28] audit: type=1326 audit(503.591:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9184 comm="syz.0.749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 503.802417][ T28] audit: type=1326 audit(503.591:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9184 comm="syz.0.749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 508.913305][ T9236] loop5: detected capacity change from 0 to 2048 [ 508.934661][ T9236] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 509.143497][ T9241] loop5: detected capacity change from 0 to 1024 [ 509.590993][ T9245] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 509.721844][ T9245] loop0: detected capacity change from 0 to 512 [ 509.976348][ T9245] EXT4-fs (loop0): orphan cleanup on readonly fs [ 509.983968][ T9245] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 510.056823][ T9245] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 510.087529][ T9245] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.755: attempt to clear invalid blocks 2 len 1 [ 510.140996][ T9245] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.755: invalid indirect mapped block 1819239214 (level 0) [ 510.158650][ T9245] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.755: invalid indirect mapped block 1819239214 (level 1) [ 510.177032][ T9245] EXT4-fs (loop0): 1 truncate cleaned up [ 510.184271][ T9245] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 510.568914][ T9229] loop2: detected capacity change from 0 to 32768 [ 510.628776][ T9229] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 510.704986][ T9229] XFS (loop2): Ending clean mount [ 510.833966][ T9232] loop4: detected capacity change from 0 to 40427 [ 510.855100][ T9232] F2FS-fs (loop4): invalid crc value [ 510.868919][ T5791] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 510.958400][ T9232] F2FS-fs (loop4): Found nat_bits in checkpoint [ 510.972963][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 511.161720][ T9232] F2FS-fs (loop4): Start checkpoint disabled! [ 513.477731][ T28] audit: type=1326 audit(513.231:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 513.617488][ T28] audit: type=1326 audit(513.231:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9284 comm="syz.0.760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 516.099057][ T9315] tipc: Enabling of bearer rejected, already enabled [ 517.217472][ T9306] loop0: detected capacity change from 0 to 32768 [ 517.262002][ T9329] loop4: detected capacity change from 0 to 128 [ 517.289448][ T9306] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 517.313446][ T9329] virtio-fs: tag not found [ 517.450350][ T9338] loop5: detected capacity change from 0 to 2048 [ 517.458991][ T9338] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 517.529701][ T9306] XFS (loop0): Ending clean mount [ 517.878752][ T5790] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 520.344447][ T28] audit: type=1326 audit(520.291:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9357 comm="syz.2.774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 520.368310][ T28] audit: type=1326 audit(520.291:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9357 comm="syz.2.774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 520.402623][ T28] audit: type=1326 audit(520.291:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9357 comm="syz.2.774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 520.480052][ T28] audit: type=1326 audit(520.291:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9357 comm="syz.2.774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 521.805995][ T9376] netlink: 4 bytes leftover after parsing attributes in process `syz.0.777'. [ 522.565252][ T9387] vivid-007: ================= START STATUS ================= [ 522.573474][ T9387] vivid-007: Generate PTS: true [ 522.578661][ T9387] vivid-007: Generate SCR: true [ 522.583850][ T9387] tpg source WxH: 640x360 (Y'CbCr) [ 522.589345][ T9387] tpg field: 1 [ 522.593049][ T9387] tpg crop: 640x360@0x0 [ 522.597382][ T9387] tpg compose: 640x360@0x0 [ 522.602104][ T9387] tpg colorspace: 8 [ 522.606066][ T9387] tpg transfer function: 0/0 [ 522.610811][ T9387] tpg Y'CbCr encoding: 0/0 [ 522.615504][ T9387] tpg quantization: 0/0 [ 522.619851][ T9387] tpg RGB range: 0/2 [ 522.623959][ T9387] vivid-007: ================== END STATUS ================== [ 522.724376][ T9387] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 522.730983][ T9387] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 522.739138][ T9387] vhci_hcd vhci_hcd.0: Device attached [ 522.940218][ T9389] tipc: Enabling of bearer rejected, already enabled [ 523.015299][ T9390] vhci_hcd: connection closed [ 523.019210][ T2996] vhci_hcd: stop threads [ 523.179255][ T2996] vhci_hcd: release socket [ 523.255254][ T5888] usb 33-1: new high-speed USB device number 2 using vhci_hcd [ 523.284792][ T2996] vhci_hcd: disconnect device [ 