last executing test programs: 6.456584278s ago: executing program 4 (id=490): ioperm(0x0, 0x4, 0x3ff) shmget(0x2, 0xa000, 0x0, &(0x7f0000ff5000/0xa000)=nil) 6.383572609s ago: executing program 4 (id=493): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0) 6.280350329s ago: executing program 4 (id=495): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) rename(&(0x7f0000000400)='./file0\x00', 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x40000000, 0x0) 5.244578507s ago: executing program 4 (id=501): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0x8, 0xb}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f0000000200)='%+9llu \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000458e5e080304c8f05602000000010902120001000000000904"], 0x0) 3.960704333s ago: executing program 3 (id=513): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x2}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000001b00)={0x0, &(0x7f0000001ac0)}) 3.692435533s ago: executing program 4 (id=517): syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_page_scan_type}}, 0x8) io_uring_setup(0xbdf, &(0x7f0000000080)={0x0, 0xfffffffc, 0x0, 0x2, 0x2bf}) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_si_device={{0x1, 0x4}, {0xebc, 0x5}}}, 0x7) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) recvmsg(r0, &(0x7f0000000300)={&(0x7f0000000280)=@nl=@proc, 0x80, &(0x7f0000000180)=[{&(0x7f0000000380)=""/135, 0x87}], 0x1, &(0x7f0000000440)=""/226, 0xe2}, 0x40000060) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x1000004, 0x0, 0x0, 0xf, 0x1}]}}, 0x0, 0x26}, 0x20) syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000040)='./bus\x00', 0x1a08886, &(0x7f0000000000)=ANY=[@ANYRES32=0x0], 0x1, 0x2ca, &(0x7f0000000540)="$eJzs3T1oG2cYwPFH/lRdbInSFlpo+7Re2lIOS3PBFsUupQKX1ipuDYVzfWqFLpLQCSUywZIh4CVDlnzNSSAEgyFkCIQYZ8iU2ARvGbJ58xBnSggmFxTJke2cP2LLVoj/v0H3cs/zvHrv7tUhvQJp+cczx5Jxx4ibOWny+6SpT0q+Vd/toDTJmpJ8d3zmwRd//PX3r5FotP931YHIUCisql1fzY6cnP5mLvfhnze6brXLfPCfZV94af7T+c+WXwz9n3A04WgqnVNTR9PpnDlqWzp2zkkaqr/ZlulYmkg5VnZDPG6nM5mCmqmxzo5M1nIcNVMFTVoFzaU1ly2o+Z+ZSKlhGNrZIdjedP5iZOto7Noz15WV3D3XbS+J67rlnf5DHB4aTKvb2vU/3eAR4TCtu6n7ReypfCwfq2wr8UhcEmKLJT0SkFUpzxH30oz7aqqUH0+EZ6KL39+9o6pBmbCL1fpiPta8sT4kAQlWaioq7YFfov0hrdhY3yod6+vDEpCPvevDnvVt8m33unpDArL4r6TFloXZr58uDU6dX6ufCKn+NBjdVP+BjNVO09UnDbo+AAAAAAAAAADshaGvea7fG+WEU+Oq2rkpXqn3+n5g8/p8j+f6fIt83tLYYwcAAAAA4KhwCuNJ07at7D4b5Y/yO+V80rVzzvvXuDy5++QvB7bP6e5tXuh7WMq8C8f1Fo3nw/Xp5349J61UV5+2y/GLSHN9Xynlrqp7HtelQ191fFvn/Dzy6PqO/bS9cX62MnegNyQAAAAAB6b2pr9XivGb+eLwD2d3UTZ5CEMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODI2MNPji1c8AppufHRFa+Q5xP7Vtb+JmCPWvdx1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUvAwAA///joMi1") recvfrom(r0, 0x0, 0x0, 0x10000, 0x0, 0x0) r1 = syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000001c0), 0x0, 0x5518, &(0x7f000000ad80)="$eJzs3M1rI2UcB/Bf+rLdN9ciHrztwCK0sAlNXxa9Vd3FF+xSVj140jRJQ3aTTGnStPbkwaN48D8RBU8e/Rs8ePYmHhRvgpKZqWwXBaVps91+PjD5zjyZ/OZ5Qin8JiEBXFjzye+/luJGXImI6Yi4HpHtl4ots57HSxFxMyKmHttKxfjfA5ci4mpE3BgVz2uWiqe+vD28tfbLO79998PczLWvvv1xcqsGJu3liOju5Pv73TzTVp4Pi/HasJ1ld3VYZP5E91FxnOa539zKKuzXjs6rZbnSys9Pd/b6o9zu1OqjbLW3s/GdXn7B/rB1VCd7wcPabnbcaG5l2e6nWbYO83kdHOb/2w77g7xOo6j3SVY+BoOjzMebB818PTuPsqz3BsV4XjdtNA9GOSyyuFzU004jm8fWSd7pp9u77d7eQTJs7vbbaS9Zq1RfqVTvlKu7aaM5aK6Wa93GndVkodUZnVYeNGvd9VaatjrNSj3tLiYLrXq9XK0mC3ebW+1aL6lWKyuVpfLaYrF3O3nz/gdJp5EsjPL1dm9v0O70k+10Nxm9IuktJsuVlVcXk1vV5L2NzWTzwb17G5vvf3T3w/uvbbz9RlKUfXJaycLy0vJyubpUXq4unuP11/7n+j8rJj3G9cOJlCY9AYDzR/8PTMLp9f+7DyJOv/8P/f9YnKv+96L3/6ewfjgR/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIX10+zXb2U78/nxtWL8uWLoheK4FBFTEfHnP5iOS8dqThd1Zv/l/Nkn5vB9KbIKo2vMFdvViFgvtj+eP+13AQAAAJ5d33x684u8W88f5ic9Ic5OqbhpM3X947FVjJid/3lM1aZGDy+OqVj29z0TB2Oqlt3AujymYvktt5lxVftPpo/F5ceilMfUmU4HAAA4E8c7gbPtQgAAADhLn096AkxGKY4+yoyjL/DP5VF8IHjl2BEAAABwDpUmPQEAAADg1GX9v9//AwAAgGdb/vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sXMvt4kDcRyA/zZ4YV9atNr7trI3uG8DW8Iec4woIE1QAmkhDVADuaWECCI8DgoRREF+Kej7JDPMgH/MIPswM5IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaNN9sZzdXv++qZuz2dbTzGgAAACAY9bFcla+maT616r9e9X0s6pnEZFHxLG5+yA+HWQOqpzixPeLV324iygTdr8xqo4vEfGnOh5/tP0vAAAAwOVazRfTNFtPL5O+O0SX0qJN/u1fQ3lZRBSTh4bS8l3er5Mfn3mt7q7vYVzV71apXMAaNxSWltyGTaW9S3m771ftxi+KLBX52+c3NnYAAKBDg4Oi21kIAAAAXfrfdwfoRxbPW5n7rcBRKqrtvc8HNQAAAOADyvruAAAAANC6cv7v+X8AAABw2dLz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTuljOVvPF9Jxz/h5p22zraW5EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8sT/vKBACYRAGe9d3JnP/w0qDhsYmVSB8/I3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDF/rykQAgEQRTMGf876fsfVhL0DCJEQMOjilo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDFzv37tlHFAQB/d+dz2gLCBOQhCIHEAAt13dLSDTGAIgb+A5Ci1C2hLj/aDLSqkLKwocxdEIwIIVGFrf9D51bqUrYOHorEDLpfyTWEyCFwZ+LPR3r3vj5f7n3fWYryvXsxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFQm7+zESbbpFXFc7rv3+OZq1t/f1WfubD5YyloWR00m/f/wUv1F1G8vEQAAAOZHUtX3IYSH6dZy1se9vP5Pq2Oymv+7Z4q4qud31/1VX9X+Wfvl9qMXtgfqFeNkJ724Nh6d+msqnf9ulrPt2Sq4/XdHdPIrn997SfIPJH5/4/lJml/P6Ju7d9/t5uFCUxkDAAd1surLoPp7KOuHbSYGwNzo1Arvqv5Peu3mBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCEyUZ4qoqjEMJSZyfO3H98c3Wv/s7mg6Wqnbt1a7N+zuwUaQjh4tp4dKrBucy6a9dvXF4Zj0dXmw9eDiEc8jwf/tNZvF3+4OWPpjg4hFauj+BfCuLyw56VfA4bLDQyVku/kAAAOLLSsmV1/cN0aznbFy2G8Mf3T9b/r9XiMGX9/+jjc/fqY9Xr/2FjM5wF8b7vDtavfD64dv3GG2tXVi6NLo0+ffP08K3hmfNnz54f5PdKBu6YAAAAcDjdstXr/3ix9vz/WPHeifL4g9T/X3w7/Ko+VjK39f/+dh76tZ0JAADAfHvuld9/i/bYH3W74cuV9fWrw2K7/fp0sW0h1QNbKFu9/k8W284KAAAAaMJkI3pi/f+FWhymfP7/9A8v/lQ/ZxJCOF4+/z+5+tn4QnPTmWlN/Mdy23MEAACgXcfLVn/+n+br/+PtJQ9xCOH1V4u4/BrAqer/5L2vf6yPVV//f6a5Kc6kuF9cj7zvh9Dpt50RAAAAR9mxsmXF/q/p1vInP5/4oGv9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDT/gwAAP//rss7xw==") r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000002440)='./file0\x00', 0x0, 0x0) unlinkat(r3, &(0x7f0000000040)='./file0\x00', 0x200) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0) 3.670250447s ago: executing program 3 (id=518): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000b1bd2f087d333c508c22010203050902120001001008000904000000a058b700"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000c40)={0x14, &(0x7f0000000bc0)={0x0, 0x0, 0x2, {0x2}}, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000140)={@my=0x1}) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@map, 0x37, 0x0, 0x4, &(0x7f0000000380)=[0x0, 0x0], 0x2, 0x0, &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={@map, 0xffffffffffffffff, 0x31, 0x9, 0xffffffffffffffff, @link_fd, r4}, 0x20) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f0000000040)={0x0}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000540)=@filter={'filter\x00', 0xe, 0x1, 0x1a8, [], 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="000000000000000ddbb59600000000000000000000000000f5ff0000000000000000000000000000feffffff00002000000000000000000000000000000000000200000000dfff0000000000000000180000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000001500000000000000100073397a5f74756e00001000000000000079615330000000000000000000000000b76fb8645f736c61e4df8dd63f4316ed73697430000000002000000000000000aaaaaaaaaa0000000000feff0080c20000000000000000000000e8000000e8000000180100006c696d6974004000000000800000000002000000000000000000000000000000200000000000000000f9ff210000009400000000000000003830"]}, 0x1b2) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$cgroup_type(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000000)={0x60, 0x10, 0x1f, {0x1f, 0x0, "9323cc18844eaf82011f61c17288a658f02a0bd9323cc680821726f8a0"}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000300)={0x44, &(0x7f0000000100)={0x20, 0x16, 0x2e, "a22142a5df149fa0cb5bab439a8d79ccb288cfe6a9efc92353a3907423d96e604837e952d3dc05f88e7e76952b52"}, &(0x7f0000000140)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000180)={0x0, 0x8, 0x1, 0xf1}, &(0x7f00000001c0)={0x20, 0x80, 0x1c, {0x35, 0x6, 0x6, 0x1, 0xd, 0xff33, 0x4, 0x778ef6bf, 0x1, 0x2, 0x4, 0x1000}}, &(0x7f0000000200)={0x20, 0x85, 0x4, 0x1}, &(0x7f0000000240)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000280)={0x20, 0x87, 0x2, 0x4f}, &(0x7f00000002c0)={0x20, 0x89, 0x2}}) 3.535994886s ago: executing program 2 (id=519): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'lo\x00'}) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000200)='g', 0xfdef}], 0x1) 3.288473355s ago: executing program 2 (id=520): mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) fsopen(&(0x7f0000000000)='proc\x00', 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) getdents64(r0, 0x0, 0x0) 3.231946475s ago: executing program 2 (id=521): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="84010000100013070000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe800000000000000000003f000000aa0000000033000000fe80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480003"], 0x184}}, 0x0) 3.147661855s ago: executing program 2 (id=522): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000002c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@bsdgroups}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001"}) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 2.948388397s ago: executing program 0 (id=523): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000280)={@multicast1, @empty}, 0x8) 2.870692271s ago: executing program 0 (id=524): socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000280)='3', 0x1}], 0x1) 2.709799655s ago: executing program 2 (id=526): futex(0x0, 0x6, 0x0, &(0x7f0000002540)={0x0, 0x989680}, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000540)) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r1 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x48) setsockopt$inet6_buf(r1, 0x29, 0x39, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) splice(r2, 0x0, r3, 0x0, 0x100000000, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2.248684073s ago: executing program 1 (id=528): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000180)) 2.012546387s ago: executing program 1 (id=529): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000500), &(0x7f0000000540)}, 0x20) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 1.973002559s ago: executing program 1 (id=530): syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110f"], 0x14) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)) r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xca, &(0x7f00000000c0)={{0xa, 0x1000, 0x0, @local}, {0xa, 0x0, 0x0, @empty}}, 0x5c) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$inet6(0xa, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x4, 0x0, 0x0, 0x1}, 0x48) r1 = socket(0x10, 0x3, 0x0) r2 = epoll_create1(0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, 0x0) read$char_usb(r3, &(0x7f0000000100)=""/169, 0xa9) getdents64(r3, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r5, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000500)="03b7a2140f2db0465b891bcd", 0xc}, {&(0x7f0000000580)="cf331e07c105bf672c260fa137c3d4dc586ccb95da192511557e42e7087d16892ecd9745f92f68147947dbe493a95c9dbde28fa1a3b448194308f8e087", 0x3d}], 0x2}, 0x0) inotify_add_watch(r3, &(0x7f00000002c0)='./file0\x00', 0x80000001) setsockopt$sock_attach_bpf(r4, 0x1, 0x21, &(0x7f0000000540), 0x4) sendmsg$inet(r5, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x24, &(0x7f00000003c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe(0x0) readlink(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x0) write(r1, &(0x7f0000000040)="1400000052004f030e789e7e27286d000a4149f3", 0x14) recvmmsg(r1, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xc}, @hci_rp_le_read_supported_states={{0x1}, {0x74, "1a6792c6ce9d71ff"}}}}, 0xf) 1.921595867s ago: executing program 4 (id=531): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) readv(r3, &(0x7f0000000380)=[{&(0x7f0000001840)=""/4083, 0xff3}], 0x1) pread64(r3, &(0x7f0000000000)=""/16, 0x10, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) sendmmsg$sock(r4, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x10040) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000040)) close_range(r1, r3, 0x0) read$FUSE(r3, &(0x7f0000002a40)={0x2020}, 0x2020) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, 0x0) socket$netlink(0x10, 0x3, 0x4) writev(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.bfq.io_serviced_recursive\x00', 0x26e1, 0x0) close(r8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$SIOCSIFHWADDR(r8, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"}) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) 1.660603782s ago: executing program 0 (id=532): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = gettid() ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000080)=r1) getsockopt$bt_hci(r0, 0x84, 0x0, &(0x7f0000000080)=""/4052, &(0x7f0000001180)=0xfd4) 1.660329523s ago: executing program 2 (id=533): syz_emit_ethernet(0x36, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000bb, &(0x7f0000000300)=@framed={{}, [@printk={@llu}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x3, 0x0, 0x8}, 0x10}, 0x90) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0) 1.409501299s ago: executing program 0 (id=535): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x5}}}}}, 0x36) 1.40854017s ago: executing program 1 (id=536): openat$cgroup(0xffffffffffffffff, &(0x7f0000001240)='syz0\x00', 0x200002, 0x0) socket$caif_seqpacket(0x25, 0x5, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xd4e5}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0x0, &(0x7f0000008000)={0x0, 0x989680}) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xd) writev(0xffffffffffffffff, &(0x7f0000000400), 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0xfffffffffffffead) 1.398535666s ago: executing program 3 (id=537): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="4801000013000100000000000000000000000000000000000000000000000001e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x148}}, 0x0) 1.224471695s ago: executing program 3 (id=538): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x0, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c710016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa73d897e3896d863081b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbd744e517e65ddab19e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f200004304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188541c300f5c1bf56705ba12d198e897186b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710f7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47cbb0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9ea410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be0a33c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06a6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c6062368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c5bed4b0d73dffb17a88aaad5921aee7dae6a2f3009d9cb434898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a64d903b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e7ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000006a728258ca3d846a000e80d5f43109a48ddc54cec5d7f78c80e010ed02ffc0846577cafcd9e0ad83149bfb08ba7b5b431311041deb5e5d65610ad6e8d6ed55e900071b4d37d9fadb17a0407e7251866b63faccfe936980f59ceaa9d6b6863024b482023799a4f30a225b560f320e89ed44130e78f8cf000ac3c743b08d4256f282fc36162ac4b59527a3b67560313914ff6ac4ac43cd0e79d6372da631de3fde6c29de3b43d3046df23019ecadd57f175a2443928b1bcb9be16f54936796c3b928dc07c70771622cef2fafeb239a3ca4"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='rcu_utilization\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_SET(r4, 0x0, 0x40011) getrandom(0x0, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x0, 0x0) r5 = socket(0x2, 0x80805, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x268, 0x280, 0x280, 0x280, 0x0, 0x280, 0x348, 0x365, 0x350, 0x348, 0x333, 0x7fffffe, 0x0, {[{{@ipv6={@remote, @mcast2, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}, {{@uncond, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2c8) getsockopt$bt_hci(r5, 0x84, 0x7d, &(0x7f0000000000)=""/4103, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 477.893461ms ago: executing program 0 (id=539): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file0\x00', 0x2000000, &(0x7f0000000240)=ANY=[], 0x1, 0xac0, &(0x7f00000013c0)="$eJzs3V2IXFcBAOAzszub3SQ1k5rYNY1tYrWtP900mzX+BE1KgmBoivhSKL6ENK3BGMEKaimY5Mk3W0oEQfAHn/pSqgj2RUKffCnYQBH6VH3wwRCx4INGk5GdPWd25mSmd2Z3dn52vg/Onjn3nDvn3Nk7d+7vOQGYWOX636Wl+VIIV15/+cTfH/zb3PKUo40S1frf6aZUJYRQiunp7P3enVqJb733wpl2cSks1v+mdHjiRmPebSGEi2FfuBqqYc+Vay+9ufj4qUsnL+9/65Uj1zdm6QEAYLJ89eqRpd1/+dO9O2++et+xsKUxPe2fV2N6e9zvPxZ3/NP+fzm0pktNodlMVm46hvJca7mpNuWa66lk5aY71D+T1V/pUG5LeP/6p5qmtVtuGGdpPa6GUnmhJV0uLyysHJOH+nH9TGnhwrnzzzw3pIYCffev+0MI+5rC8cut6VELR0egDWsMtRFow1iGY4Or62ZtxdCXeUChtmPYWyCAFfn1wjtczM8srE/j3aa7q//GY+X280MfDHr976n+mSHXHya3/rTV+fUlWxz6Z7OuTWm50vdoe0zn1xHy+5c6f//zKx2tU/PrEZUu29npOsK4XF/o1M6pAbdjrTq1P18vNqsvxjh9Dl/K8pu/P/n/dFz+x0B7/87P/09CqIxAGwRhrSG0pCvrea/akLc/wOjK75urpeujUX5fX56/pSB/tiB/riB/a0H+toJ8mGS//e6Pw4ul1eP8/Ji+1/Ph6TzbXTH+QI/tyc9H9lT/bI+V9bv+NvcTwyj7/eknz37u6aeurdz/X2qs/7fj+p4ON6rxt/5qLJDOF+bn1Rv3/ldb6yl3KHd31p672pSvv97VWq60a/V9QtN25o52zLfOtyMvtz2W29tarpqVm4sh38Tk+ydbs/nS/kfarqbPazpb3kq2HDNZO9J2ZWeM+7Cpg8b62On+/7R+zodK6Zlz588+GtNpPf3jVGXL8vSDA243sH7dPv8zH1qf/5lpTK+Um7cLO1anl1a2C6/F92udvtiop3X6oZhOv3PfmJqrT1848+3zT/d/8WGiPfeD5795+vz5s9/xYs0vvjwazejlRTpsGZX2bPSLyVnSvr0Y8oYJ2HAHfriyE/DIuW+dfvbss2cvHDp8+NDi4uHPH1o6UN+vP9C8d9/s4hBaC/TT6o/+sFsCAAAAAAAAAAAAdOt7J09ce/uNz76z8vz/6vN/6fn/dOdvev7/R9nz//lz8uk5+PQc4M42+fUyWQerM1m5SgwfzNq7K6tndzbfh2LcGMcvPv+fqsv7dU3tuSebXumQzLoTuKO/lJls7MF8vMCPxvhyjH8VYIhKc+0nx7iof+u0rqf+KZr6pajpH3h8pP9bWhtSPybp+e+2/To1dd62czDNpM8G8TjhsJcRaO8fE9X/9z9XF3zobdksYXr19ewGvOcgwk8nd52oddxL73YEG4D+GPb4n+m8Z4ov/OErs8shFbvxWOv2Mu+/FHrx57db06M6/uSg6s/H7Rt0/cNe/qL6+z3+Z2P8u663f9mIedW11fufn19/p6nasKfb+vPlT/1A7+qt/pux/rQ0D4Xu6q/9Mqs/vyDUpf9m9W/tsv47ln/v2ur/X6w/fWwPP9Bt/SstLpVb25GfN07X//LzxsmtbPlT357vU//Xnm+3/GscqPF2rB8m2biMM9urbD+isdO+9vF/o4v9Hf+30dhss5bfh/GZmE4b4nSfw8w625/ur0i/A7uz9y8V/L4Z/3e8fSHGRd+HNP5vWh+r8Se/KV3/LFO60uaz3azbGhhX707U9b+xCLMj0Aah+1CbWsN8jXHihtz+Wq22sSe0Cgy1cob++Q/7OGHY9Q/78y+Sj/+b78Pn4//m+fn4v3l+Pv5vnj8X/0Od8vPxf/PPMx//N8+/J3vffHzg+YL8Dxfk72mf3zhsv7dg/r0F+R8pyN/fyD/aUiLl31cw//0F+XcX5D9QkP+x5f/Bzzrnf7xg/gcL8h9uym8eAzrlf6Jg/s0uPY8yqcsPkyx/Ps/3HyZHuv7T6fu/qyAfGF8/efXg8ad+8/XqyvP/M43zIek63rGYrsTjp+/HdH7dOzSll/PeiOm/Zvmjfr4DJknef0b++/5QQT4wvtJ9Xr7fMIFKs+0nx7io36pO+/mMl0/G+FMx/nSMH4nxQowPxPhgjBcH1D42xvHXfnfkxdLq8f6OLL/b+8nz54Fa+okKIRzqsj35+YFe72fP+/Hr1XrrX+PjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAENTrv9dWpovhXDl9ZdPPHnq3IHlKUcbJar1v9NNqUpjvhAejfFUjH8RX9x674UzzfHtGJfCYiiFUmN6eOJGo6ZtIYSLYV+4Gqphz5VrL725+PipSycv73/rlSPXN+4TAAAAgM3v/wEAAP//IzUOyw==") unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) 