523.380480][ T5888] usb 33-1: enqueue for inactive port 0 [ 523.638731][ T5888] vhci_hcd: vhci_device speed not set [ 525.815724][ T9415] loop0: detected capacity change from 0 to 2048 [ 525.825647][ T9415] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 525.897515][ T9417] loop2: detected capacity change from 0 to 128 [ 525.953030][ T9417] virtio-fs: tag not found [ 526.038407][ T9421] netlink: 4 bytes leftover after parsing attributes in process `syz.5.788'. [ 526.071904][ T9421] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 526.114698][ T9421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 526.148553][ T9421] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 526.184002][ T9421] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 527.566283][ T28] audit: type=1326 audit(527.431:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9426 comm="syz.0.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 527.659086][ T28] audit: type=1326 audit(527.431:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9426 comm="syz.0.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 527.691172][ T28] audit: type=1326 audit(527.431:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9426 comm="syz.0.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 527.715783][ T28] audit: type=1326 audit(527.431:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9426 comm="syz.0.790" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 530.741640][ T9432] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9) [ 530.748308][ T9432] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 530.757612][ T9432] vhci_hcd vhci_hcd.0: Device attached [ 530.870134][ T9435] vhci_hcd: connection closed [ 530.871485][ T48] vhci_hcd: stop threads [ 530.901677][ T48] vhci_hcd: release socket [ 530.921396][ T48] vhci_hcd: disconnect device [ 530.975952][ T9] vhci_hcd: vhci_device speed not set [ 532.080518][ T9445] tipc: Enabling of bearer rejected, already enabled [ 532.394128][ T9450] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 532.509339][ T9450] loop0: detected capacity change from 0 to 512 [ 532.648939][ T9450] EXT4-fs (loop0): orphan cleanup on readonly fs [ 532.655612][ T9450] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 532.683846][ T9450] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 532.733326][ T9450] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.794: attempt to clear invalid blocks 2 len 1 [ 532.759995][ T9450] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.794: invalid indirect mapped block 1819239214 (level 0) [ 532.786136][ T9450] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.794: invalid indirect mapped block 1819239214 (level 1) [ 532.834215][ T9450] EXT4-fs (loop0): 1 truncate cleaned up [ 532.856817][ T9450] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 534.667107][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 535.765586][ T9457] netlink: 116 bytes leftover after parsing attributes in process `syz.0.797'. [ 537.025151][ T9460] loop0: detected capacity change from 0 to 2048 [ 537.045943][ T9460] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 537.236806][ T9463] loop0: detected capacity change from 0 to 1024 [ 538.248655][ T28] audit: type=1326 audit(538.181:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9467 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 538.321043][ T28] audit: type=1326 audit(538.181:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9467 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 538.371460][ T28] audit: type=1326 audit(538.181:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9467 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 538.429875][ T28] audit: type=1326 audit(538.181:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9467 comm="syz.2.800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73e418ebe9 code=0x7ffc0000 [ 541.043212][ T9487] vivid-007: ================= START STATUS ================= [ 541.051283][ T9487] vivid-007: Generate PTS: true [ 541.056374][ T9487] vivid-007: Generate SCR: true [ 541.061622][ T9487] tpg source WxH: 640x360 (Y'CbCr) [ 541.066898][ T9487] tpg field: 1 [ 541.070367][ T9487] tpg crop: 640x360@0x0 [ 541.074707][ T9487] tpg compose: 640x360@0x0 [ 541.079265][ T9487] tpg colorspace: 8 [ 541.083324][ T9487] tpg transfer function: 0/0 [ 541.088147][ T9487] tpg Y'CbCr encoding: 0/0 [ 541.092680][ T9487] tpg quantization: 0/0 [ 541.096900][ T9487] tpg RGB range: 0/2 [ 541.101027][ T9487] vivid-007: ================== END STATUS ================== [ 541.550030][ T9487] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 541.556672][ T9487] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 541.565330][ T9487] vhci_hcd vhci_hcd.0: Device attached [ 541.565365][ T9490] vhci_hcd: connection closed [ 541.686441][ T6871] vhci_hcd: stop threads [ 541.718048][ T9496] netlink: 116 bytes leftover after parsing attributes in process `syz.2.806'. [ 543.391023][ T6871] vhci_hcd: release socket [ 543.984682][ T5888] usb 33-1: new high-speed USB device number 3 using vhci_hcd [ 544.352178][ T6871] vhci_hcd: disconnect device [ 544.501668][ T9503] loop0: detected capacity change from 0 to 2048 [ 544.514215][ T9503] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 547.557029][ T9519] tipc: Enabling of bearer rejected, already enabled [ 547.616335][ T9517] loop2: detected capacity change from 0 to 128 [ 548.346163][ T9517] virtio-fs: tag not found [ 550.111503][ T28] audit: type=1326 audit(550.051:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9527 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 550.135907][ T28] audit: type=1326 audit(550.051:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9527 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 550.160284][ T28] audit: type=1326 audit(550.051:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9527 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 550.186859][ T28] audit: type=1326 audit(550.051:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9527 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 550.270199][ T5888] vhci_hcd: vhci_device speed not set [ 550.852590][ T9537] netlink: 116 bytes leftover after parsing attributes in process `syz.0.818'. [ 554.185797][ T9559] tipc: Enabling of bearer rejected, already enabled [ 557.190014][ T28] audit: type=1326 audit(557.131:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9569 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 557.215346][ T28] audit: type=1326 audit(557.131:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9569 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 557.238642][ T28] audit: type=1326 audit(557.131:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9569 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 557.267151][ T28] audit: type=1326 audit(557.131:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9569 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d32f8ebe9 code=0x7ffc0000 [ 557.981744][ T9584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.830'. [ 559.914478][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 559.924899][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 559.943995][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 559.956238][ T5801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 559.966085][ T5801] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 559.973956][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 560.339794][ T9599] chnl_net:caif_netlink_parms(): no params data found [ 561.103787][ T9599] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.141172][ T9599] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.148498][ T9599] bridge_slave_0: entered allmulticast mode [ 561.172369][ T9599] bridge_slave_0: entered promiscuous mode [ 561.196914][ T9620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.839'. [ 561.212793][ T9599] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.227182][ T9599] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.245775][ T9599] bridge_slave_1: entered allmulticast mode [ 561.262620][ T9599] bridge_slave_1: entered promiscuous mode [ 561.464509][ T9627] vivid-007: ================= START STATUS ================= [ 561.472583][ T9627] vivid-007: Generate PTS: true [ 561.477803][ T9627] vivid-007: Generate SCR: true [ 561.483401][ T9627] tpg source WxH: 640x360 (Y'CbCr) [ 561.488722][ T9627] tpg field: 1 [ 561.492622][ T9627] tpg crop: 640x360@0x0 [ 561.497142][ T9627] tpg compose: 640x360@0x0 [ 561.502158][ T9627] tpg colorspace: 8 [ 561.506107][ T9627] tpg transfer function: 0/0 [ 561.510976][ T9627] tpg Y'CbCr encoding: 0/0 [ 561.537170][ T9627] tpg quantization: 0/0 [ 561.541831][ T9627] tpg RGB range: 0/2 [ 561.545897][ T9627] vivid-007: ================== END STATUS ================== [ 562.011037][ T5801] Bluetooth: hci2: command tx timeout [ 562.888732][ T9599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 562.954785][ T9599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 563.224198][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.233446][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.283733][ T9599] team0: Port device team_slave_0 added [ 563.294566][ T9599] team0: Port device team_slave_1 added [ 564.216930][ T5801] Bluetooth: hci2: command tx timeout [ 565.375451][ T5801] Bluetooth: hci4: command 0x0406 tx timeout [ 566.252107][ T5801] Bluetooth: hci2: command tx timeout [ 566.617717][ T9599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 566.636751][ T9599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 566.674415][ T9599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 566.700141][ T9599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 566.707519][ T9599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 