273.191349ms ago: executing program 3 (id=540): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000500), &(0x7f0000000540)}, 0x20) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 172.424556ms ago: executing program 1 (id=541): ioctl$PPPIOCGCHAN(0xffffffffffffffff, 0x80047437, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000882b7030000000000008500000083000000bf09"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x3e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa82e3efec4f6186dd6000140000082c000000"], 0x0) 168.888923ms ago: executing program 0 (id=542): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x15) readv(r1, &(0x7f0000000040)=[{0x0}], 0x1) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000000)="3900000013000b4700bb65e1c3e4ffff0100a20035000000560000022500000019000a00100000ad07fd17e5ffff080c38005100000000000a", 0x39}], 0xc) pipe(0x0) writev(0xffffffffffffffff, &(0x7f00000008c0)=[{&(0x7f0000000940)="0aeb8c89629a8f1747dd1801131de75f307d2f7c5e5782b44b15fc47bf0c329f4b290a000000000000142ef6b6bc098d401de3bb89378b8c021ab810e05ef8a92bb74bcc0ea986247bd43e4c9a", 0x4d}, {&(0x7f00000000c0)="752582be730822f532231d3a9ef58abee2c30a1f0a434c95961bb1e7f30a00e424aa67b1c95b", 0x26}, {&(0x7f0000000280)="7ba72ba60212bbb39f62", 0xa}, {&(0x7f0000000300)="03ee1e1822b7b7990976b878c54e57449e180db4300d03acdcde558c5be9effcb84d443e7faddf26a5eace58efedfefd90f0ec03208b6c48290c2cd0c545efc22e49dfde911f161b1f25a1b7dec08b27d4ab8c83f9e01072aa322c042baa466d18764c142bbf038eb8c2", 0x6a}, {&(0x7f0000000380)="5c1bc5e8a81eec513a", 0x9}, {&(0x7f0000000d40)="c7f77b8da2cb25fa422175e0c02991493c14ba263fa2d53e7c8091282da04e03d1c4e342027e6158f7ede58c29512ccdef54a4f87d0cacd20952d4e64098307b8120c3f33fa2fdb257eae0c637611147dfc74b02eeb5761d7ac30e43e47782af644e068a0726b2b4b338b5d5670f1f97767ddb7b047497f7e9d86e61ad5d5ee94c34bdbcda159bfa675c5bd565cff378a55d98c34bb446bd86f17a7c15c789646c53f668d40c7f75e231438d385e56023b809b816b56baae26f1d2016caaef5363f9960807bc7cd6295f9de090127f08f98d3939b967522b30076ea319668d514a92b2210f1c6281a51658551456046efaeb0011826b0b040e42775754ad32e0e7ee67026faab2d5ab4e87c8d804d408479f6a241d92ecb26a38b853959f71fcf0df1f462a1f20421aa506a62141b3a62693327d5f7c2a73128d8bc3b6e81a66547ec321888d1e9d3bc99ed68a44b5a36e80dd88510491aa3d8c03ca372a555d52ca53d46488458e6557dc1057015fe2e0e27d83e85ea96700c834fc947442bee2feeacae49153cc7e18cf241db6ea9f072ff047f366a19e141f6d3b345e791e30f129a76cd2d9c291c43e1480cceefe89ee126970f601b198ff6ce182c21d39c5459fa5c5b7ec51cad7d9c60c6d8e14fecbab6063939d8851d18a44e2a3cd32a75c4c59f5236b4149492a255bb2700309c257017854bb7a8e5a476659c032e3c38647e9017f2459494cc124377b521caf3fde54016d3ba2c2ae6e1234212ee0341865af14dfc0359149cad86ab0be979ea7bedfd251f3ccce9d9ee6b794ebe6d32bbfddc4cc95a1c026b94ac745a1dcb960871f3d4d75c6bb271ad946c29d7d9bea0e805376fed3cbb26cc4f4c87491720cf193773ac6c20ef68009b1a50530a7c32480024ab7a055e6555d4dc141311387f768d791635d1f52fe0fbd4e326bbfca222fe9f119f988f5e6a49d45a658e57bf3185ce3ef5386a007228b037c524d9078199023abb5e94ed4d4f1a15a94b6a0c1a4195daed529383886236a57db48bb878575ff8d04e4aca6f013d61b7290401f980e3ce0f132c4c53fede417dc56ff2a2b0df7c99dabd2e77fc4b0c26d635f08b240bb2e4b4a1b4d2ece27cfb5154648e5117e436502608eff25b429286e6e511e17670af13d00ede33ef702082950c8cdfb34d399e227f3b33cbb02e6d1d33d4248d0d0a3e3377e0df7f92588ca2163f6caef23211543f0f3de1bcbe51c050f2c133f28690b8406016366c5647191531bb2977de067149da24b644c2cc4d94183fc2cbdc92ee0a90c46672796b0d7a97ff5f52e9f26bd29895473f2a1ec9d5273337a9b56858cbf1dcff2a3f823395058a0a27254ab62b05f24ebe55c34cb146178398aab7e1e4a694833603c92a16ba5356d292deef95c563d0d0a5e0b38027bec179da22452e8db4e8cf44b63b9e78c6ae7fe72b571d9450cdbe3a0cb68699b220fa9629d18b36a42e2e987b20305cd692c0df82323e2599b5d3bcd80c0a6ab79ae0695368ca471a2f3e6d184bbc7474282a8543a67254896affb0ccb81524122b7ae62f42a8d4c736f9ec66d18bd3ec16d291aefa55cb5894915d5c8a87565640692e6cf835625140dfbfffd82b5230bd475bab2d65d70b222fd630c2f70256da6634c7e06fb5436374a1f5783b7064f91cd7defe72b7151e744e1f637f7e6cd6bbce9c74197704cf1f08e8bfb1ea6ea324e6708f250b4e64384150414cdc7936665804b2c6c6105291b8c20584b16ab2fdadf91d47c982b8a6573c4890a423699ca487fec091aa56f79c9282e68ec6c051126970af68520f4e5dac757d244705a3b8412bd936548882d31314382fabecec593b071eca50b9c76a02874a81e2a180236305caa05c4f239848908461bab07b3eb42dd7cb847bd667711a353d6832373db19ffa6132dad8b510bf5ad5f39eb545a34dcaa52fc35dc022675cafdfaf0b874353dd32bdd59ff2a1b108e86e3a86b94465e827bd93d35696e4fa0cc8a16c5b2ba9fb99b68b52b26b4d5fd6c594040467371b93710391d1cf295c5ffd72035b0b46df5226a776f0e025a2ec1d6f08cd12db734768b17d70d949b2731e5139b5aec0ef4b41aaca8f5a6582f805f1047cc95e8ceb7c65155e06662dc474268f808c03be1c2005220154b6d08ff386439f006a9765d8e981066677ba19b67085b97b25728c578c4ec081417b072e6e2afe7e7c31cb8502ee462fc45a5fa34487a43b1fadb35d96cd908429319de8b5445f0308db3e813ce5144bd8c83323348a9d73d2ab8cb453c09ca31f830bebd8295284cf245b3ee104e56ba7590d06fe24df173e846ec35e5bd8f062b42342a07e8db9817976f89192680ebc2bb0735ea3da121ead0256fc00fb9243696e34e336bff19e0e84f4a63c1f6a806161f2308a2347001bd2ca7af008a35b0d3876d003a245611237e6c7f4c37b778bf93c769d65c5583dd48838617d49049be33055acd4d30497fa7d6170fb524177d9c27c25dc5d2903d05ef1170ad631d682bd910e6e8efebad33a94434174d4254d66bf44e00319e19c24f7e269c6285218cceb5706389030b0e09fcd9f11de1df43d94c62fa13532421e16cba04bb475b50290e280c182e9206c03ee09d924cd55077569dc5dc39a758578d987a722579ef37446e40e234b0d9c02a16d022033da018f907a7e6e0578d3b1c427f9a3c6f4f9e3476fd635f8d5188ab86e503ae4a6d4d2c3e1938421d5b62c29db08931dd660ee9d57f7f9ea218e2d537215d780c1a06c10e84ffbff315fdd6b5cdec55664f0a7863d7101a54ba6284b126ff00adcd7825757062293c01d76caa684745ffa33b32fd1dbbd8ffb686b8f0852330154949cb0c88edeae5e75c023ec48a2184d7dd6709d1378cc84d3f0c2d6342291d3f4b0ec19b56e50e17aa185336727b032bc7f8c67bb76514a4d9268cba3789b6079f69105c727db726bab2f2804a4d613e542018f8e3e20beb73364c2166978f9eb92217e948f9f09359e0532b0b9b4b0db4b046a46f529636f168f4fff514c1e0f893db21980af9289dad332ae8d2752382c8e0ee6a0298a7bb1f7e3ec43f36a398197828f83f9566be62b4c8791d8cd6c2931c6ea6eb2a302ab3065a3d0c6410afb8c113aa3769e854eca0681a8e36ca9d9bea5a764472e2264b2c6f427d25d532576ad7bf5607899f1f13b7524234d7d460010d88f999c51afeed962a034d348d79d41f088cfd6e77957215bcba14647cb4ca2568d539304a1df9e6cba140a7e0809b79d2f5b86ffc3f96631315b18a40863317ac7a637b97f74f0aaf320ecb949e541cfe94ae972bf0fa1c03f6bcbc616cb740a6f1248e3eca671698c7ea8801b1e6eb8820e8fafde4e3b03ecfc269af9f0a07d4f52c99d78df8a06d6071b70203b178428815e5b41705568517a08f9668f76424a3190325769e510bc7154e70e5c2f4428f24791376243986208f60b2c02690568b4655a59eff47144f6d042c5f59f9a74e4482bec32d7880b6fc9c551ef8a3475a1029126bbcc26b572e4fc3a443d03bced1aefe68cac6acb2ccc40aa955cd374da89035250517659cb0820312793950a555fb87b7af76c7086a5c1e63f853bdaba4e044afb7d08dc8d51a268a39c9e55ceb3706ffeae53c31f04b1f4458ac9427af1af3ad669663c1e229b0b6f69541e87b3be8415f9750aed54afe92bb10f5fd4b34501c761e4d193f06876ef5a52a8cd881907c8ff1381c9fc7f00a821e78516d27072b4726da5b0f0e78703a60ece30cd7b22ac46a1c718b38afc97e68de572dee0b41d23ce03c1e40f9a7c46ae2dcc9d3b517f7e99e6d056a6f88dda5d74d7b98b060978bd115bf4882caa96e8a471e9f36f9ca0be2605d22b57304c84c3e8435ebb2c3238d4197f430304090ae4183add74695a594e17bb117a492aed3d3758dce7da78f05e35664de82d14d0dccb467f2eaed7e35f2737216208120247bd680ae8e12ec832c181914df76a38b2793f9cce418d15ec49272b610e5af0e583e1282336f2c63620723a3891b18039bb14f3a0765b8d99799b78ab1c37f8fdaad953ad5d7899a9de363c3d2b1c39cf26cc3cac33132d9617dbcbb52945d7b64bc239e8a635a9278c47f488b83551330c069669e8e5b3b8be65094ab87e6da505ea4ce0234739c2b3c20d604e57dfd8def59df065dd6329df880adb0e76b5b076a079e1c2e8fb088f6061c557466c6bf48787c9410d65a937e6ee78cd17e63b7e1f52d2e99376b54175f2566ec46516123394df008483a2dd12e5c27956434c745a9247697a16caa2feb96da98d43df84d8904f2b62daf95430925041328d853215a05f23101cda2f69fd2701a296e68fd9543dc0792a37fc96e380d83befd9b51a66489a684298d145616f9e1217ddf073c7b4cf91cdf2f2612ccf8575265ab2be6743f1fcb55891a9cca03eb1424e4d5354de94b9f9104f901c7bb266f6e41d3b0738193bffbae7ca347f41c7aba669bc322886f9f8c83c3e3c4a038187dc24bb317cd34f11d1eb596068b41c8cf558b46e52d99852172753ab29215da7b49c13f755525abf072a380efa25512f73488fb842d0e66ab5050e6109f73ecb733e650a3c4baea326aa2f6de22ecbd61708f9320f299b6a8f78cc729a4cfca9e7f502f7a1f2de884596dcad521917741fe9bfac11b5f360f72149e7474806f22b890feea9c7d88436fddc5d3cf729e6ff6f35753d0fd13622ac5ab13d6396667f39ee94706ff94d43a74f99e789d3100814928ecfa2f3b65a43e2bfaa8a7b5f5f36dd5b922dcffff369404949e46651e1a121dd062be54bdc8fc31bd4b24108ffb6484c360d6cfccaa1e0de13e5fb297013ba0958b53f2838d2032b42da42ad3f8791ef692b5d20194a6666ddfb83bb32e1186bb7d860e89b6d53f48ca0ad0a37debc61bbdb6332204d5380d6455b1cde70d8c02a788fe0c6d2f5fd28400d077b4572685e888a1df6fd0987294f5871d789d4dee3120f57618ba37a26609c70ec0145d95556535e1e51863cb0f21cc578dd82f35d8f660857cda1a7bbd8ded7fab053917efaa10be057930f4e8db462e6b310c92fa72d81bc2ddc552a44ed65650ec2086ed076967798aea12ff1d8ac88b2cebd9504e3ac2a568d12133ddd2f8452a6d9e849b9be5958fd506927de5ae437d71c770508c95433fba09a8c61eb84075180f01648cf7b368cea1d77492798d90a760cbf2794e9518561a65fc5c4de8a7a02a3b0f7c7f97e3362c964e220ada35f46bf0ae950228a6735fc5311ee7df1586c6da48dc97a3539f4334de2fb578b338af675c48371c069cf434d3c4f3a198800e966683ac88117654eefeba3713777aaff5871525a3539438abad7249692bb51a22223d142bafc1c2e42fd81d9906fa8a2fda87a7561fcaf6e0ea9c1619cd4e855b83e6d229fdcabdd1cf842107a78a67265656600fec89cf67d5937a15bbd4d14ce5a542beb8bce83f62b047e5e40c131fa3b061f440b38ee1cabb0918baa70b0639d39430703df3b2ab1ed0933feb88fdbaab0ef933034a8702a09e3e41670d45f893fb7308128a7b473515ac98c8e80d15c6b7bc5f7ba5da3edc851776d8ae605fc7b4c38eb7ceb896fcde9611949a59767521bec3dddfd44b441677afee1747efaecb972d3b11a52a5039fafde5e9842e06a494d510eb67446d2a19fd7698853629f25629e7da53e66ac52e412d0b6188ea11cdbbc5a4f919d1b2b0316d0d65c889a9cc0ac173f0e661a15befe732a030ab", 0x1000}, {&(0x7f00000003c0)="f88bcdb4d256085f22b74162fc8c7d8e2c2f4b92b78423a5d0f50e5990540289cf4ebda14738792e2d72f0c736c631a75f1ec4eef20b1862a906f1425cbdfcf55b22f10670705c427a617855849579580cc2b0ad2249e248f07f0166bf506e4bebfa80a02acad6cd56db33", 0x6b}], 0x7) pipe(0x0) r2 = dup(0xffffffffffffffff) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x2) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x43}, 0x6}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b4560a117fffffff81004e200e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000180), 0xc, &(0x7f0000000d00)={&(0x7f00000004c0)=ANY=[@ANYRESOCT=r3, @ANYRESDEC=r1, @ANYRESHEX], 0x94}}, 0x20040814) mincore(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e1a0100000000ffffffffffff0000000000000000aaaaaaaaaa0000"], 0x1d) socket$packet(0x11, 0x2, 0x300) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"]) ioctl$USBDEVFS_CONTROL(r4, 0x8004550f, &(0x7f0000000140)={0x60, 0x9, 0x0, 0x7d, 0x0, 0x0, 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000002000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) 8.221911ms ago: executing program 3 (id=543): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000010540)='/proc/timer_list\x00', 0x0, 0x0) lseek(r0, 0x7, 0x0) 0s ago: executing program 1 (id=544): bind$inet6(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000480)}}, 0x18) creat(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x4, 0x0, 0x20001f00) kernel console output (not intermixed with test programs): 5][ T5847] ? do_syscall_64+0xb6/0x230 [ 111.368565][ T5847] do_syscall_64+0xf3/0x230 [ 111.373046][ T5847] ? clear_bhb_loop+0x35/0x90 [ 111.377707][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.383583][ T5847] RIP: 0033:0x7f7ed4f7475f [ 111.387988][ T5847] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 111.407576][ T5847] RSP: 002b:00007f7ed49ff040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 111.415973][ T5847] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7ed4f7475f [ 111.423925][ T5847] RDX: 0000000000000001 RSI: 00007f7ed49ff0b0 RDI: 0000000000000004 [ 111.431876][ T5847] RBP: 00007f7ed49ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 111.439849][ T5847] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 111.447806][ T5847] R13: 000000000000000b R14: 00007f7ed5103f60 R15: 00007fff75669578 [ 111.455775][ T5847] [ 111.721331][ T5859] loop3: detected capacity change from 0 to 256 [ 111.803310][ T5864] netlink: 'syz.1.129': attribute type 1 has an invalid length. [ 111.811373][ T5864] netlink: 9344 bytes leftover after parsing attributes in process `syz.1.129'. [ 111.820711][ T5864] netlink: 'syz.1.129': attribute type 1 has an invalid length. [ 112.845694][ T5874] FAULT_INJECTION: forcing a failure. [ 112.845694][ T5874] name failslab, interval 1, probability 0, space 0, times 0 [ 112.893351][ T5874] CPU: 1 UID: 0 PID: 5874 Comm: syz.1.133 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 112.903429][ T5874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 112.913468][ T5874] Call Trace: [ 112.916731][ T5874] [ 112.919643][ T5874] dump_stack_lvl+0x241/0x360 [ 112.924315][ T5874] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.929500][ T5874] ? __pfx__printk+0x10/0x10 [ 112.934079][ T5874] ? __pfx___might_resched+0x10/0x10 [ 112.939349][ T5874] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 112.945316][ T5874] should_fail_ex+0x3b0/0x4e0 [ 112.949982][ T5874] ? mas_alloc_nodes+0x26c/0x840 [ 112.954904][ T5874] should_failslab+0x9/0x20 [ 112.959390][ T5874] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 112.964752][ T5874] mas_alloc_nodes+0x26c/0x840 [ 112.969506][ T5874] mas_preallocate+0xfca/0x1730 [ 112.974349][ T5874] ? __pfx_mas_preallocate+0x10/0x10 [ 112.979637][ T5874] ? __mas_set_range+0x133/0x3c0 [ 112.984562][ T5874] __split_vma+0x2e5/0xc30 [ 112.988981][ T5874] ? __pfx_validate_chain+0x10/0x10 [ 112.994189][ T5874] ? __pfx___split_vma+0x10/0x10 [ 112.999117][ T5874] ? validate_chain+0x11e/0x5920 [ 113.004043][ T5874] do_vmi_align_munmap+0x388/0x18c0 [ 113.009236][ T5874] ? mtree_range_walk+0x6fd/0x8e0 [ 113.014253][ T5874] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 113.019878][ T5874] ? mtree_range_walk+0x6fd/0x8e0 [ 113.024900][ T5874] ? mas_find+0x8c0/0xbb0 [ 113.029222][ T5874] do_vmi_munmap+0x261/0x2f0 [ 113.033805][ T5874] mmap_region+0x72f/0x2090 [ 113.038307][ T5874] ? __pfx_mmap_region+0x10/0x10 [ 113.043232][ T5874] ? thp_get_unmapped_area_vmflags+0x269/0x380 [ 113.049369][ T5874] ? cap_mmap_addr+0x163/0x2c0 [ 113.054116][ T5874] ? __get_unmapped_area+0x2f0/0x360 [ 113.059389][ T5874] do_mmap+0x8ad/0xfa0 [ 113.063451][ T5874] ? __pfx_do_mmap+0x10/0x10 [ 113.068025][ T5874] ? __pfx_ima_file_mmap+0x10/0x10 [ 113.073119][ T5874] vm_mmap_pgoff+0x1dd/0x3d0 [ 113.077696][ T5874] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 113.082806][ T5874] ksys_mmap_pgoff+0x4f1/0x720 [ 113.087579][ T5874] ? __x64_sys_mmap+0x7f/0x140 [ 113.092337][ T5874] do_syscall_64+0xf3/0x230 [ 113.096824][ T5874] ? clear_bhb_loop+0x35/0x90 [ 113.101486][ T5874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.107357][ T5874] RIP: 0033:0x7f7ed4f75bd9 [ 113.111755][ T5874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.131337][ T5874] RSP: 002b:00007f7ed49ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 113.139730][ T5874] RAX: ffffffffffffffda RBX: 00007f7ed5103f60 RCX: 00007f7ed4f75bd9 [ 113.147683][ T5874] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020ffc000 [ 113.155633][ T5874] RBP: 00007f7ed49ff0a0 R08: 0000000000000004 R09: 0000000000000000 [ 113.163672][ T5874] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 113.171622][ T5874] R13: 000000000000000b R14: 00007f7ed5103f60 R15: 00007fff75669578 [ 113.179583][ T5874] [ 113.282801][ T5882] gretap1: entered promiscuous mode [ 113.317899][ T5882] gretap1: entered allmulticast mode [ 113.344489][ T5878] loop2: detected capacity change from 0 to 256 [ 113.682993][ T5887] tipc: Enabled bearer , priority 0 [ 113.768211][ T5889] loop4: detected capacity change from 0 to 1024 [ 113.827651][ T5887] tipc: Resetting bearer [ 113.862443][ T5886] tipc: Resetting bearer [ 113.873665][ T5893] loop1: detected capacity change from 0 to 256 [ 113.897219][ T5893] exfat: Unknown parameter '' [ 113.968476][ T5149] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 114.187484][ T5149] usb 3-1: Using ep0 maxpacket: 32 [ 114.199228][ T5149] usb 3-1: New USB device found, idVendor=257a, idProduct=260c, bcdDevice=a6.30 [ 114.210409][ T5149] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.239921][ T5149] usb 3-1: Product: syz [ 114.244877][ T5149] usb 3-1: Manufacturer: syz [ 114.250862][ T5149] usb 3-1: SerialNumber: syz [ 114.334170][ T5149] usb 3-1: config 0 descriptor?? [ 114.356924][ T5149] option 3-1:0.0: GSM modem (1-port) converter detected [ 116.762239][ T5886] tipc: Disabling bearer [ 116.784390][ T5889] netlink: 8 bytes leftover after parsing attributes in process `syz.4.134'. [ 117.062719][ T5920] netlink: 'syz.4.142': attribute type 1 has an invalid length. [ 117.070571][ T5920] netlink: 9344 bytes leftover after parsing attributes in process `syz.4.142'. [ 117.079705][ T5920] netlink: 'syz.4.142': attribute type 1 has an invalid length. [ 117.816172][ T9] usb 3-1: USB disconnect, device number 7 [ 117.852259][ T5923] FAULT_INJECTION: forcing a failure. [ 117.852259][ T5923] name failslab, interval 1, probability 0, space 0, times 0 [ 117.889657][ T9] option 3-1:0.0: device disconnected [ 117.925800][ T5923] CPU: 1 UID: 0 PID: 5923 Comm: syz.1.144 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 117.935865][ T5923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 117.945903][ T5923] Call Trace: [ 117.949163][ T5923] [ 117.952076][ T5923] dump_stack_lvl+0x241/0x360 [ 117.956745][ T5923] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.961931][ T5923] ? __wake_up_klogd+0x109/0x140 [ 117.966854][ T5923] should_fail_ex+0x3b0/0x4e0 [ 117.971517][ T5923] ? kstrdup_quotable+0x1b0/0x5e0 [ 117.976526][ T5923] should_failslab+0x9/0x20 [ 117.981010][ T5923] __kmalloc_noprof+0xd8/0x400 [ 117.985759][ T5923] kstrdup_quotable+0x1b0/0x5e0 [ 117.990598][ T5923] ? __pfx_kstrdup_quotable+0x10/0x10 [ 117.995950][ T5923] ? invoke_bpf_prog+0x1622/0x1a30 [ 118.001044][ T5923] ? get_cmdline+0x25e/0x290 [ 118.005634][ T5923] kstrdup_quotable_cmdline+0x2cf/0x340 [ 118.011189][ T5923] __report_access+0x4c/0x380 [ 118.015852][ T5923] ? _raw_spin_unlock_irq+0x23/0x50 [ 118.021029][ T5923] ? lockdep_hardirqs_on+0x99/0x150 [ 118.026213][ T5923] task_work_run+0x24f/0x310 [ 118.030785][ T5923] ? __pfx_task_work_run+0x10/0x10 [ 118.035878][ T5923] ? syscall_exit_to_user_mode+0xa3/0x370 [ 118.041585][ T5923] syscall_exit_to_user_mode+0x168/0x370 [ 118.047200][ T5923] do_syscall_64+0x100/0x230 [ 118.051775][ T5923] ? clear_bhb_loop+0x35/0x90 [ 118.056434][ T5923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.062303][ T5923] RIP: 0033:0x7f7ed4f75bd9 [ 118.066707][ T5923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.086308][ T5923] RSP: 002b:00007f7ed49ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 118.094736][ T5923] RAX: ffffffffffffffff RBX: 00007f7ed5103f60 RCX: 00007f7ed4f75bd9 [ 118.102689][ T5923] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206 [ 118.110644][ T5923] RBP: 00007f7ed49ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 118.118620][ T5923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.126573][ T5923] R13: 000000000000000b R14: 00007f7ed5103f60 R15: 00007fff75669578 [ 118.134542][ T5923] [ 118.157081][ T5923] ptrace attach of "(null)"[5228] was attempted by "  @  [ 118.300557][ T54] Bluetooth: hci0: unexpected subevent 0x01 length: 25 > 18 [ 118.889203][ T5918] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 119.833392][ T5978] gretap1: entered promiscuous mode [ 119.881941][ T5978] gretap1: entered allmulticast mode [ 120.121655][ T6006] loop2: detected capacity change from 0 to 8 [ 120.128517][ T6006] squashfs: Unknown parameter 'l80211' [ 120.792289][ T6015] loop2: detected capacity change from 0 to 1024 [ 120.796897][ T5110] Bluetooth: hci0: command tx timeout [ 120.826415][ T6015] netlink: 8 bytes leftover after parsing attributes in process `syz.2.152'. [ 120.838247][ T6015] netlink: 8 bytes leftover after parsing attributes in process `syz.2.152'. [ 120.855324][ T6015] netlink: 8 bytes leftover after parsing attributes in process `syz.2.152'. [ 120.890686][ T6015] netlink: 8 bytes leftover after parsing attributes in process `syz.2.152'. [ 121.033923][ T6017] loop0: detected capacity change from 0 to 512 [ 121.234886][ T6017] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.256012][ T6017] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.470089][ T6032] netlink: 'syz.3.156': attribute type 1 has an invalid length. [ 121.477854][ T6032] netlink: 9344 bytes leftover after parsing attributes in process `syz.3.156'. [ 121.487619][ T6032] netlink: 'syz.3.156': attribute type 1 has an invalid length. [ 122.289126][ T6037] loop4: detected capacity change from 0 to 2048 [ 122.329560][ T6037] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.405116][ T5110] Bluetooth: hci4: unexpected subevent 0x01 length: 25 > 18 [ 122.413404][ T5110] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 122.561319][ T29] audit: type=1804 audit(1720051115.909:4): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.153" name="/newroot/37/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 122.609453][ T6042] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 122.947530][ T5092] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.978781][ T58] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 123.101811][ T6056] netlink: 'syz.2.164': attribute type 1 has an invalid length. [ 123.109644][ T6056] netlink: 9344 bytes leftover after parsing attributes in process `syz.2.164'. [ 123.118881][ T6056] netlink: 'syz.2.164': attribute type 1 has an invalid length. [ 123.940577][ T58] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 123.969823][ T58] usb 5-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.40 [ 124.104815][ T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.119549][ T58] usb 5-1: Product: syz [ 124.124588][ T58] usb 5-1: Manufacturer: syz [ 124.129325][ T58] usb 5-1: SerialNumber: syz [ 124.142026][ T58] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 124.394634][ T5100] usb 5-1: USB disconnect, device number 9 [ 124.411209][ T5104] udevd[5104]: setting mode of /dev/bus/usb/005/009 to 020664 failed: No such file or directory [ 124.456234][ T5104] udevd[5104]: setting owner of /dev/bus/usb/005/009 to uid=0, gid=0 failed: No such file or directory [ 124.613721][ T6070] loop0: detected capacity change from 0 to 256 [ 124.740378][ T6072] loop3: detected capacity change from 0 to 1024 [ 125.497016][ T5977] hfsplus: b-tree write err: -5, ino 4 [ 125.508678][ T5096] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.638584][ T6076] netlink: 'syz.1.168': attribute type 1 has an invalid length. [ 125.646434][ T6076] netlink: 9344 bytes leftover after parsing attributes in process `syz.1.168'. [ 125.655613][ T6076] netlink: 'syz.1.168': attribute type 1 has an invalid length. [ 126.497268][ T6083] FAULT_INJECTION: forcing a failure. [ 126.497268][ T6083] name failslab, interval 1, probability 0, space 0, times 0 [ 126.544852][ T6079] loop2: detected capacity change from 0 to 1024 [ 126.560435][ T6084] loop4: detected capacity change from 0 to 128 [ 126.595632][ T6083] CPU: 1 UID: 0 PID: 6083 Comm: syz.3.171 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 126.605744][ T6083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 126.615815][ T6083] Call Trace: [ 126.619106][ T6083] [ 126.622040][ T6083] dump_stack_lvl+0x241/0x360 [ 126.626717][ T6083] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.631907][ T6083] ? __pfx__printk+0x10/0x10 [ 126.636489][ T6083] ? __pfx___might_resched+0x10/0x10 [ 126.641767][ T6083] should_fail_ex+0x3b0/0x4e0 [ 126.646441][ T6083] ? shmem_alloc_inode+0x28/0x40 [ 126.651369][ T6083] should_failslab+0x9/0x20 [ 126.655872][ T6083] kmem_cache_alloc_lru_noprof+0x71/0x2b0 [ 126.661605][ T6083] shmem_alloc_inode+0x28/0x40 [ 126.666357][ T6083] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 126.671803][ T6083] new_inode+0x6e/0x310 [ 126.675949][ T6083] shmem_get_inode+0x34a/0xd50 [ 126.680702][ T6083] ? _raw_spin_unlock+0x28/0x50 [ 126.685550][ T6083] __shmem_file_setup+0x171/0x2c0 [ 126.690572][ T6083] __se_sys_memfd_create+0x36b/0x850 [ 126.695848][ T6083] do_syscall_64+0xf3/0x230 [ 126.700331][ T6083] ? clear_bhb_loop+0x35/0x90 [ 126.704994][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.710887][ T6083] RIP: 0033:0x7fad8bb75bd9 [ 126.715305][ T6083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.734910][ T6083] RSP: 002b:00007fad8c989e28 EFLAGS: 00000206 ORIG_RAX: 000000000000013f [ 126.743325][ T6083] RAX: ffffffffffffffda RBX: 00000000000000a4 RCX: 00007fad8bb75bd9 [ 126.751295][ T6083] RDX: 00007fad8c989f00 RSI: 0000000000000000 RDI: 00007fad8bbe3d1b [ 126.759259][ T6083] RBP: 0000000020000180 R08: 00007fad8c989bc7 R09: 00007fad8c989e50 [ 126.767219][ T6083] R10: 000000000000000a R11: 0000000000000206 R12: 0000000020000100 [ 126.775174][ T6083] R13: 00007fad8c989f00 R14: 00007fad8c989ec0 R15: 0000000020000500 [ 126.783140][ T6083] [ 126.822007][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.169'. [ 126.832529][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.169'. [ 126.841760][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.169'. [ 126.878225][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.169'. [ 126.888770][ T6084] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 127.114706][ T6084] ext4 filesystem being mounted at /34/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 128.086432][ T6098] FAULT_INJECTION: forcing a failure. [ 128.086432][ T6098] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.104166][ T6098] CPU: 1 UID: 0 PID: 6098 Comm: syz.3.175 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 128.114252][ T6098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 128.124297][ T6098] Call Trace: [ 128.127568][ T6098] [ 128.130486][ T6098] dump_stack_lvl+0x241/0x360 [ 128.135189][ T6098] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.140377][ T6098] ? __pfx__printk+0x10/0x10 [ 128.144961][ T6098] ? __pfx_lock_release+0x10/0x10 [ 128.149981][ T6098] should_fail_ex+0x3b0/0x4e0 [ 128.154649][ T6098] _copy_from_user+0x2f/0xe0 [ 128.159234][ T6098] copy_from_sockptr_offset+0x6b/0xb0 [ 128.164599][ T6098] do_ipt_set_ctl+0xbdd/0x1250 [ 128.169351][ T6098] ? __pfx___might_resched+0x10/0x10 [ 128.174620][ T6098] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 128.179806][ T6098] ? __pfx_lock_release+0x10/0x10 [ 128.184823][ T6098] ? __mutex_unlock_slowpath+0x21d/0x750 [ 128.190441][ T6098] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 128.195802][ T6098] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 128.201767][ T6098] ? __pfx_aa_sk_perm+0x10/0x10 [ 128.206602][ T6098] ? module_put+0x13a/0x2d0 [ 128.211090][ T6098] nf_setsockopt+0x295/0x2c0 [ 128.215672][ T6098] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 128.221555][ T6098] do_sock_setsockopt+0x3af/0x720 [ 128.226588][ T6098] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 128.232114][ T6098] ? __fget_files+0x29/0x470 [ 128.236688][ T6098] ? __fget_files+0x3f6/0x470 [ 128.241352][ T6098] __sys_setsockopt+0x1ae/0x250 [ 128.246203][ T6098] __x64_sys_setsockopt+0xb5/0xd0 [ 128.251232][ T6098] do_syscall_64+0xf3/0x230 [ 128.255748][ T6098] ? clear_bhb_loop+0x35/0x90 [ 128.260414][ T6098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.266297][ T6098] RIP: 0033:0x7fad8bb75bd9 [ 128.270694][ T6098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.290280][ T6098] RSP: 002b:00007fad8c98a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 128.298677][ T6098] RAX: ffffffffffffffda RBX: 00007fad8bd03f60 RCX: 00007fad8bb75bd9 [ 128.306636][ T6098] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 128.314591][ T6098] RBP: 00007fad8c98a0a0 R08: 0000000000000258 R09: 0000000000000000 [ 128.322545][ T6098] R10: 00000000200004c0 R11: 0000000000000246 R12: 0000000000000001 [ 128.330497][ T6098] R13: 000000000000000b R14: 00007fad8bd03f60 R15: 00007ffe874ff948 [ 128.338461][ T6098] [ 128.660888][ T54] Bluetooth: hci1: unexpected subevent 0x01 length: 25 > 18 [ 128.668315][ T54] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 128.694096][ T6108] loop1: detected capacity change from 0 to 512 [ 129.087074][ T6112] loop1: detected capacity change from 0 to 1024 [ 129.677482][ T54] Bluetooth: hci4: unexpected subevent 0x01 length: 25 > 18 [ 129.687244][ T54] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 129.712203][ T5096] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 130.182716][ T6116] loop2: detected capacity change from 0 to 512 [ 130.201485][ T6116] ext4: Unknown parameter 'context' [ 130.718220][ T5965] hfsplus: b-tree write err: -5, ino 4 [ 130.877559][ T6105] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 131.216377][ T6125] netlink: 'syz.2.182': attribute type 1 has an invalid length. [ 131.224109][ T6125] netlink: 9344 bytes leftover after parsing attributes in process `syz.2.182'. [ 131.233359][ T6125] netlink: 'syz.2.182': attribute type 1 has an invalid length. [ 131.762602][ T6128] loop1: detected capacity change from 0 to 1024 [ 132.563165][ T5977] hfsplus: b-tree write err: -5, ino 4 [ 132.696322][ T6130] loop2: detected capacity change from 0 to 2048 [ 132.737776][ T6134] FAULT_INJECTION: forcing a failure. [ 132.737776][ T6134] name failslab, interval 1, probability 0, space 0, times 0 [ 132.781858][ T6133] warning: `syz.3.185' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 132.783224][ T6130] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 132.812793][ T6134] CPU: 0 UID: 0 PID: 6134 Comm: syz.1.184 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 132.822900][ T6134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 132.832971][ T6134] Call Trace: [ 132.836266][ T6134] [ 132.839214][ T6134] dump_stack_lvl+0x241/0x360 [ 132.843923][ T6134] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.849147][ T6134] ? __pfx__printk+0x10/0x10 [ 132.853768][ T6134] ? __pfx___might_resched+0x10/0x10 [ 132.859079][ T6134] ? __mutex_unlock_slowpath+0x21d/0x750 [ 132.864744][ T6134] should_fail_ex+0x3b0/0x4e0 [ 132.869452][ T6134] should_failslab+0x9/0x20 [ 132.873979][ T6134] __kmalloc_node_noprof+0xdf/0x440 [ 132.879195][ T6134] ? __kvmalloc_node_noprof+0x72/0x190 [ 132.884658][ T6134] __kvmalloc_node_noprof+0x72/0x190 [ 132.889945][ T6134] __se_sys_setgroups+0xf5/0x4d0 [ 132.894887][ T6134] do_syscall_64+0xf3/0x230 [ 132.899385][ T6134] ? clear_bhb_loop+0x35/0x90 [ 132.904074][ T6134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.909971][ T6134] RIP: 0033:0x7f7ed4f75bd9 [ 132.914381][ T6134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.933987][ T6134] RSP: 002b:00007f7ed49ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000074 [ 132.942413][ T6134] RAX: ffffffffffffffda RBX: 00007f7ed5103f60 RCX: 00007f7ed4f75bd9 [ 132.950387][ T6134] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.958354][ T6134] RBP: 00007f7ed49ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 132.966328][ T6134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 132.974298][ T6134] R13: 000000000000000b R14: 00007f7ed5103f60 R15: 00007fff75669578 [ 132.982273][ T6134] [ 133.126241][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.132733][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.218481][ T6149] loop4: detected capacity change from 0 to 2048 [ 135.228034][ T5110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 135.244043][ T5110] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 135.250017][ T6149] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 135.263703][ T5110] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 135.292289][ T5110] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 135.304753][ T5110] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 135.315847][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 135.465024][ T6151] loop2: detected capacity change from 0 to 256 [ 135.535000][ T5092] syz-executor (5092) used greatest stack depth: 18672 bytes left [ 135.557068][ T54] Bluetooth: hci2: unexpected subevent 0x01 length: 25 > 18 [ 135.600572][ T5096] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.658565][ T6156] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 135.807051][ T2430] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.997635][ T2430] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.209579][ T2430] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.214569][ T6161] loop3: detected capacity change from 0 to 16 [ 136.349223][ T6161] erofs: (device loop3): mounted with root inode @ nid 36. [ 136.419777][ T2430] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.227369][ T6166] netlink: 'syz.1.193': attribute type 1 has an invalid length. [ 137.235080][ T6166] netlink: 9344 bytes leftover after parsing attributes in process `syz.1.193'. [ 137.245377][ T6166] netlink: 'syz.1.193': attribute type 1 has an invalid length. [ 137.366033][ T5110] Bluetooth: hci0: command tx timeout [ 137.414639][ T6168] syz.3.192: attempt to access beyond end of device [ 137.414639][ T6168] loop3: rw=0, sector=8, nr_sectors = 16 limit=16 [ 137.524411][ T6158] loop4: detected capacity change from 0 to 32768 [ 137.608213][ T5110] Bluetooth: hci2: command tx timeout [ 137.622733][ T6161] syz.3.192: attempt to access beyond end of device [ 137.622733][ T6161] loop3: rw=0, sector=8, nr_sectors = 16 limit=16 [ 137.795079][ T6179] loop1: detected capacity change from 0 to 1024 [ 138.453413][ T6158] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 138.621776][ T2430] bridge_slave_1: left allmulticast mode [ 138.657205][ T2430] bridge_slave_1: left promiscuous mode [ 138.667698][ T2430] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.827140][ T2849] hfsplus: b-tree write err: -5, ino 4 [ 138.856203][ T2430] bridge_slave_0: left allmulticast mode [ 138.886955][ T2430] bridge_slave_0: left promiscuous mode [ 138.920406][ T2430] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.111397][ T6158] XFS (loop4): Ending clean mount [ 139.158075][ T6194] loop1: detected capacity change from 0 to 2048 [ 139.168440][ T5096] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 139.251939][ T6194] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.466116][ T5110] Bluetooth: hci0: command tx timeout [ 139.493689][ T6204] loop2: detected capacity change from 0 to 64 [ 139.600855][ T6204] Trying to free block not in datazone [ 139.648394][ T6203] loop3: detected capacity change from 0 to 2048 [ 140.986401][ T46] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 141.033591][ T6203] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.098063][ T5093] Trying to free block not in datazone [ 141.118640][ T5093] minix_free_inode: bit 3 already cleared [ 141.137604][ T5093] minix_free_inode: bit 4 already cleared [ 141.169695][ T5093] minix_free_inode: bit 2 already cleared [ 141.170648][ T5093] Trying to free block not in datazone [ 141.170687][ T5093] minix_free_inode: bit 5 already cleared [ 141.172740][ T5093] Trying to free block not in datazone [ 141.173354][ T5093] Trying to free block not in datazone [ 141.173365][ T5093] Trying to free block not in datazone [ 141.173384][ T5093] minix_free_inode: bit 6 already cleared [ 141.174168][ T5093] Trying to free block not in datazone [ 141.174186][ T5093] minix_free_inode: bit 7 already cleared [ 141.622035][ T46] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 141.637275][ T5110] Bluetooth: hci0: command tx timeout [ 141.652367][ T46] usb 2-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.40 [ 141.666449][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.687803][ T46] usb 2-1: Product: syz [ 141.693010][ T46] usb 2-1: Manufacturer: syz [ 141.715427][ T46] usb 2-1: SerialNumber: syz [ 141.777587][ T46] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 141.787862][ T5110] block nbd2: Receive control failed (result -32) [ 141.833224][ T6226] block nbd2: shutting down sockets [ 141.915900][ T5148] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 141.990084][ T46] usb 2-1: USB disconnect, device number 2 [ 142.061351][ T6234] loop4: detected capacity change from 0 to 1024 [ 142.189284][ T5228] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.204359][ T5148] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 142.218189][ T2430] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 142.269260][ T5148] usb 4-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.40 [ 142.301728][ T5148] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.321136][ T2430] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 142.323990][ T5148] usb 4-1: Product: syz [ 142.363010][ T5148] usb 4-1: Manufacturer: syz [ 142.364263][ T2430] bond0 (unregistering): Released all slaves [ 142.375658][ T5148] usb 4-1: SerialNumber: syz [ 142.405412][ T5148] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 142.435935][ T29] audit: type=1326 audit(1720051135.939:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6238 comm="syz.1.202" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7ed4f75bd9 code=0x0 [ 142.485450][ T6150] chnl_net:caif_netlink_parms(): no params data found [ 142.499061][ T6232] cgroup2: Unknown parameter 'memory_loco' [ 142.622336][ T2430] tipc: Left network mode [ 143.115480][ T6150] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.134818][ T6150] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.222308][ T6250] netlink: 'syz.4.203': attribute type 1 has an invalid length. [ 143.230364][ T6250] netlink: 9344 bytes leftover after parsing attributes in process `syz.4.203'. [ 143.239810][ T6250] netlink: 'syz.4.203': attribute type 1 has an invalid length. [ 143.275719][ T6150] bridge_slave_0: entered allmulticast mode [ 143.530998][ T6150] bridge_slave_0: entered promiscuous mode [ 143.921183][ T5110] Bluetooth: hci0: command tx timeout [ 143.943153][ T6237] loop2: detected capacity change from 0 to 32768 [ 143.966535][ T6150] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.987079][ T5145] usb 4-1: USB disconnect, device number 5 [ 143.998436][ T5102] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.005737][ T6150] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.014611][ T6150] bridge_slave_1: entered allmulticast mode [ 144.069200][ T6237] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.201 (6237) [ 144.113787][ T6150] bridge_slave_1: entered promiscuous mode [ 145.491917][ T6267] loop3: detected capacity change from 0 to 1024 [ 145.873630][ T2430] hsr_slave_0: left promiscuous mode [ 145.885979][ T5977] hfsplus: b-tree write err: -5, ino 4 [ 145.964530][ T6237] BTRFS error (device loop2): open_ctree failed [ 145.991516][ T2430] hsr_slave_1: left promiscuous mode [ 146.011717][ T2430] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 146.036116][ T6272] loop4: detected capacity change from 0 to 128 [ 146.043398][ T6271] loop1: detected capacity change from 0 to 1764 [ 146.061566][ T2430] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.098248][ T2430] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.127157][ T2430] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.149113][ T6272] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 146.171828][ T6272] ext4 filesystem being mounted at /41/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 146.301066][ T2430] veth1_macvtap: left promiscuous mode [ 146.307534][ T6288] FAULT_INJECTION: forcing a failure. [ 146.307534][ T6288] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.334625][ T2430] veth0_macvtap: left promiscuous mode [ 146.344797][ T6288] CPU: 0 UID: 0 PID: 6288 Comm: syz.2.209 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 146.354891][ T6288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 146.360798][ T2430] veth1_vlan: left promiscuous mode [ 146.364938][ T6288] Call Trace: [ 146.364950][ T6288] [ 146.376340][ T6288] dump_stack_lvl+0x241/0x360 [ 146.381047][ T6288] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.386264][ T6288] ? __pfx__printk+0x10/0x10 [ 146.390854][ T6288] ? __pfx_lock_release+0x10/0x10 [ 146.395881][ T6288] should_fail_ex+0x3b0/0x4e0 [ 146.400559][ T6288] _copy_from_user+0x2f/0xe0 [ 146.405143][ T6288] copy_msghdr_from_user+0xae/0x680 [ 146.410343][ T6288] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 146.416156][ T6288] __sys_sendmsg+0x23d/0x3a0 [ 146.420743][ T6288] ? __pfx___sys_sendmsg+0x10/0x10 [ 146.425853][ T6288] ? vfs_write+0x7c4/0xc90 [ 146.430295][ T6288] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 146.436619][ T6288] ? do_syscall_64+0x100/0x230 [ 146.441373][ T6288] ? do_syscall_64+0xb6/0x230 [ 146.446042][ T6288] do_syscall_64+0xf3/0x230 [ 146.450536][ T6288] ? clear_bhb_loop+0x35/0x90 [ 146.455210][ T6288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.461095][ T6288] RIP: 0033:0x7f0eb3f75bd9 [ 146.465503][ T6288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.485107][ T6288] RSP: 002b:00007f0eb39bd048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.493518][ T6288] RAX: ffffffffffffffda RBX: 00007f0eb4104110 RCX: 00007f0eb3f75bd9 [ 146.501483][ T6288] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000007 [ 146.509446][ T6288] RBP: 00007f0eb39bd0a0 R08: 0000000000000000 R09: 0000000000000000 [ 146.517408][ T6288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.525367][ T6288] R13: 000000000000006e R14: 00007f0eb4104110 R15: 00007ffeb40cb8a8 [ 146.533341][ T6288] [ 146.545710][ T2430] veth0_vlan: left promiscuous mode [ 146.852022][ T5110] block nbd1: Receive control failed (result -32) [ 146.863348][ T6291] block nbd1: shutting down sockets [ 146.975145][ T5096] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 147.288991][ T6304] loop1: detected capacity change from 0 to 2048 [ 147.320446][ T6304] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.455639][ T5148] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 147.589530][ T2430] team0 (unregistering): Port device team_slave_1 removed [ 147.627927][ T2430] team0 (unregistering): Port device team_slave_0 removed [ 147.686959][ T5148] usb 5-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 147.703559][ T5148] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 147.723328][ T5148] usb 5-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 147.744428][ T5148] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.795277][ T5148] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 147.945774][ T58] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 148.065135][ T5148] gspca_sn9c2028: read1 error -32 [ 148.074961][ T5148] gspca_sn9c2028: read1 error -32 [ 148.081470][ T6302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.098931][ T6302] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.119752][ T6302] loop4: detected capacity change from 0 to 8 [ 148.139807][ T58] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 148.140339][ T6302] SQUASHFS error: zlib decompression failed, data probably corrupt [ 148.168505][ T6302] SQUASHFS error: Failed to read block 0x9b: -5 [ 148.175359][ T6302] SQUASHFS error: Unable to read metadata cache entry [99] [ 148.190060][ T6302] SQUASHFS error: Unable to read inode 0x127 [ 148.198674][ T58] usb 2-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.40 [ 148.227739][ T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.276248][ T58] usb 2-1: Product: syz [ 148.280480][ T58] usb 2-1: Manufacturer: syz [ 148.285119][ T58] usb 2-1: SerialNumber: syz [ 148.302914][ T6150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.361547][ T58] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 148.371008][ T6150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.447779][ T6302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.456287][ T6313] loop3: detected capacity change from 0 to 1024 [ 148.477119][ T6302] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.552625][ T6315] netlink: 9412 bytes leftover after parsing attributes in process `syz.2.215'. [ 148.653790][ T5145] usb 2-1: USB disconnect, device number 3 [ 149.037066][ T6150] team0: Port device team_slave_0 added [ 149.360722][ T5148] gspca_sn9c2028: read1 error -110 [ 149.366110][ T5148] sn9c2028 5-1:220.0: probe with driver sn9c2028 failed with error -110 [ 149.386698][ T6150] team0: Port device team_slave_1 added [ 149.430805][ T6313] hfsplus: request for non-existent node 16777216 in B*Tree [ 149.458482][ T6313] hfsplus: request for non-existent node 16777216 in B*Tree [ 149.459264][ T5228] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.496330][ T6313] hfsplus: request for non-existent node 16777216 in B*Tree [ 149.525634][ T6313] hfsplus: request for non-existent node 16777216 in B*Tree [ 149.578334][ T6150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.585315][ T6150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.652580][ T6321] loop1: detected capacity change from 0 to 512 [ 149.710552][ T6321] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.711219][ T6150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.728759][ T6321] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 149.811935][ T6321] FAULT_INJECTION: forcing a failure. [ 149.811935][ T6321] name failslab, interval 1, probability 0, space 0, times 0 [ 149.837021][ T6150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.843312][ T6321] CPU: 0 UID: 0 PID: 6321 Comm: syz.1.216 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 149.854055][ T6321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 149.864122][ T6321] Call Trace: [ 149.867406][ T6321] [ 149.870331][ T6321] dump_stack_lvl+0x241/0x360 [ 149.875010][ T6321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.880211][ T6321] ? __pfx__printk+0x10/0x10 [ 149.884807][ T6321] ? __pfx___might_resched+0x10/0x10 [ 149.890088][ T6321] ? __virt_addr_valid+0x183/0x530 [ 149.895206][ T6321] should_fail_ex+0x3b0/0x4e0 [ 149.899887][ T6321] ? getname_flags+0xb7/0x540 [ 149.904565][ T6321] should_failslab+0x9/0x20 [ 149.909062][ T6321] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 149.914435][ T6321] getname_flags+0xb7/0x540 [ 149.918938][ T6321] __x64_sys_symlink+0x6a/0x90 [ 149.923698][ T6321] do_syscall_64+0xf3/0x230 [ 149.928191][ T6321] ? clear_bhb_loop+0x35/0x90 [ 149.932864][ T6321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.938752][ T6321] RIP: 0033:0x7f7ed4f75bd9 [ 149.943168][ T6321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.962771][ T6321] RSP: 002b:00007f7ed49ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 149.971200][ T6321] RAX: ffffffffffffffda RBX: 00007f7ed5103f60 RCX: 00007f7ed4f75bd9 [ 149.979168][ T6321] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 149.987134][ T6321] RBP: 00007f7ed49ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 149.995095][ T6321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.003060][ T6321] R13: 000000000000000b R14: 00007f7ed5103f60 R15: 00007fff75669578 [ 150.011036][ T6321] [ 150.015447][ T6150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.082867][ T6150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 150.100433][ T5228] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.135211][ T5145] usb 5-1: USB disconnect, device number 10 [ 150.385846][ T6150] hsr_slave_0: entered promiscuous mode [ 150.421256][ T6150] hsr_slave_1: entered promiscuous mode [ 150.552798][ T6334] loop2: detected capacity change from 0 to 1024 [ 150.712465][ T2430] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.757679][ T5965] hfsplus: request for non-existent node 16777216 in B*Tree [ 150.819968][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 150.826033][ T5965] hfsplus: request for non-existent node 16777216 in B*Tree [ 150.836644][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 150.847596][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 150.864888][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 150.876416][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 150.884445][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 151.048209][ T2430] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.288782][ T2430] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.311726][ T5110] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 151.328959][ T5110] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 151.346078][ T5110] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 151.355027][ T5110] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 151.366863][ T5110] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 151.374514][ T5110] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 151.518934][ T2430] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.990481][ T5977] hfsplus: b-tree write err: -5, ino 4 [ 152.411436][ T2430] bridge_slave_1: left allmulticast mode [ 152.423840][ T2430] bridge_slave_1: left promiscuous mode [ 152.450385][ T2430] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.507474][ T2430] bridge_slave_0: left allmulticast mode [ 152.523379][ T2430] bridge_slave_0: left promiscuous mode [ 152.543974][ T2430] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.660080][ T6364] loop2: detected capacity change from 0 to 32768 [ 152.744803][ T6358] loop3: detected capacity change from 0 to 32768 [ 152.759947][ T6358] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section clean: entry type (unknown jset_entry_type 38) overruns end of section [ 152.759947][ T6358] clean (size 2912): [ 152.759947][ T6358] flags: 0 [ 152.759947][ T6358] journal_seq: 8 [ 152.759947][ T6358] log: [ 152.759947][ T6358] usage: type=key_version v=0 [ 152.759947][ T6358] usage: type=reserved v=0 [ 152.759947][ T6358] usage: type=reserved v=0 [ 152.759947][ T6358] usage: type=reserved v=0 [ 152.759947][ T6358] usage: type=reserved v=0 [ 152.759947][ T6358] data_usage: btree: 1/1 [0]=2816 [ 152.759947][ T6358] data_usage: journal: 1/1 [0]=0 [ 152.759947][ T6358] [ 152.956849][ T54] Bluetooth: hci3: command tx timeout [ 153.355266][ T2430] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.373691][ T2430] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.387212][ T2430] bond0 (unregistering): Released all slaves [ 153.434045][ T6339] chnl_net:caif_netlink_parms(): no params data found [ 153.449366][ T54] Bluetooth: hci2: command tx timeout [ 153.591192][ T2430] tipc: Left network mode [ 154.185166][ T6348] chnl_net:caif_netlink_parms(): no params data found [ 155.036018][ T54] Bluetooth: hci3: command tx timeout [ 155.056606][ T6150] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 155.075667][ T6150] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 155.091896][ T6380] loop3: detected capacity change from 0 to 32768 [ 155.099379][ T6339] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.116124][ T6339] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.123980][ T6339] bridge_slave_0: entered allmulticast mode [ 155.133018][ T6339] bridge_slave_0: entered promiscuous mode [ 155.144132][ T6339] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.151712][ T6339] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.159354][ T6339] bridge_slave_1: entered allmulticast mode [ 155.168228][ T6339] bridge_slave_1: entered promiscuous mode [ 155.226485][ T6396] loop2: detected capacity change from 0 to 256 [ 155.245675][ T6150] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 155.247161][ T6396] FAT-fs (loop2): Directory bread(block 64) failed [ 155.259359][ T6396] FAT-fs (loop2): Directory bread(block 65) failed [ 155.267599][ T6396] FAT-fs (loop2): Directory bread(block 66) failed [ 155.275776][ T6396] FAT-fs (loop2): Directory bread(block 67) failed [ 155.286799][ T6396] FAT-fs (loop2): Directory bread(block 68) failed [ 155.293716][ T6396] FAT-fs (loop2): Directory bread(block 69) failed [ 155.300508][ T6396] FAT-fs (loop2): Directory bread(block 70) failed [ 155.310039][ T6396] FAT-fs (loop2): Directory bread(block 71) failed [ 155.316991][ T6396] FAT-fs (loop2): Directory bread(block 72) failed [ 155.323542][ T6396] FAT-fs (loop2): Directory bread(block 73) failed [ 155.351873][ T2430] hsr_slave_0: left promiscuous mode [ 155.364977][ T2430] hsr_slave_1: left promiscuous mode [ 155.380054][ T2430] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.392239][ T2430] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.403485][ T2430] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.423778][ T2430] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.473133][ T2430] veth1_macvtap: left