566.742417][ T9599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 566.830649][ T9599] hsr_slave_0: entered promiscuous mode [ 566.839126][ T9599] hsr_slave_1: entered promiscuous mode [ 566.848571][ T9599] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 566.858362][ T9599] Cannot create hsr debugfs directory [ 567.383606][ T9659] vivid-007: ================= START STATUS ================= [ 567.394323][ T9659] vivid-007: Generate PTS: true [ 567.399532][ T9659] vivid-007: Generate SCR: true [ 567.404840][ T9659] tpg source WxH: 640x360 (Y'CbCr) [ 567.410617][ T9659] tpg field: 1 [ 567.414167][ T9659] tpg crop: 640x360@0x0 [ 567.418441][ T9659] tpg compose: 640x360@0x0 [ 567.423097][ T9659] tpg colorspace: 8 [ 567.426963][ T9659] tpg transfer function: 0/0 [ 567.431641][ T9659] tpg Y'CbCr encoding: 0/0 [ 567.436182][ T9659] tpg quantization: 0/0 [ 567.440737][ T9659] tpg RGB range: 0/2 [ 567.444802][ T9659] vivid-007: ================== END STATUS ================== [ 567.475926][ T9657] loop5: detected capacity change from 0 to 256 [ 567.885532][ T9659] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 567.892137][ T9659] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 567.900455][ T9659] vhci_hcd vhci_hcd.0: Device attached [ 568.216641][ T9662] vhci_hcd: connection closed [ 568.270224][ T6121] vhci_hcd: stop threads [ 568.279593][ T5781] usb 33-1: new high-speed USB device number 4 using vhci_hcd [ 568.331968][ T5799] Bluetooth: hci2: command tx timeout [ 568.384786][ T9657] FAT-fs (loop5): Directory bread(block 64) failed [ 568.422166][ T6121] vhci_hcd: release socket [ 568.488396][ T9657] FAT-fs (loop5): Directory bread(block 65) failed [ 568.499080][ T6121] vhci_hcd: disconnect device [ 568.583985][ T9657] FAT-fs (loop5): Directory bread(block 66) failed [ 568.659355][ T9657] FAT-fs (loop5): Directory bread(block 67) failed [ 568.731335][ T9657] FAT-fs (loop5): Directory bread(block 68) failed [ 568.762571][ T9657] FAT-fs (loop5): Directory bread(block 69) failed [ 568.769283][ T9657] FAT-fs (loop5): Directory bread(block 70) failed [ 568.832475][ T9657] FAT-fs (loop5): Directory bread(block 71) failed [ 568.893285][ T9657] FAT-fs (loop5): Directory bread(block 72) failed [ 568.916436][ T9657] FAT-fs (loop5): Directory bread(block 73) failed [ 568.937337][ T1037] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.740268][ T1037] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.827303][ T9599] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 571.880782][ T9599] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 571.966298][ T1037] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.998225][ T9599] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 572.030974][ T9599] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 572.096022][ T1037] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.065113][ T9599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 573.074538][ T1037] tipc: Disabling bearer [ 573.081781][ T1037] tipc: Left network mode [ 573.120744][ T9599] 8021q: adding VLAN 0 to HW filter on device team0 [ 573.385326][ T6121] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.392585][ T6121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 573.402473][ T6121] bridge0: port 2(bridge_slave_1) entered blocking state [ 573.409695][ T6121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 574.801023][ T5781] vhci_hcd: vhci_device speed not set [ 575.056694][ T9705] gfs2: gfs2 mount does not exist [ 576.823602][ T9599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 577.135133][ T9718] tipc: Enabling of bearer rejected, failed to enable media [ 578.475352][ T9750] loop0: detected capacity change from 0 to 2048 [ 578.531696][ T9750] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 578.627572][ T9599] veth0_vlan: entered promiscuous mode [ 578.650010][ T9464] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 580.458983][ T9750] loop0: detected capacity change from 0 to 128 [ 580.487473][ T9750] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 580.509699][ T9464] udevd[9464]: incorrect ext4 checksum on /dev/loop0 [ 580.554480][ T9464] udevd[9464]: incorrect ext4 checksum on /dev/loop0 [ 581.272226][ T9599] veth1_vlan: entered promiscuous mode [ 581.419662][ T9778] loop0: detected capacity change from 0 to 1024 [ 581.942180][ T9784] loop4: detected capacity change from 0 to 256 [ 582.060606][ T9784] FAT-fs (loop4): Directory bread(block 64) failed [ 582.080065][ T9784] FAT-fs (loop4): Directory bread(block 65) failed [ 582.125283][ T9784] FAT-fs (loop4): Directory bread(block 66) failed [ 582.151255][ T9784] FAT-fs (loop4): Directory bread(block 67) failed [ 582.179632][ T9784] FAT-fs (loop4): Directory bread(block 68) failed [ 582.211431][ T9784] FAT-fs (loop4): Directory bread(block 69) failed [ 582.237139][ T9784] FAT-fs (loop4): Directory