promiscuous mode [ 155.478885][ T2430] veth0_macvtap: left promiscuous mode [ 155.493475][ T2430] veth1_vlan: left promiscuous mode [ 155.499221][ T2430] veth0_vlan: left promiscuous mode [ 155.516140][ T5110] Bluetooth: hci2: command tx timeout [ 155.820119][ T6380] find_entry called with index >= next_index [ 156.063641][ T2430] team0 (unregistering): Port device team_slave_1 removed [ 156.102738][ T2430] team0 (unregistering): Port device team_slave_0 removed [ 156.417209][ T6150] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 156.453507][ T6339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.504123][ T6339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.586581][ T6348] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.593745][ T6348] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.603354][ T6348] bridge_slave_0: entered allmulticast mode [ 156.612908][ T6348] bridge_slave_0: entered promiscuous mode [ 156.650738][ T6339] team0: Port device team_slave_0 added [ 156.663070][ T6339] team0: Port device team_slave_1 added [ 156.684994][ T6348] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.692476][ T6348] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.706204][ T6348] bridge_slave_1: entered allmulticast mode [ 156.714289][ T6348] bridge_slave_1: entered promiscuous mode [ 156.844652][ T6348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.855026][ T6339] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.863926][ T6339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.910506][ T6339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.925834][ T6339] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.935482][ T6339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.971953][ T6339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.997317][ T6348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.119485][ T5110] Bluetooth: hci3: command tx timeout [ 157.150994][ T6348] team0: Port device team_slave_0 added [ 157.189854][ T6348] team0: Port device team_slave_1 added [ 157.222393][ T6339] hsr_slave_0: entered promiscuous mode [ 157.236756][ T6339] hsr_slave_1: entered promiscuous mode [ 157.243312][ T6339] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.251502][ T6339] Cannot create hsr debugfs directory [ 157.283427][ T6348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.290642][ T6348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.319585][ T6348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.389707][ T6348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.397090][ T6348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.437341][ T6348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.595874][ T5110] Bluetooth: hci2: command tx timeout [ 157.950073][ T6420] loop3: detected capacity change from 0 to 512 [ 157.970397][ T6420] EXT4-fs: quotafile must be on filesystem root [ 158.004781][ T6348] hsr_slave_0: entered promiscuous mode [ 158.015210][ T6348] hsr_slave_1: entered promiscuous mode [ 158.365626][ T6348] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 158.373221][ T6348] Cannot create hsr debugfs directory [ 158.466018][ T2430] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.624992][ T2430] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.780615][ T2430] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.826781][ T6150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.897723][ T2430] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.040468][ T6150] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.044024][ T6425] loop3: detected capacity change from 0 to 1024 [ 159.097060][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.104281][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.168176][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.175437][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.195702][ T5110] Bluetooth: hci3: command tx timeout [ 159.356747][ T2430] bridge_slave_1: left allmulticast mode [ 159.362436][ T2430] bridge_slave_1: left promiscuous mode [ 159.394273][ T2430] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.416406][ T2430] bridge_slave_0: left allmulticast mode [ 159.422086][ T2430] bridge_slave_0: left promiscuous mode [ 159.455314][ T2430] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.678919][ T5110] Bluetooth: hci2: command tx timeout [ 160.004709][ T2849] hfsplus: b-tree write err: -5, ino 4 [ 160.057726][ T6444] loop3: detected capacity change from 0 to 1024 [ 160.177097][ T2430] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.186763][ T6444] EXT4-fs: Ignoring removed orlov option [ 160.194717][ T6444] EXT4-fs (loop3): Test dummy encryption mode enabled [ 160.202801][ T6444] EXT4-fs (loop3): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 160.202956][ T2430] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.224477][ T2430] bond0 (unregistering): Released all slaves [ 160.226240][ T6444] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.386353][ T2430] tipc: Left network mode [ 160.424689][ T6150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.492080][ T6444] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 160.573571][ T5102] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.809168][ T6150] veth0_vlan: entered promiscuous mode [ 160.867564][ T2430] hsr_slave_0: left promiscuous mode [ 160.892421][ T2430] hsr_slave_1: left promiscuous mode [ 160.908399][ T2430] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.923576][ T2430] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.944465][ T2430] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.954709][ T6470] loop3: detected capacity change from 0 to 512 [ 160.986386][ T2430] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.043307][ T2430] veth1_macvtap: left promiscuous mode [ 161.058193][ T2430] veth0_macvtap: left promiscuous mode [ 161.075020][ T2430] veth1_vlan: left promiscuous mode [ 161.097822][ T2430] veth0_vlan: left promiscuous mode [ 161.808113][ T2430] team0 (unregistering): Port device team_slave_1 removed [ 161.846952][ T2430] team0 (unregistering): Port device team_slave_0 removed [ 162.287542][ T6150] veth1_vlan: entered promiscuous mode [ 162.381080][ T6339] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 162.466267][ T6339] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 162.482713][ T6339] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 162.549413][ T6339] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 162.605280][ T6150] veth0_macvtap: entered promiscuous mode [ 162.709328][ T6150] veth1_macvtap: entered promiscuous mode [ 162.814378][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.846935][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.857437][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.868115][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.880906][ T6150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.771639][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.805823][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.826590][ T6150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.837561][ T6150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.867661][ T6150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.006054][ T6150] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.014799][ T6150] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.044833][ T6150] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.065168][ T6150] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.384121][ T5977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.417283][ T6339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.425023][ T5977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.473480][ T6348] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 164.492040][ T6348] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 164.512118][ T6348] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 164.520584][ T2430] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.533328][ T2430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.550481][ T6339] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.560731][ T6348] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 164.600025][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.607238][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.683903][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.691104][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.988968][ T6511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.186'. [ 165.046684][ T6511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.186'. [ 165.070757][ T6511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.186'. [ 165.122041][ T6348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.153518][ T6515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.186'. [ 165.292288][ T6348] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.338869][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.346068][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.398466][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.405661][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.754074][ T6339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.984119][ T6339] veth0_vlan: entered promiscuous mode [ 166.046535][ T6339] veth1_vlan: entered promiscuous mode [ 166.147870][ T6348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.211027][ T6339] veth0_macvtap: entered promiscuous mode [ 166.258931][ T6339] veth1_macvtap: entered promiscuous mode [ 166.353619][ T6339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.390680][ T6339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.417844][ T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 166.430633][ T6339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.430687][ T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 166.451156][ T6339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.461183][ T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 166.489293][ T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 166.496664][ T6339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.507575][ T6339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.517768][ T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 166.526010][ T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 166.548034][ T6339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 166.805358][ T6339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.836914][ T6339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.865220][ T6339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.894136][ T6339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.921205][ T6339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.964786][ T6339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.983549][ T6339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 166.999800][ T6534] Illegal XDP return value 591641600 on prog (id 44) dev syz_tun, expect packet loss! [ 167.050061][ T6339] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.086884][ T6339] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.110172][ T6339] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.143113][ T6339] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.469184][ T6348] veth0_vlan: entered promiscuous mode [ 167.475231][ T1051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.508765][ T1051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.564413][ T6348] veth1_vlan: entered promiscuous mode [ 167.623022][ T6348] veth0_macvtap: entered promiscuous mode [ 167.638334][ T6348] veth1_macvtap: entered promiscuous mode [ 167.701995][ T1051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.706779][ T6348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.736116][ T6348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.742231][ T1051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.765741][ T6348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.788342][ T6348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.805563][ T6348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.835929][ T6348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.852301][ T6348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.891749][ T6348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.919014][ T6348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 167.984491][ T6348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.022592][ T6348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.072928][ T6348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.092830][ T6348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.115557][ T6348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.156648][ T6348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.180430][ T6348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.215681][ T6348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.247189][ T6348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.255940][ T6545] chnl_net:caif_netlink_parms(): no params data found [ 168.347169][ T6348] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.375558][ T6348] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.404968][ T6348] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.434191][ T6348] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.566814][ T54] Bluetooth: hci5: command tx timeout [ 168.776342][ T6545] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.783499][ T6545] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.838623][ T6545] bridge_slave_0: entered allmulticast mode [ 168.863093][ T6545] bridge_slave_0: entered promiscuous mode [ 168.940427][ T6545] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.980479][ T6545] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.006823][ T6545] bridge_slave_1: entered allmulticast mode [ 169.034996][ T6601] loop3: detected capacity change from 0 to 1024 [ 169.036000][ T6545] bridge_slave_1: entered promiscuous mode [ 169.205000][ T6545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.242958][ T5977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.261236][ T5977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.287703][ T6545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.408924][ T6579] loop1: detected capacity change from 0 to 32768 [ 169.440454][ T5965] hfsplus: b-tree write err: -5, ino 4 [ 169.448300][ T6579] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.218 (6579) [ 169.532951][ T2430] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.550225][ T6545] team0: Port device team_slave_0 added [ 169.565376][ T2430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.575249][ T6579] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 169.591932][ T6545] team0: Port device team_slave_1 added [ 169.654267][ T6579] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 169.719145][ T6579] BTRFS info (device loop1): using free-space-tree [ 169.739964][ T6545] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.774364][ T6545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.930486][ T6545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.008616][ T6545] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.069293][ T6545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.220811][ T6545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.257000][ T5100] usb 5-1: new low-speed USB device number 11 using dummy_hcd [ 170.278930][ T29] audit: type=1800 audit(1720051163.789:6): pid=6579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.218" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 170.519099][ T5100] usb 5-1: config 168 has an invalid descriptor of length 121, skipping remainder of the config [ 170.553911][ T5100] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 32, setting to 8 [ 170.644632][ T5100] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 170.646203][ T54] Bluetooth: hci5: command tx timeout [ 170.702126][ T6545] hsr_slave_0: entered promiscuous mode [ 170.774680][ T6545] hsr_slave_1: entered promiscuous mode [ 170.811930][ T5100] usb 5-1: string descriptor 0 read error: -22 [ 170.834726][ T6545] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.872483][ T5100] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice= 0.6e [ 170.885169][ T6545] Cannot create hsr debugfs directory [ 170.946830][ T5100] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.981115][ T6339] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 170.995939][ T5100] adutux 5-1:168.0: interrupt endpoints not found [ 172.389287][ T6626] loop4: detected capacity change from 0 to 64 [ 172.699949][ T6626] hfs: request for non-existent node 16777216 in B*Tree [ 172.716651][ T54] Bluetooth: hci5: command tx timeout [ 172.751283][ T6659] loop3: detected capacity change from 0 to 1024 [ 172.765458][ T6626] hfs: request for non-existent node 16777216 in B*Tree [ 172.841926][ T6545] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.915193][ T6662] loop1: detected capacity change from 0 to 64 [ 172.952850][ T6662] Trying to free block not in datazone [ 173.128614][ T6659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.246'. [ 173.148846][ T6665] netlink: 8 bytes leftover after parsing attributes in process `syz.3.246'. [ 173.158468][ T6663] netlink: 8 bytes leftover after parsing attributes in process `syz.3.246'. [ 173.964863][ T5100] usb 5-1: USB disconnect, device number 11 [ 174.038684][ T6545] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.127876][ T6663] netlink: 8 bytes leftover after parsing attributes in process `syz.3.246'. [ 174.181197][ T54] Bluetooth: hci3: unexpected subevent 0x01 length: 25 > 18 [ 174.199356][ T6677] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 174.293258][ T6682] loop3: detected capacity