bread(block 70) failed [ 582.259704][ T9784] FAT-fs (loop4): Directory bread(block 71) failed [ 582.294657][ T9784] FAT-fs (loop4): Directory bread(block 72) failed [ 582.313733][ T9784] FAT-fs (loop4): Directory bread(block 73) failed [ 582.445381][ T9599] veth0_macvtap: entered promiscuous mode [ 582.504360][ T9599] veth1_macvtap: entered promiscuous mode [ 582.607269][ T9599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 582.689173][ T9599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 584.409697][ T9599] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.429541][ T9599] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.443214][ T9599] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.452291][ T9599] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.571352][ T9808] overlayfs: missing 'lowerdir' [ 587.962909][ T9807] 9pnet_fd: p9_fd_create_tcp (9807): problem connecting socket to 127.0.0.1 [ 588.122801][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.157419][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 588.268766][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.296602][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.080607][ T1037] hsr_slave_0: left promiscuous mode [ 589.529199][ T1037] hsr_slave_1: left promiscuous mode [ 590.416974][ T1037] bridge_slave_1: left allmulticast mode [ 591.594567][ T1037] bridge_slave_1: left promiscuous mode [ 591.600419][ T1037] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.636553][ T1037] bridge_slave_0: left allmulticast mode [ 591.662260][ T1037] bridge_slave_0: left promiscuous mode [ 591.675603][ T9838] loop0: detected capacity change from 0 to 2048 [ 591.683552][ T1037] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.753978][ T9838] UDF-fs: bad mount option "ÿÿÿÿ" or missing value [ 592.298739][ T1037] veth1_macvtap: left promiscuous mode [ 592.309276][ T1037] veth0_macvtap: left promiscuous mode [ 592.346450][ T1037] veth1_vlan: left promiscuous mode [ 592.409549][ T1037] veth0_vlan: left promiscuous mode [ 594.206943][ T1037] team0 (unregistering): Port device team_slave_1 removed [ 594.630778][ T1037] team0 (unregistering): Port device team_slave_0 removed [ 594.931749][ T1037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 595.038804][ T9867] loop4: detected capacity change from 0 to 256 [ 595.071847][ T1037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 595.222587][ T9867] FAT-fs (loop4): Directory bread(block 64) failed [ 595.252126][ T9867] FAT-fs (loop4): Directory bread(block 65) failed [ 595.258821][ T9867] FAT-fs (loop4): Directory bread(block 66) failed [ 595.296982][ T9867] FAT-fs (loop4): Directory bread(block 67) failed [ 595.316205][ T9867] FAT-fs (loop4): Directory bread(block 68) failed [ 595.342835][ T9867] FAT-fs (loop4): Directory bread(block 69) failed [ 595.349660][ T9867] FAT-fs (loop4): Directory bread(block 70) failed [ 595.357503][ T9867] FAT-fs (loop4): Directory bread(block 71) failed [ 595.445820][ T9871] overlayfs: missing 'lowerdir' [ 595.493396][ T9871] 9pnet_fd: p9_fd_create_tcp (9871): problem connecting socket to 127.0.0.1 [ 596.210684][ T9867] FAT-fs (loop4): Directory bread(block 72) failed [ 596.217717][ T9867] FAT-fs (loop4): Directory bread(block 73) failed [ 598.614313][ T1037] bond0 (unregistering): Released all slaves [ 600.071394][ T9898] batadv1: entered allmulticast mode [ 600.280277][ T9898] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 601.420692][ T59] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 601.430958][ T59] batman_adv: batadv1: adding TT local entry 01:00:5e:00:00:01 to non-existent VLAN -1 [ 602.442183][ T34] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 602.529788][ T9907] vlan2: entered promiscuous mode [ 602.546029][ T9907] vlan2: entered allmulticast mode [ 602.553133][ T9907] hsr_slave_1: entered allmulticast mode [ 603.023185][ T9917] serio: Serial port ptm0 [ 603.482645][ T9926] tipc: Enabled bearer , priority 0 [ 603.491514][ T9926] syzkaller0: entered promiscuous mode [ 603.497315][ T9926] syzkaller0: entered allmulticast mode [ 603.530186][ T9926] tipc: Resetting bearer [ 603.547554][ T9925] tipc: Resetting bearer [ 604.972335][ T9925] tipc: Disabling bearer [ 607.139850][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 607.150030][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 607.159159][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 607.168366][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 607.177659][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 607.186775][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 607.196009][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 607.205358][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 607.470687][ T9963] overlayfs: missing 'lowerdir' [ 608.348139][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 608.357153][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.903'. [ 