change from 0 to 764 [ 174.301638][ T6545] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.327193][ T6682] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 174.628682][ T6545] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.795985][ T5110] Bluetooth: hci5: command tx timeout [ 175.175211][ T6700] loop4: detected capacity change from 0 to 2048 [ 175.212849][ T6545] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 175.256398][ T6545] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 175.304055][ T6545] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 175.329436][ T6700] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.415136][ T5148] kernel read not supported for file /vcs (pid: 5148 comm: kworker/1:3) [ 175.664241][ T6545] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 176.249576][ T5110] Bluetooth: hci3: command tx timeout [ 176.355795][ T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 176.554737][ T6545] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.564808][ T9] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 176.620892][ T9] usb 5-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.40 [ 176.645344][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.656859][ T9] usb 5-1: Product: syz [ 176.661138][ T9] usb 5-1: Manufacturer: syz [ 176.671983][ T9] usb 5-1: SerialNumber: syz [ 176.691237][ T9] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 176.770968][ T6689] loop3: detected capacity change from 0 to 32768 [ 176.803869][ T6545] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.816587][ T6689] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.251 (6689) [ 176.851602][ T6730] loop1: detected capacity change from 0 to 64 [ 176.876516][ T6730] Trying to free block not in datazone [ 176.901438][ T5965] bridge_slave_1: left allmulticast mode [ 176.989589][ T5965] bridge_slave_1: left promiscuous mode [ 177.027150][ T5965] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.091468][ T6729] loop0: detected capacity change from 0 to 1024 [ 177.102122][ T5965] bridge_slave_0: left allmulticast mode [ 177.127180][ T6689] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 177.152320][ T6689] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 177.164247][ T5965] bridge_slave_0: left promiscuous mode [ 177.168578][ T6689] BTRFS info (device loop3): using free-space-tree [ 177.190445][ T5965] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.665127][ T5965] tipc: Resetting bearer [ 177.675787][ T6689] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 177.691956][ T6689] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 177.797331][ T6689] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 177.826538][ T6689] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 177.847669][ T6689] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 177.883712][ T6689] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 177.936293][ T6689] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 177.972451][ T6689] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 178.037678][ T6689] BTRFS error (device loop3): open_ctree failed [ 178.143857][ T5300] usb 5-1: USB disconnect, device number 12 [ 178.296839][ T6348] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.316107][ T6756] loop1: detected capacity change from 0 to 1024 [ 178.803340][ T6768] loop4: detected capacity change from 0 to 1024 [ 178.955148][ T5965] tipc: Disabling bearer [ 179.347672][ T5971] hfsplus: b-tree write err: -5, ino 4 [ 179.483091][ T5965] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 179.510921][ T5965] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 179.629836][ T6785] syz.0.263 uses obsolete (PF_INET,SOCK_PACKET) [ 180.340222][ T5965] bond0 (unregistering): Released all slaves [ 180.375253][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.382457][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.404507][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.259'. [ 180.432742][ T6768] netlink: 8 bytes leftover after parsing attributes in process `syz.4.260'. [ 180.479937][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.487128][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.619198][ T5965] tipc: Left network mode [ 180.656698][ T6771] loop3: detected capacity change from 0 to 32768 [ 181.074512][ T6545] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 181.275788][ T54] Bluetooth: hci4: command 0x0406 tx timeout [ 181.401243][ T6771] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 181.427727][ T6545] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 181.615158][ T6771] XFS (loop3): Ending clean mount [ 181.672330][ T6771] XFS (loop3): Quotacheck needed: Please wait. [ 181.749913][ T6813] loop1: detected capacity change from 0 to 256 [ 181.768328][ T6813] exfat: Unknown parameter '' [ 181.890413][ T6771] XFS (loop3): Quotacheck: Done. [ 182.011728][ T5102] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 182.245118][ T5965] hsr_slave_0: left promiscuous mode [ 182.258717][ T6812] loop0: detected capacity change from 0 to 32768 [ 182.283547][ T5965] hsr_slave_1: left promiscuous mode [ 182.298107][ T6812] jfs: Unrecognized mount option "" or missing value [ 182.351014][ T5965] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.415840][ T5965] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 182.487064][ T5965] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.504743][ T5965] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 182.612604][ T5965] veth1_macvtap: left promiscuous mode [ 182.632701][ T5965] veth0_macvtap: left promiscuous mode [ 182.642367][ T5965] veth1_vlan: left promiscuous mode [ 182.673962][ T5965] veth0_vlan: left promiscuous mode [ 182.785780][ T5145] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 182.985614][ T5145] usb 4-1: Using ep0 maxpacket: 8 [ 183.018370][ T5145] usb 4-1: New USB device found, idVendor=1b80, idProduct=d395, bcdDevice=f8.eb [ 183.036257][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.087390][ T5145] usb 4-1: config 0 descriptor?? [ 183.352182][ T5145] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -71 [ 183.375120][ T5145] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 183.382169][ T6817] loop4: detected capacity change from 0 to 32768 [ 183.409439][ T6817] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.270 (6817) [ 183.437240][ T5145] usb 4-1: USB disconnect, device number 6 [ 183.499175][ T6817] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 183.545294][ T6817] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 183.563922][ T6817] BTRFS info (device loop4): using free-space-tree [ 183.862578][ T29] audit: type=1800 audit(1720051177.369:7): pid=6816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.270" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 183.962618][ T6842] loop0: detected capacity change from 0 to 1024 [ 184.102382][ T6348] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 184.477985][ T6846] loop3: detected capacity change from 0 to 1024 [ 184.634231][ T5965] team0 (unregistering): Port device team_slave_1 removed [ 184.644380][ T6849] trusted_key: syz.4.273 sent an empty control message without MSG_MORE. [ 184.772181][ T5965] team0 (unregistering): Port device team_slave_0 removed [ 184.936684][ T5977] hfsplus: b-tree write err: -5, ino 4 [ 186.026548][ T6862] loop4: detected capacity change from 0 to 2048 [ 186.055104][ T6862] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 186.361293][ T6846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.274'. [ 187.185666][ T25] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 187.257682][ T6545] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.458615][ T6545] veth0_vlan: entered promiscuous mode [ 187.518534][ T25] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 187.760995][ T25] usb 5-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.40 [ 187.898479][ T6545] veth1_vlan: entered promiscuous mode [ 187.960476][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.063132][ T25] usb 5-1: Product: syz [ 188.079164][ T25] usb 5-1: Manufacturer: syz [ 188.086653][ T25] usb 5-1: SerialNumber: syz [ 188.103859][ T25] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 188.106919][ T6545] veth0_macvtap: entered promiscuous mode [ 188.147072][ T6545] veth1_macvtap: entered promiscuous mode [ 188.229410][ T6545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.255595][ T6545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.265437][ T6545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.315418][ T6545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.340777][ T6545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.374943][ T6883] loop1: detected capacity change from 0 to 256 [ 188.395583][ T6545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.405416][ T6545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.453345][ T6545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.463912][ T6888] fuse: Unknown parameter '' [ 188.464875][ T6883] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 188.495431][ T29] audit: type=1326 audit(1720051181.999:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.0.283" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9235175bd9 code=0x0 [ 188.496727][ T6545] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.569689][ T6545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.599740][ T6545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.622006][ T6545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.657028][ T6545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.672791][ T6545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.690049][ T6545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.711699][ T6545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.737513][ T6545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.770750][ T6545] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.814595][ T6545] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.841826][ T6545] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.863466][ T6545] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.889662][ T6545] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.945047][ T6879] loop3: detected capacity change from 0 to 32768 [ 189.026355][ T6896] No control pipe specified [ 189.034229][ T6879] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 189.126353][ T6879] XFS (loop3): Ending clean mount [ 189.156550][ T5965] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.173667][ T6879] XFS (loop3): Quotacheck needed: Please wait. [ 189.177087][ T5965] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.269763][ T6903] loop1: detected capacity change from 0 to 64 [ 189.279112][ T5985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.302676][ T6879] XFS (loop3): Quotacheck: Done. [ 189.313541][ T5985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.378786][ T5147] usb 5-1: USB disconnect, device number 13 [ 189.383031][ T6903] hfs: unable to parse mount options [ 189.530697][ T6348] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.544063][ T6903] loop1: detected capacity change from 0 to 512 [ 189.564189][ T6903] EXT4-fs: Ignoring removed i_version option [ 189.604229][ T6911] ALSA: seq fatal error: cannot create timer (-22) [ 189.649810][ T6903] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 189.677661][ T6909] sch_fq: defrate 0 ignored. [ 189.730415][ T6903] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal [ 189.838128][ T6913] loop0: detected capacity change from 0 to 1024 [ 190.740245][ T6921] loop4: detected capacity change from 0 to 1024 [ 190.854539][ T5102] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 190.881147][ T6927] loop2: detected capacity change from 0 to 256 [ 190.896073][ T6921] netlink: 8 bytes leftover after parsing attributes in process `syz.4.287'. [ 190.999540][ T6925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.287'. [ 191.076179][ T6925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.287'. [ 191.115582][ T6929] netlink: 8 bytes leftover after parsing attributes in process `syz.4.287'. [ 192.309598][ T6944] fuse: Unknown parameter '' [ 192.327645][ T29] audit: type=1326 audit(1720051185.839:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c72f75bd9 code=0x0 [ 193.053431][ T6955] loop2: detected capacity change from 0 to 256 [ 193.162472][ T6955] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 193.272859][ T6961] loop4: detected capacity change from 0 to 2048 [ 193.402277][ T6961] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.075836][ T46] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 194.333915][ T6975] loop1: detected capacity change from 0 to 256 [ 194.576109][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.584965][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.594803][ T46] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 194.667536][ T46] usb 5-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.40 [ 194.720676][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.774944][ T46] usb 5-1: Product: syz [ 194.800183][ T46] usb 5-1: Manufacturer: syz [ 194.820509][ T46] usb 5-1: SerialNumber: syz [ 194.888804][ T46] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 194.998587][ T2849] hfsplus: b-tree write err: -5, ino 4 [ 195.162323][ T6995] No control pipe specified [ 195.506441][ T6996] loop0: detected capacity change from 0 to 64 [ 195.520755][ T6996] hfs: unable to parse mount options [ 195.704028][ T6996] loop0: detected capacity change from 0 to 512 [ 195.793121][ T6996] EXT4-fs: Ignoring removed i_version option [ 195.822914][ T6996] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 195.860127][ T6996] EXT4-fs (loop0): can't mount with journal_async_commit, fs mounted w/o journal [ 196.253112][ T5147] usb 5-1: USB disconnect, device number 14 [ 196.533395][ T6348] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.610932][ T7005] netlink: 'syz.1.302': attribute type 25 has an invalid length. [ 196.619256][ T7005] netlink: 'syz.1.302': attribute type 7 has an invalid length. [ 196.831733][ T6989] loop3: detected capacity change from 0 to 32768 [ 197.878508][ T6989] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 197.956049][ T6989] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop3": -EINTR [ 197.956816][ T6989] XFS (loop3): log mount failed [ 198.045495][ C1] sched: RT throttling activated [ 198.245423][ T7034] fuse: Unknown parameter '' [ 198.275823][ T29] audit: type=1326 audit(1720051191.779:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7029 comm="syz.4.308" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x0 [ 198.348407][ T7031] loop1: detected capacity change from 0 to 1024 [ 198.478372][ T7031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'. [ 198.500546][ T7031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'. [ 198.509953][ T7031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'. [ 198.548129][ T7031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'. [ 198.590571][ T7040] qrtr: Invalid version 48 [ 198.600715][ T7040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.310'. [ 198.653728][ T7040] loop0: detected capacity change from 0 to 7 [ 198.682156][ T7040] Dev loop0: unable to read RDB block 7 [ 198.692849][ T7040] loop0: unable to read partition table [ 198.702943][ T7040] loop0: partition table beyond EOD, truncated [ 198.721417][ T7040] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 198.721417][ T7040] ) failed (rc=-5) [ 199.726295][ T7049] loop1: detected capacity change from 0 to 2048 [ 200.080538][ T7054] loop4: detected capacity change from 0 to 256 [ 200.144951][ T7049] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.212151][ T7054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 200.249800][ T7059] loop2: detected capacity change from 0 to 2048 [ 200.717260][ T7054] FAT-fs (loop4): Filesystem has been set read-only [ 200.872286][ T7054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 201.419046][ T7054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 201.452432][ T7059] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.466084][ T7054] syz.4.314 (7054) used greatest stack depth: 18448 bytes left [ 201.473781][ T29] audit: type=1800 audit(1720051194.979:11): pid=7054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.314" name="file1" dev="loop4" ino=1048701 res=0 errno=0 [ 201.746766][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 202.965963][ T5110] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 202.974706][ T5110] Bluetooth: hci0: Injecting HCI hardware error event [ 202.985322][ T54] Bluetooth: hci0: hardware error 0x00 [ 203.456820][ T9] usb 2-1: device not accepting address 4, error -71 [ 203.510937][ T6339] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.678893][ T5148] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 204.471543][ T6545] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.568536][ T7100] fuse: Unknown parameter '' [ 204.605404][ T29] audit: type=1326 audit(1720051198.109:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.4.324" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x0 [ 204.640188][ T7101] loop0: detected capacity change from 0 to 256 [ 204.937260][ T7106] loop2: detected capacity change from 0 to 1024 [ 205.043983][ T7106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.323'. [ 205.079064][ T7106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.323'. [ 205.088529][ T7106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.323'. [ 205.101409][ T7106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.323'. [ 205.195644][ T54] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 205.522022][ T7110] loop4: detected capacity change from 0 to 128 [ 