608.437168][ T9962] 9pnet_fd: p9_fd_create_tcp (9962): problem connecting socket to 127.0.0.1 [ 608.446817][ T9955] serio: Serial port ptm0 [ 609.063357][ T9973] batadv0: entered allmulticast mode [ 609.871517][ T9973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 610.195049][ T9986] capability: warning: `syz.6.911' uses deprecated v2 capabilities in a way that may be insecure [ 611.879908][T10006] gfs2: gfs2 mount does not exist [ 616.678366][T10027] serio: Serial port ptm0 [ 616.910644][T10028] batadv0: entered allmulticast mode [ 616.934180][T10028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 617.515670][T10044] tipc: Enabled bearer , priority 0 [ 617.573261][T10044] tipc: Resetting bearer [ 617.752213][T10043] tipc: Disabling bearer [ 619.868007][T10065] overlayfs: missing 'lowerdir' [ 620.117654][T10066] 9pnet_fd: p9_fd_create_tcp (10066): problem connecting socket to 127.0.0.1 [ 620.590274][T10068] tipc: Enabling of bearer rejected, already enabled [ 621.502004][T10087] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 621.520775][T10087] loop6: detected capacity change from 0 to 512 [ 621.718427][T10087] EXT4-fs (loop6): orphan cleanup on readonly fs [ 621.725275][T10087] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -13 [ 621.737836][T10087] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 621.752930][T10087] EXT4-fs error (device loop6): ext4_clear_blocks:883: inode #13: comm syz.6.933: attempt to clear invalid blocks 2 len 1 [ 621.766882][T10087] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.933: invalid indirect mapped block 1819239214 (level 0) [ 621.782260][T10087] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #13: comm syz.6.933: invalid indirect mapped block 1819239214 (level 1) [ 621.797373][T10087] EXT4-fs (loop6): 1 truncate cleaned up [ 621.805022][T10087] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 622.153309][T10092] bpq0: entered promiscuous mode [ 622.171806][T10092] bpq0: left allmulticast mode [ 622.755050][ T9599] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 622.771601][T10100] ================================================================== [ 622.779742][T10100] BUG: KASAN: slab-use-after-free in rose_transmit_link+0x5ba/0x740 [ 622.787768][T10100] Read of size 1 at addr ffff8880598c9432 by task syz.4.935/10100 [ 622.795595][T10100] [ 622.797952][T10100] CPU: 0 PID: 10100 Comm: syz.4.935 Not tainted 6.6.101-syzkaller #0 [ 622.806030][T10100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 622.816129][T10100] Call Trace: [ 622.819433][T10100] [ 622.822390][T10100] dump_stack_lvl+0x16c/0x230 [ 622.827117][T10100] ? __lock_acquire+0x7c80/0x7c80 [ 622.832172][T10100] ? show_regs_print_info+0x20/0x20 [ 622.837417][T10100] ? load_image+0x3b0/0x3b0 [ 622.841960][T10100] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 622.847370][T10100] ? __virt_addr_valid+0x18c/0x540 [ 622.852508][T10100] ? __virt_addr_valid+0x469/0x540 [ 622.857637][T10100] print_report+0xac/0x220 [ 622.862068][T10100] ? rose_transmit_link+0x5ba/0x740 [ 622.867283][T10100] kasan_report+0x117/0x150 [ 622.871804][T10100] ? kmem_cache_alloc_node+0x17f/0x330 [ 622.877282][T10100] ? rose_transmit_link+0x5ba/0x740 [ 622.882499][T10100] rose_transmit_link+0x5ba/0x740 [ 622.887536][T10100] ? skb_put+0x11b/0x210 [ 622.891802][T10100] rose_write_internal+0x11d1/0x1ab0 [ 622.897131][T10100] ? rose_validate_nr+0x120/0x120 [ 622.902172][T10100] ? __timer_delete+0x6b/0x290 [ 622.906953][T10100] ? skb_queue_purge_reason+0x6c/0x1c0 [ 622.912440][T10100] rose_release+0x24e/0x510 [ 622.916967][T10100] sock_close+0xbd/0x230 [ 622.921320][T10100] ? sock_mmap+0xa0/0xa0 [ 622.925601][T10100] __fput+0x234/0x970 [ 622.929611][T10100] task_work_run+0x1ce/0x250 [ 622.934221][T10100] ? task_work_cancel+0x240/0x240 [ 622.939278][T10100] get_signal+0x1235/0x1400 [ 622.943809][T10100] ? task_work_add+0x3a3/0x440 [ 622.948604][T10100] ? __ia32_sys_pidfd_getfd+0x90/0x90 [ 622.954090][T10100] ? wake_bit_function+0x200/0x200 [ 622.959234][T10100] ? __might_fault+0xaa/0x120 [ 622.963937][T10100] arch_do_signal_or_restart+0x96/0x780 [ 622.969527][T10100] ? __sys_connect+0x240/0x420 [ 622.974332][T10100] ? get_sigframe_size+0x20/0x20 [ 622.979315][T10100] ? exit_to_user_mode_loop+0x3b/0x110 [ 622.984826][T10100] exit_to_user_mode_loop+0x70/0x110 [ 622.990143][T10100] exit_to_user_mode_prepare+0xb1/0x140 [ 622.995800][T10100] syscall_exit_to_user_mode+0x1a/0x50 [ 623.001295][T10100] do_syscall_64+0x61/0xb0 [ 623.005732][T10100] ? clear_bhb_loop+0x40/0x90 [ 623.010427][T10100] ? clear_bhb_loop+0x40/0x90 [ 623.015145][T10100] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 623.021064][T10100] RIP: 0033:0x7f8c4298ebe9 [ 623.025493][T10100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.045132][T10100] RSP: 002b:00007f8c4385d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 