205.638723][ T7094] loop1: detected capacity change from 0 to 32768 [ 205.730386][ T7094] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 206.014463][ T7094] XFS (loop1): Ending clean mount [ 207.443091][ T7094] XFS (loop1): Quotacheck needed: Please wait. [ 207.577796][ T7094] XFS (loop1): Quotacheck: Done. [ 207.658914][ T7131] loop3: detected capacity change from 0 to 2048 [ 207.703168][ T6339] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 207.844815][ T7131] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.701879][ T5102] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.727734][ T7158] No control pipe specified [ 210.754722][ T7159] fuse: Unknown parameter '' [ 210.768424][ T29] audit: type=1326 audit(1720051204.269:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7151 comm="syz.0.335" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9235175bd9 code=0x0 [ 210.929883][ T7164] loop3: detected capacity change from 0 to 128 [ 210.979444][ T7164] VFS: unable to find oldfs superblock on device loop3 [ 211.098010][ T7167] netlink: 'syz.3.336': attribute type 10 has an invalid length. [ 211.125374][ T7161] loop1: detected capacity change from 0 to 64 [ 211.126851][ T7161] hfs: unable to parse mount options [ 211.180061][ T7167] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 211.250250][ T7161] loop1: detected capacity change from 0 to 512 [ 211.264304][ T7161] EXT4-fs: Ignoring removed i_version option [ 211.271111][ T7161] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 211.284958][ T7161] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal [ 212.820851][ T7183] loop4: detected capacity change from 0 to 1024 [ 213.990346][ T7207] loop2: detected capacity change from 0 to 2048 [ 214.102656][ T7214] loop3: detected capacity change from 0 to 256 [ 214.179458][ T7207] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.505651][ T5145] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 215.724093][ T5145] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 215.758114][ T5145] usb 3-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.40 [ 215.781242][ T5145] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.817721][ T5145] usb 3-1: Product: syz [ 215.828409][ T7232] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 215.841159][ T5145] usb 3-1: Manufacturer: syz [ 215.853844][ T5145] usb 3-1: SerialNumber: syz [ 215.930571][ T7232] evm: overlay not supported [ 215.946481][ T5145] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 216.016944][ T1051] hfsplus: b-tree write err: -5, ino 4 [ 216.143190][ T7237] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.349'. [ 216.194390][ T7237] net_ratelimit: 93 callbacks suppressed [ 216.194410][ T7237] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 216.735377][ T7244] fuse: Unknown parameter '' [ 216.761666][ T29] audit: type=1326 audit(1720051210.269:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7241 comm="syz.4.350" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x0 [ 216.783246][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.015867][ T5149] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 217.617948][ T5148] usb 3-1: USB disconnect, device number 9 [ 217.684790][ T6545] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.729575][ T5149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.741192][ T5149] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 217.756967][ T5149] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 217.785564][ T5149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.804882][ T5149] usb 4-1: config 0 descriptor?? [ 217.868013][ T7256] loop1: detected capacity change from 0 to 512 [ 217.992369][ T7256] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.010829][ T7256] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.820160][ T29] audit: type=1804 audit(1720051212.319:15): pid=7273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.354" name="/newroot/29/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 218.845267][ T5149] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 218.946337][ T5149] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 219.000340][ T6339] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.270220][ T7291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.361'. [ 219.854125][ T7309] loop2: detected capacity change from 0 to 1024 [ 219.902457][ T7280] loop4: detected capacity change from 0 to 32768 [ 219.938455][ T7280] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 220.076761][ T7280] XFS (loop4): Ending clean mount [ 220.099480][ T7280] XFS (loop4): Quotacheck needed: Please wait. [ 220.214259][ T7280] XFS (loop4): Quotacheck: Done. [ 220.407938][ T7327] ALSA: seq fatal error: cannot create timer (-22) [ 220.464505][ T7325] sch_fq: defrate 0 ignored. [ 221.515998][ T46] usb 4-1: USB disconnect, device number 8 [ 221.689757][ T6348] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 222.535856][ T7344] fuse: Unknown parameter '' [ 222.662655][ T29] audit: type=1326 audit(1720051216.169:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7340 comm="syz.3.367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb75bd9 code=0x0 [ 222.927016][ T5965] hfsplus: b-tree write err: -5, ino 4 [ 222.939442][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 223.070213][ T7358] loop3: detected capacity change from 0 to 512 [ 223.211356][ T7364] FAULT_INJECTION: forcing a failure. [ 223.211356][ T7364] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 223.230729][ T7364] CPU: 1 UID: 0 PID: 7364 Comm: syz.0.372 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 223.240830][ T7364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 223.250900][ T7364] Call Trace: [ 223.254185][ T7364] [ 223.257122][ T7364] dump_stack_lvl+0x241/0x360 [ 223.261826][ T7364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.264007][ T5147] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 223.267035][ T7364] ? __pfx__printk+0x10/0x10 [ 223.267075][ T7364] should_fail_ex+0x3b0/0x4e0 [ 223.283890][ T7364] prepare_alloc_pages+0x1da/0x5d0 [ 223.289030][ T7364] __alloc_pages_noprof+0x166/0x6c0 [ 223.289547][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 223.294235][ T7364] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 223.306342][ T7358] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.309982][ T7364] alloc_pages_mpol_noprof+0x3e8/0x680 [ 223.327422][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice= 0.00 [ 223.327784][ T7364] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 223.340843][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.342724][ T7364] ? dccp_poll+0x447/0x940 [ 223.350874][ T7358] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 223.355074][ T7364] ? alloc_pages_noprof+0xef/0x170 [ 223.370568][ T7364] get_free_pages_noprof+0xc/0x30 [ 223.371931][ T9] usb 2-1: config 0 descriptor?? [ 223.375593][ T7364] __pollwait+0x134/0x430 [ 223.375620][ T7364] ? __pfx___pollwait+0x10/0x10 [ 223.375640][ T7364] datagram_poll+0x82/0x410 [ 223.375666][ T7364] sock_poll+0x350/0x410 [ 223.375692][ T7364] ? __pfx_sock_poll+0x10/0x10 [ 223.375717][ T7364] do_select+0xec6/0x1900 [ 223.375754][ T7364] ? do_select+0x127/0x1900 [ 223.375790][ T7364] ? __pfx_do_select+0x10/0x10 [ 223.375810][ T7364] ? __pfx___pollwait+0x10/0x10 [ 223.375841][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.375865][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.375891][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.375915][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.375940][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.375965][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.375989][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.376014][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.376037][ T7364] ? __pfx_pollwake+0x10/0x10 [ 223.376059][ T7364] ? __pfx_lock_release+0x10/0x10 [ 223.376093][ T7364] ? __might_fault+0xc6/0x120 [ 223.376124][ T7364] core_sys_select+0x6f4/0x910 [ 223.376154][ T7364] ? __pfx_core_sys_select+0x10/0x10 [ 223.376178][ T7364] ? ksys_write+0x23e/0x2c0 [ 223.376223][ T7364] ? __pfx_set_user_sigmask+0x10/0x10 [ 223.390709][ T9] gspca_main: spca500-2.14.0 probing 046d:0900 [ 223.394775][ T7364] ? __fget_files+0x3f6/0x470 [ 223.394808][ T7364] __se_sys_pselect6+0x319/0x3f0 [ 223.454531][ T29] audit: type=1804 audit(1720051216.949:17): pid=7358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.371" name="/newroot/79/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 223.454813][ T7364] ? __pfx___se_sys_pselect6+0x10/0x10 [ 223.485865][ T5147] usb 5-1: Using ep0 maxpacket: 8 [ 223.488266][ T7364] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 223.500508][ T5147] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 223.504423][ T7364] ? do_syscall_64+0x100/0x230 [ 223.504450][ T7364] ? __x64_sys_pselect6+0x21/0xf0 [ 223.504476][ T7364] do_syscall_64+0xf3/0x230 [ 223.509475][ T5147] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.530523][ T7364] ? clear_bhb_loop+0x35/0x90 [ 223.530551][ T7364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.530572][ T7364] RIP: 0033:0x7f9235175bd9 [ 223.530591][ T7364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.530607][ T7364] RSP: 002b:00007f9235ef5048 EFLAGS: 00000246 [ 223.546532][ T5147] usb 5-1: config 0 descriptor?? [ 223.547337][ T7364] ORIG_RAX: 000000000000010e [ 223.547350][ T7364] RAX: ffffffffffffffda RBX: 00007f9235303f60 RCX: 00007f9235175bd9 [ 223.547367][ T7364] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040 [ 223.593310][ T9] gspca_spca500: reg write: error -71 [ 223.593483][ T7364] RBP: 00007f9235ef50a0 R08: 0000000000000000 R09: 0000000000000000 [ 223.593502][ T7364] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001 [ 223.634066][ T9] gspca_spca500: reg write: error -71 [ 223.636688][ T7364] R13: 000000000000000b R14: 00007f9235303f60 R15: 00007fff4cf4ad28 [ 223.636723][ T7364] [ 223.710591][ T9] gspca_spca500: reg write: error -71 [ 223.741685][ T9] gspca_spca500: reg write: error -71 [ 223.783501][ T9] gspca_spca500: reg write: error -71 [ 224.037928][ T5102] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.185696][ T9] gspca_spca500: reg write: error -71 [ 224.209268][ T9] gspca_spca500: reg write: error -71 [ 224.234775][ T5147] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 224.281430][ T9] gspca_spca500: reg write: error -71 [ 224.321169][ T5147] asix 5-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 224.357993][ T9] gspca_spca500: reg write: error -71 [ 224.404185][ T9] gspca_spca500: reg write: error -71 [ 224.419737][ T5147] asix 5-1:0.0: probe with driver asix failed with error -71 [ 224.440164][ T9] gspca_spca500: reg write: error -71 [ 224.462798][ T9] gspca_spca500: reg write: error -71 [ 224.480997][ T5147] usb 5-1: USB disconnect, device number 15 [ 224.492888][ T9] gspca_spca500: reg write: error -71 [ 224.504788][ T9] gspca_spca500: reg write: error -71 [ 225.087610][ T9] usb 2-1: USB disconnect, device number 6 [ 225.367017][ T46] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 225.555611][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 225.582537][ T46] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 225.614064][ T54] Bluetooth: hci3: unexpected subevent 0x01 length: 25 > 18 [ 225.621494][ T54] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 225.645573][ T46] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 225.659291][ T46] usb 3-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 225.675556][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.699455][ T46] usb 3-1: config 0 descriptor?? [ 225.739596][ T7402] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 225.939698][ T7384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.983158][ T7384] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.018905][ T9] usb 3-1: USB disconnect, device number 10 [ 226.265599][ T7404] loop3: detected capacity change from 0 to 1024 [ 226.547055][ T7399] loop4: detected capacity change from 0 to 40427 [ 226.621162][ T7407] loop1: detected capacity change from 0 to 256 [ 226.641577][ T7399] F2FS-fs (loop4): invalid crc value [ 226.681859][ T7407] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 226.712313][ T7408] ALSA: seq fatal error: cannot create timer (-22) [ 226.733580][ T7399] F2FS-fs (loop4): Found nat_bits in checkpoint [ 226.737547][ T7408] sch_fq: defrate 0 ignored. [ 226.899630][ T7415] pimreg: entered allmulticast mode [ 226.923982][ T7399] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 226.933654][ T7414] pimreg: left allmulticast mode [ 227.485961][ T5147] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 227.580843][ T5965] hfsplus: b-tree write err: -5, ino 4 [ 227.660491][ T54] block nbd4: Receive control failed (result -32) [ 227.683817][ T5114] block nbd4: shutting down sockets [ 227.699053][ T5147] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.732456][ T5147] usb 1-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice= 0.00 [ 227.736531][ T7434] loop2: detected capacity change from 0 to 4096 [ 227.771482][ T5147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.823970][ T5147] usb 1-1: config 0 descriptor?? [ 227.841990][ T5147] gspca_main: spca500-2.14.0 probing 046d:0900 [ 227.916078][ T7069] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 228.068726][ T5147] gspca_spca500: reg write: error -71 [ 228.090327][ T5147] gspca_spca500: reg write: error -71 [ 228.102250][ T5147] gspca_spca500: reg write: error -71 [ 228.115870][ T5147] gspca_spca500: reg write: error -71 [ 228.123709][ T5147] gspca_spca500: reg write: error -71 [ 228.997424][ T7069] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 229.014193][ T7069] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.022699][ T5147] gspca_spca500: reg write: error -71 [ 229.043718][ T7069] usb 4-1: config 0 descriptor?? [ 229.048716][ T5147] gspca_spca500: reg write: error -71 [ 229.049022][ T5147] gspca_spca500: reg write: error -71 [ 229.088380][ T5147] gspca_spca500: reg write: error -71 [ 229.095777][ T7069] cp210x 4-1:0.0: cp210x converter detected [ 229.112737][ T5147] gspca_spca500: reg write: error -71 [ 229.132050][ T5147] gspca_spca500: reg write: error -71 [ 229.156822][ T5147] gspca_spca500: reg write: error -71 [ 229.163392][ T7448] loop4: detected capacity change from 0 to 256 [ 229.170701][ T5147] gspca_spca500: reg write: error -71 [ 229.181963][ T5147] gspca_spca500: reg write: error -71 [ 229.192029][ T7448] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 229.201123][ T5147] usb 1-1: USB disconnect, device number 6 [ 229.505992][ T7069] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 229.746038][ T7069] usb 4-1: cp210x converter now attached to ttyUSB0 [ 230.011852][ T5147] usb 4-1: USB disconnect, device number 9 [ 230.062319][ T5147] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 230.120377][ T5147] cp210x 4-1:0.0: device disconnected [ 230.352427][ T7453] loop1: detected capacity change from 0 to 32768 [ 230.359479][ T7449] loop2: detected capacity change from 0 to 32768 [ 230.394355][ T7449] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 230.432644][ T7453] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 230.498455][ T7455] loop4: detected capacity change from 0 to 40427 [ 230.544640][ T7449] XFS (loop2): Ending clean mount [ 230.554733][ T7455] F2FS-fs (loop4): invalid crc value [ 230.564475][ T7449] XFS (loop2): Quotacheck needed: Please wait. [ 230.588988][ T7453] XFS (loop1): Ending clean mount [ 230.591639][ T7455] F2FS-fs (loop4): Found nat_bits in checkpoint [ 230.695345][ T7449] XFS (loop2): Quotacheck: Done. [ 230.764114][ T7455] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 230.801212][ T6339] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 231.852482][ T6545] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 232.176186][ T7503] netlink: 3 bytes leftover after parsing attributes in process `syz.4.405'. [ 232.210868][ T7503] netlink: 3 bytes leftover after parsing attributes in process `syz.4.405'. [ 232.348839][ T7508] loop4: detected capacity change from 0 to 128 [ 232.962076][ T7500] loop1: detected capacity change from 0 to 32768 [ 233.037311][ T7500] non-latin1 character 0x3ff found in JFS file name [ 233.065746][ T7500] mount with iocharset=utf8 to access [ 233.260445][ T7514] netlink: 48 bytes leftover after parsing attributes in process `syz.4.410'. [ 233.451905][ T7534] loop2: detected capacity change from 0 to 64 [ 233.464544][ T7534] Trying to free block not in datazone [ 234.439905][ T6545] Trying to free block not in datazone [ 234.445423][ T6545] minix_free_inode: bit 3 already cleared [ 234.487452][ T6545] minix_free_inode: bit 4 already cleared [ 234.526418][ T6545] minix_free_inode: bit 2 already cleared [ 234.561109][ T6545] Trying to free block not in datazone [ 234.573189][ T6545] minix_free_inode: bit 5 already cleared [ 234.600600][ T6545] Trying to free block not in datazone [ 234.629827][ T6545] Trying to free block not in datazone [ 234.635436][ T6545] Trying to free block not in datazone [ 234.657382][ T6545] minix_free_inode: bit 6 already cleared [ 234.672609][ T6545] Trying to free block not in datazone [ 234.685595][ T6545] minix_free_inode: bit 7 already cleared [ 235.087592][ T7560] netlink: 224 bytes leftover after parsing attributes in process `syz.4.423'. [ 235.256920][ T5145] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 235.275385][ T7564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.425'. [ 235.438951][ T7536] loop3: detected capacity change from 0 to 32768 [ 235.475601][ T5145] usb 1-1: Using ep0 maxpacket: 8 [ 235.492766][ T5145] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 235.505693][ T7536] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 