623.053585][T10100] RAX: fffffffffffffe00 RBX: 00007f8c42bb6090 RCX: 00007f8c4298ebe9 [ 623.061578][T10100] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000008 [ 623.069575][T10100] RBP: 00007f8c42a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 623.077563][T10100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.085558][T10100] R13: 00007f8c42bb6128 R14: 00007f8c42bb6090 R15: 00007ffca725e308 [ 623.093552][T10100] [ 623.096585][T10100] [ 623.098931][T10100] Allocated by task 7387: [ 623.103303][T10100] kasan_set_track+0x4e/0x70 [ 623.107950][T10100] __kasan_kmalloc+0x8f/0xa0 [ 623.112552][T10100] rose_add_node+0x23a/0xdd0 [ 623.117157][T10100] rose_rt_ioctl+0xa42/0xfb0 [ 623.121859][T10100] rose_ioctl+0x3cf/0x8b0 [ 623.126199][T10100] sock_do_ioctl+0xd7/0x2f0 [ 623.130728][T10100] sock_ioctl+0x623/0x7a0 [ 623.135116][T10100] __se_sys_ioctl+0xfd/0x170 [ 623.139728][T10100] do_syscall_64+0x55/0xb0 [ 623.144201][T10100] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 623.150124][T10100] [ 623.152463][T10100] Freed by task 10092: [ 623.156536][T10100] kasan_set_track+0x4e/0x70 [ 623.161260][T10100] kasan_save_free_info+0x2e/0x50 [ 623.166306][T10100] ____kasan_slab_free+0x126/0x1e0 [ 623.171452][T10100] slab_free_freelist_hook+0x130/0x1b0 [ 623.176938][T10100] __kmem_cache_free+0xba/0x1f0 [ 623.181823][T10100] rose_rt_device_down+0x43d/0x490 [ 623.186965][T10100] rose_device_event+0x604/0x690 [ 623.192107][T10100] notifier_call_chain+0x197/0x390 [ 623.197248][T10100] __dev_notify_flags+0x18e/0x2e0 [ 623.202293][T10100] dev_change_flags+0xe8/0x1a0 [ 623.207072][T10100] dev_ifsioc+0x6a7/0xe20 [ 623.211414][T10100] dev_ioctl+0x7e2/0x1170 [ 623.215840][T10100] sock_do_ioctl+0x226/0x2f0 [ 623.220452][T10100] sock_ioctl+0x623/0x7a0 [ 623.224805][T10100] __se_sys_ioctl+0xfd/0x170 [ 623.229413][T10100] do_syscall_64+0x55/0xb0 [ 623.233851][T10100] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 623.239771][T10100] [ 623.242196][T10100] Last potentially related work creation: [ 623.247923][T10100] kasan_save_stack+0x3e/0x60 [ 623.252632][T10100] __kasan_record_aux_stack+0xaf/0xc0 [ 623.258034][T10100] insert_work+0x3d/0x310 [ 623.262402][T10100] __queue_work+0xd2c/0x1020 [ 623.267088][T10100] call_timer_fn+0x16e/0x530 [ 623.271689][T10100] __run_timers+0x558/0x7d0 [ 623.276206][T10100] run_timer_softirq+0x67/0xf0 [ 623.280974][T10100] handle_softirqs+0x280/0x820 [ 623.285767][T10100] __irq_exit_rcu+0xc7/0x190 [ 623.290471][T10100] irq_exit_rcu+0x9/0x20 [ 623.294741][T10100] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 623.300391][T10100] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 623.306394][T10100] [ 623.308732][T10100] The buggy address belongs to the object at ffff8880598c9400 [ 623.308732][T10100] which belongs to the cache kmalloc-512 of size 512 [ 623.322806][T10100] The buggy address is located 50 bytes inside of [ 623.322806][T10100] freed 512-byte region [ffff8880598c9400, ffff8880598c9600) [ 623.336529][T10100] [ 623.339039][T10100] The buggy address belongs to the physical page: [ 623.345471][T10100] page:ffffea0001663200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x598c8 [ 623.355725][T10100] head:ffffea0001663200 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 623.364666][T10100] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 623.373098][T10100] page_type: 0xffffffff() [ 623.377436][T10100] raw: 00fff00000000840 ffff888017841c80 0000000000000000 dead000000000001 [ 623.386026][T10100] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 623.394696][T10100] page dumped because: kasan: bad access detected [ 623.401119][T10100] page_owner tracks the page as allocated [ 623.406845][T10100] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6749, tgid 6749 (dhcpcd), ts 205379455513, free_ts 205103602980 [ 623.429269][T10100] post_alloc_hook+0x1cd/0x210 [ 623.434057][T10100] get_page_from_freelist+0x195c/0x19f0 [ 623.439632][T10100] __alloc_pages+0x1e3/0x460 [ 623.444271][T10100] alloc_slab_page+0x5d/0x170 [ 623.448968][T10100] new_slab+0x87/0x2e0 [ 623.453057][T10100] ___slab_alloc+0xc6d/0x12f0 [ 623.457760][T10100] __kmem_cache_alloc_node+0x1a2/0x260 [ 623.463241][T10100] __kmalloc_node+0xa4/0x230 [ 623.467935][T10100] kvmalloc_node+0x70/0x180 [ 623.472452][T10100] bpf_int_jit_compile+0x34d/0x1130 [ 623.477726][T10100] bpf_prog_select_runtime+0x490/0x7e0 [ 623.483202][T10100] bpf_prepare_filter+0x1148/0x12f0 [ 623.488428][T10100] sk_attach_filter+0x24/0x140 [ 623.493198][T10100] sk_setsockopt+0x19cb/0x29d0 [ 623.497972][T10100] do_sock_setsockopt+0x11b/0x1a0 [ 623.503112][T10100] __x64_sys_setsockopt+0x184/0x200 [ 623.508327][T10100] page last free stack trace: [ 623.512999][T10100] free_unref_page_prepare+0x7ce/0x8e0 [ 623.518477][T10100] free_unref_page+0x32/0x2e0 [ 623.523169][T10100] __stack_depot_save+0x572/0x630 [ 623.528202][T10100] kasan_set_track+0x5f/0x70 [ 623.532806][T10100] kasan_save_free_info+0x2e/0x50 [ 623.537846][T10100] ____kasan_slab_free+0x126/0x1e0 [ 623.542972][T10100] slab_free_freelist_hook+0x130/0x1b0 [ 623.548441][T10100] kmem_cache_free+0xf8/0x280 [ 623.553142][T10100] netlink_broadcast_filtered+0x101c/0x1110 [ 623.559050][T10100] netlink_broadcast+0x37/0x50 [ 623.563931][T10100] genlmsg_multicast_allns+0x2ea/0x4e0 [ 623.569406][T10100] nl80211_common_reg_change_event+0x558/0x6b0 [ 623.575578][T10100] set_regdom+0xd87/0x17d0 [ 623.580009][T10100] reg_regdb_apply+0x134/0x180 [ 623.584778][T10100] process_scheduled_works+0xa45/0x15b0 [ 623.590334][T10100] worker_thread+0xa55/0xfc0 [ 623.594941][T10100] [ 623.597269][T10100] Memory state around the buggy address: [ 623.603047][T10100] ffff8880598c9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 623.611140][T10100] ffff8880598c9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 623.619227][T10100] >ffff8880598c9400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 623.627320][T10100] ^ [ 623.632956][T10100] ffff8880598c9480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 623.641028][T10100] ffff8880598c9500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 623.649095][T10100] ================================================================== [ 623.669727][T10105] batadv0: entered allmulticast mode [ 623.676403][T10105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 623.700333][ T59] batman_adv: batadv0: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 623.710493][ T59] batman_adv: batadv0: adding TT local entry 01:00:5e:00:00:01 to non-existent VLAN -1 [ 623.749007][T10100] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 623.756272][T10100] CPU: 0 PID: 10100 Comm: syz.4.935 Not tainted 6.6.101-syzkaller #0 [ 623.764379][T10100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 623.774472][T10100] Call Trace: [ 623.777794][T10100] [ 623.780845][T10100] dump_stack_lvl+0x16c/0x230 [ 623.785570][T10100] ? show_regs_print_info+0x20/0x20 [ 623.790832][T10100] ? load_image+0x3b0/0x3b0 [ 623.795399][T10100] panic+0x2c0/0x710 [ 623.799347][T10100] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 623.805562][T10100] ? bpf_jit_dump+0xd0/0xd0 [ 623.810119][T10100] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 623.816070][T10100] ? _raw_spin_unlock+0x40/0x40 [ 623.820967][T10100] ? rose_transmit_link+0x5ba/0x740 [ 623.826204][T10100] check_panic_on_warn+0x84/0xa0 [ 623.831188][T10100] ? rose_transmit_link+0x5ba/0x740 [ 623.836432][T10100] end_report+0x6f/0x140 [ 623.840717][T10100] kasan_report+0x128/0x150 [ 623.845257][T10100] ? kmem_cache_alloc_node+0x17f/0x330 [ 623.850767][T10100] ? rose_transmit_link+0x5ba/0x740 [ 623.856105][T10100] rose_transmit_link+0x5ba/0x740 [ 623.861183][T10100] ? skb_put+0x11b/0x210 [ 623.865494][T10100] rose_write_internal+0x11d1/0x1ab0 [ 623.870956][T10100] ? rose_validate_nr+0x120/0x120 [ 623.876032][T10100] ? __timer_delete+0x6b/0x290 [ 623.880856][T10100] ? skb_queue_purge_reason+0x6c/0x1c0 [ 623.886366][T10100] rose_release+0x24e/0x510 [ 623.890948][T10100] sock_close+0xbd/0x230 [ 623.895268][T10100] ? sock_mmap+0xa0/0xa0 [ 623.899559][T10100] __fput+0x234/0x970 [ 623.903618][T10100] task_work_run+0x1ce/0x250 [ 623.908241][T10100] ? task_work_cancel+0x240/0x240 [ 623.913385][T10100] get_signal+0x1235/0x1400 [ 623.918095][T10100] ? task_work_add+0x3a3/0x440 [ 623.922886][T10100] ? __ia32_sys_pidfd_getfd+0x90/0x90 [ 623.928286][T10100] ? wake_bit_function+0x200/0x200 [ 623.933415][T10100] ? __might_fault+0xaa/0x120 [ 623.938118][T10100] arch_do_signal_or_restart+0x96/0x780 [ 623.943688][T10100] ? __sys_connect+0x240/0x420 [ 623.948475][T10100] ? get_sigframe_size+0x20/0x20 [ 623.953443][T10100] ? exit_to_user_mode_loop+0x3b/0x110 [ 623.958921][T10100] exit_to_user_mode_loop+0x70/0x110 [ 623.964231][T10100] exit_to_user_mode_prepare+0xb1/0x140 [ 623.969794][T10100] syscall_exit_to_user_mode+0x1a/0x50 [ 623.975299][T10100] do_syscall_64+0x61/0xb0 [ 623.979729][T10100] ? clear_bhb_loop+0x40/0x90 [ 623.984415][T10100] ? clear_bhb_loop+0x40/0x90 [ 623.989106][T10100] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 623.995022][T10100] RIP: 0033:0x7f8c4298ebe9 [ 623.999450][T10100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 624.019159][T10100] RSP: 002b:00007f8c4385d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 624.027586][T10100] RAX: fffffffffffffe00 RBX: 00007f8c42bb6090 RCX: 00007f8c4298ebe9 [ 624.035571][T10100] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000008 [ 624.043553][T10100] RBP: 00007f8c42a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 624.051537][T10100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 624.059609][T10100] R13: 00007f8c42bb6128 R14: 00007f8c42bb6090 R15: 00007ffca725e308 [ 624.067636][T10100] [ 624.070967][T10100] Kernel Offset: disabled [ 624.075306][T10100] Rebooting in 86400 seconds..