235.517796][ T7535] loop1: detected capacity change from 0 to 40427 [ 235.524552][ T5145] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 235.543571][ T5145] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 235.548682][ T7535] F2FS-fs (loop1): invalid crc value [ 235.555107][ T5145] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 235.571357][ T5145] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.585178][ T5145] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 235.594293][ T5145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.639052][ T7536] XFS (loop3): Ending clean mount [ 235.673999][ T7535] F2FS-fs (loop1): Found nat_bits in checkpoint [ 235.713259][ T7588] process 'syz.4.430' launched './file0' with NULL argv: empty string added [ 235.798424][ T5102] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 235.838914][ T5145] usb 1-1: usb_control_msg returned -71 [ 235.841470][ T7535] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 235.850172][ T5145] usbtmc 1-1:16.0: can't read capabilities [ 235.963553][ T5145] usb 1-1: USB disconnect, device number 7 [ 236.506610][ T7611] futex_wake_op: syz.3.437 tries to shift op by -1; fix this program [ 236.666521][ T7624] netlink: 'syz.1.444': attribute type 10 has an invalid length. [ 236.755075][ T7624] team0: Failed to send options change via netlink (err -105) [ 236.767040][ T7624] team0: Port device netdevsim0 added [ 236.796572][ T5145] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 236.814154][ T7628] netlink: 'syz.1.444': attribute type 10 has an invalid length. [ 236.871353][ T7628] team0: Failed to send options change via netlink (err -105) [ 236.879227][ T7628] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 236.889941][ T7628] team0: Port device netdevsim0 removed [ 236.907401][ T7628] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 237.185356][ T7653] netlink: 76 bytes leftover after parsing attributes in process `syz.0.455'. [ 237.836570][ T5145] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 238.045626][ T5145] usb 3-1: Using ep0 maxpacket: 32 [ 238.057698][ T5145] usb 3-1: config index 0 descriptor too short (expected 26, got 18) [ 238.075623][ T5145] usb 3-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 238.107890][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.157125][ T5145] usb 3-1: config 0 descriptor?? [ 238.187065][ T5145] as10x_usb: device has been detected [ 238.203774][ T5145] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 238.356822][ T5145] usb 3-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 238.448929][ T5145] as10x_usb: error during firmware upload part1 [ 238.493260][ T5145] Registered device nBox DVB-T Dongle [ 238.495301][ T5145] usb 3-1: USB disconnect, device number 11 [ 238.545077][ T29] audit: type=1326 audit(1720051232.049:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 238.619214][ T5145] Unregistered device nBox DVB-T Dongle [ 238.622031][ T29] audit: type=1326 audit(1720051232.079:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 238.654241][ T5145] as10x_usb: device has been disconnected [ 238.666800][ T29] audit: type=1326 audit(1720051232.079:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 238.763099][ T29] audit: type=1326 audit(1720051232.079:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 238.804199][ T29] audit: type=1326 audit(1720051232.079:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 238.836593][ T29] audit: type=1326 audit(1720051232.079:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 238.866583][ T29] audit: type=1326 audit(1720051232.079:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 238.962072][ T29] audit: type=1326 audit(1720051232.079:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 239.034925][ T29] audit: type=1326 audit(1720051232.089:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 239.110919][ T29] audit: type=1326 audit(1720051232.089:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fc509f75bd9 code=0x7ffc0000 [ 239.227067][ T5100] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 239.518892][ T5100] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 239.655362][ T5100] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 239.794453][ T5100] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 239.803753][ T5100] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.812259][ T5100] usb 2-1: Product: syz [ 239.818389][ T7716] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 239.830735][ T5100] usb 2-1: Manufacturer: syz [ 239.835361][ T5100] usb 2-1: SerialNumber: syz [ 239.850441][ T5100] usb 2-1: config 0 descriptor?? [ 239.874320][ T7718] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.484'. [ 240.041930][ T54] Bluetooth: hci2: unexpected subevent 0x01 length: 25 > 18 [ 240.121011][ T7720] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 240.134190][ T7724] loop2: detected capacity change from 0 to 512 [ 240.152137][ T7724] EXT4-fs: Ignoring removed mblk_io_submit option [ 240.166290][ T7724] ext4: Unknown parameter 'noacl' [ 240.318233][ T5100] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 240.338930][ T5100] usb 2-1: USB disconnect, device number 7 [ 240.454906][ T25] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 240.617011][ T5222] udevd[5222]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 240.706910][ T7747] xt_CT: You must specify a L4 protocol and not use inversions on it [ 241.276960][ T25] usb 4-1: config 254 has an invalid interface number: 227 but max is 0 [ 241.285345][ T25] usb 4-1: config 254 has no interface number 0 [ 241.310258][ T25] usb 4-1: config 254 interface 227 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 241.347289][ T25] usb 4-1: New USB device found, idVendor=0403, idProduct=d9a8, bcdDevice=82.1c [ 241.371484][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.385542][ T25] usb 4-1: Product: syz [ 241.389728][ T25] usb 4-1: Manufacturer: syz [ 241.394334][ T25] usb 4-1: SerialNumber: syz [ 241.437338][ T25] ftdi_sio 4-1:254.227: FTDI USB Serial Device converter detected [ 241.456418][ T25] ftdi_sio ttyUSB0: unknown device type: 0x821c [ 241.650700][ T7727] loop3: detected capacity change from 0 to 256 [ 241.696318][ T7727] exfat: Deprecated parameter 'namecase' [ 241.730129][ T7727] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00000005) bogus content (0x00000fff) [ 241.773424][ T7727] exFAT-fs (loop3): failed to load upcase table [ 241.795803][ T7727] exFAT-fs (loop3): failed to recognize exfat type [ 241.842326][ T5971] tipc: Subscription rejected, illegal request [ 241.845790][ T7069] usb 4-1: USB disconnect, device number 10 [ 241.869907][ T7069] ftdi_sio 4-1:254.227: device disconnected [ 241.975780][ T25] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 242.075626][ T54] Bluetooth: hci2: command tx timeout [ 242.165568][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 242.178528][ T25] usb 5-1: New USB device found, idVendor=0403, idProduct=f0c8, bcdDevice= 2.56 [ 242.187889][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.201934][ T7749] overlayfs: failed to resolve './file0': -2 [ 242.209689][ T25] usb 5-1: config 0 descriptor?? [ 242.225931][ T25] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 242.234815][ T25] ftdi_sio ttyUSB0: unknown device type: 0x256 [ 242.366260][ T7772] overlayfs: failed to resolve './file0': -2 [ 242.452779][ T5100] usb 5-1: USB disconnect, device number 16 [ 242.469916][ T5100] ftdi_sio 5-1:0.0: device disconnected [ 242.533860][ T7775] 9pnet: Could not find request transport: fd0x00000000000000030xffffffffffffffff [ 242.697532][ T7780] netlink: 12 bytes leftover after parsing attributes in process `syz.0.508'. [ 243.222220][ T7796] overlayfs: failed to resolve './file0': -2 [ 243.231971][ T7799] loop4: detected capacity change from 0 to 128 [ 243.232636][ T54] Bluetooth: hci2: unexpected event 0x01 length: 4 > 1 [ 243.545866][ T25] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 243.798517][ T7810] loop2: detected capacity change from 0 to 1024 [ 243.829956][ T7810] EXT4-fs: Ignoring removed nomblk_io_submit option [ 243.874768][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 243.898789][ T7810] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 243.927851][ T25] usb 4-1: New USB device found, idVendor=337d, idProduct=503c, bcdDevice=22.8c [ 243.955699][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.985950][ T25] usb 4-1: Product: syz [ 243.990149][ T25] usb 4-1: Manufacturer: syz [ 243.994762][ T25] usb 4-1: SerialNumber: syz [ 244.019379][ T25] usb 4-1: config 0 descriptor?? [ 244.035840][ T7810] loop2: detected capacity change from 1024 to 64 [ 244.120059][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.140772][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.174565][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.209129][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.254082][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.303663][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.359741][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.375147][ T7802] loop4: detected capacity change from 0 to 40427 [ 244.375998][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.416124][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.440211][ T6545] EXT4-fs warning (device loop2): ext4_empty_dir:3044: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 244.522324][ T7802] F2FS-fs (loop4): Found nat_bits in checkpoint [ 244.636718][ T7802] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 244.752627][ T7826] f2fs_ckpt-7:4: attempt to access beyond end of device [ 244.752627][ T7826] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 244.772747][ T5100] usb 4-1: USB disconnect, device number 11 [ 244.793662][ T7826] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 244.821476][ T7826] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 244.857716][ T7835] overlayfs: failed to resolve './file0': -2 [ 244.977788][ T6545] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.048669][ T7811] kmmpd-loop2: attempt to access beyond end of device [ 245.048669][ T7811] loop2: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 245.084887][ T5971] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.092690][ T7811] Buffer I/O error on dev loop2, logical block 64, lost sync page write [ 245.114343][ T5110] Bluetooth: hci3: unexpected event for opcode 0x201c [ 245.294632][ T5971] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.468924][ T5971] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.514170][ T7848] netlink: 144 bytes leftover after parsing attributes in process `syz.3.537'. [ 245.677841][ T5971] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.288223][ T7859] hub 9-0:1.0: USB hub found [ 246.300777][ T7859] hub 9-0:1.0: 8 ports detected [ 246.420247][ T5110] Bluetooth: hci2: link tx timeout [ 246.426969][ T5110] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 246.441280][ T5110] Bluetooth: hci2: link tx timeout [ 246.455617][ T5110] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 246.471381][ T5110] Bluetooth: hci2: link tx timeout [ 246.476901][ T5110] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 246.712832][ T7866] overlayfs: failed to resolve './file0': -2 [ 246.877253][ T5971] bridge_slave_1: left allmulticast mode [ 246.898024][ T7870] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 246.921434][ T5971] bridge_slave_1: left promiscuous mode [ 246.949215][ T5971] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.011895][ T5110] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 247.026979][ T5971] bridge_slave_0: left allmulticast mode [ 247.037156][ T5110] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 247.048646][ T5110] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 247.059889][ T5110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 247.068554][ T5110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 247.076071][ T5971] bridge_slave_0: left promiscuous mode [ 247.083151][ T5110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 247.086789][ T5985] ================================================================== [ 247.091405][ T5971] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.098136][ T5985] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330 [ 247.098162][ T5985] Read of size 8 at addr ffff88802d2ff8b8 by task kworker/u8:21/5985 [ 247.098177][ T5985] [ 247.098184][ T5985] CPU: 1 UID: 0 PID: 5985 Comm: kworker/u8:21 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 247.133948][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 247.143989][ T5985] Workqueue: l2tp l2tp_tunnel_del_work [ 247.149451][ T5985] Call Trace: [ 247.152711][ T5985] [ 247.155625][ T5985] dump_stack_lvl+0x241/0x360 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 247.160288][ T5985] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.165481][ T5985] ? __pfx__printk+0x10/0x10 [ 247.170087][ T5985] ? _printk+0xd5/0x120 [ 247.174225][ T5985] ? __virt_addr_valid+0x183/0x530 [ 247.179320][ T5985] ? __virt_addr_valid+0x183/0x530 [ 247.184419][ T5985] print_report+0x169/0x550 [ 247.188907][ T5985] ? __virt_addr_valid+0x183/0x530 [ 247.194013][ T5985] ? __virt_addr_valid+0x183/0x530 [ 247.199105][ T5985] ? __virt_addr_valid+0x45f/0x530 [ 247.204194][ T5985] ? __phys_addr+0xba/0x170 [ 247.208678][ T5985] ? l2tp_tunnel_del_work+0xe5/0x330 [ 247.213939][ T5985] kasan_report+0x143/0x180 [ 247.218423][ T5985] ? l2tp_tunnel_del_work+0xe5/0x330 [ 247.223689][ T5985] l2tp_tunnel_del_work+0xe5/0x330 [ 247.228779][ T5985] ? process_scheduled_works+0x945/0x1830 [ 247.234485][ T5985] process_scheduled_works+0xa2c/0x1830 [ 247.240038][ T5985] ? __pfx_process_scheduled_works+0x10/0x10 [ 247.246036][ T5985] ? assign_work+0x364/0x3d0 [ 247.250633][ T5985] worker_thread+0x86d/0xd40 [ 247.255213][ T5985] ? __kthread_parkme+0x169/0x1d0 [ 247.260219][ T5985] ? __pfx_worker_thread+0x10/0x10 [ 247.265311][ T5985] kthread+0x2f0/0x390 [ 247.269364][ T5985] ? __pfx_worker_thread+0x10/0x10 [ 247.274455][ T5985] ? __pfx_kthread+0x10/0x10 [ 247.279023][ T5985] ret_from_fork+0x4b/0x80 [ 247.283419][ T5985] ? __pfx_kthread+0x10/0x10 [ 247.287992][ T5985] ret_from_fork_asm+0x1a/0x30 [ 247.292739][ T5985] [ 247.295739][ T5985] [ 247.298037][ T5985] Allocated by task 7877: [ 247.302333][ T5985] kasan_save_track+0x3f/0x80 [ 247.306991][ T5985] __kasan_kmalloc+0x98/0xb0 [ 247.311557][ T5985] __kmalloc_noprof+0x1fc/0x400 [ 247.316386][ T5985] l2tp_session_create+0x3b/0xc20 [ 247.321406][ T5985] pppol2tp_connect+0xca3/0x17a0 [ 247.326323][ T5985] __sys_connect+0x2df/0x310 [ 247.330893][ T5985] __x64_sys_connect+0x7a/0x90 [ 247.335641][ T5985] do_syscall_64+0xf3/0x230 [ 247.340139][ T5985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.346014][ T5985] [ 247.348317][ T5985] Freed by task 16: [ 247.352093][ T5985] kasan_save_track+0x3f/0x80 [ 247.356747][ T5985] kasan_save_free_info+0x40/0x50 [ 247.361750][ T5985] poison_slab_object+0xe0/0x150 [ 247.366664][ T5985] __kasan_slab_free+0x37/0x60 [ 247.371403][ T5985] kfree+0x149/0x360 [ 247.375274][ T5985] __sk_destruct+0x58/0x5f0 [ 247.379756][ T5985] rcu_core+0xaaa/0x17a0 [ 247.383974][ T5985] handle_softirqs+0x2c4/0x970 [ 247.388728][ T5985] run_ksoftirqd+0xca/0x130 [ 247.393328][ T5985] smpboot_thread_fn+0x544/0xa30 [ 247.398281][ T5985] kthread+0x2f0/0x390 [ 247.402365][ T5985] ret_from_fork+0x4b/0x80 [ 247.406791][ T5985] ret_from_fork_asm+0x1a/0x30 [ 247.411570][ T5985] [ 247.413891][ T5985] Last potentially related work creation: [ 247.419607][ T5985] kasan_save_stack+0x3f/0x60 [ 247.424290][ T5985] __kasan_record_aux_stack+0xac/0xc0 [ 247.429682][ T5985] call_rcu+0x167/0xa70 [ 247.433849][ T5985] pppol2tp_release+0x24b/0x350 [ 247.438710][ T5985] sock_close+0xbc/0x240 [ 247.442957][ T5985] __fput+0x24a/0x8a0 [ 247.446924][ T5985] task_work_run+0x24f/0x310 [ 247.451487][ T5985] syscall_exit_to_user_mode+0x168/0x370 [ 247.457098][ T5985] do_syscall_64+0x100/0x230 [ 247.461664][ T5985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.467536][ T5985] [ 247.469836][ T5985] The buggy address belongs to the object at ffff88802d2ff800 [ 247.469836][ T5985] which belongs to the cache kmalloc-1k of size 1024 [ 247.483867][ T5985] The buggy address is located 184 bytes inside of [ 247.483867][ T5985] freed 1024-byte region [ffff88802d2ff800, ffff88802d2ffc00) [ 247.497728][ T5985] [ 247.500032][ T5985] The buggy address belongs to the physical page: [ 247.506425][ T5985] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2d2f8 [ 247.515161][ T5985] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 247.523655][ T5985] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 247.531197][ T5985] page_type: 0xfdffffff(slab) [ 247.535856][ T5985] raw: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122 [ 247.544423][ T5985] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 247.552984][ T5985] head: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122 [ 247.561630][ T5985] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 247.570278][ T5985] head: 00fff00000000003 ffffea0000b4be01 ffffffffffffffff 0000000000000000 [ 247.578923][ T5985] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 247.587567][ T5985] page dumped because: kasan: bad access detected [ 247.593973][ T5985] page_owner tracks the page as allocated [ 247.599679][ T5985] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u8:1), ts 61515362916, free_ts 61477555600 [ 247.620064][ T5985] post_alloc_hook+0x1f3/0x230 [ 247.624817][ T5985] get_page_from_freelist+0x2ccb/0x2d80 [ 247.630357][ T5985] __alloc_pages_noprof+0x256/0x6c0 [ 247.635542][ T5985] alloc_slab_page+0x5f/0x120 [ 247.640212][ T5985] allocate_slab+0x5a/0x2f0 [ 247.644701][ T5985] ___slab_alloc+0xcd1/0x14b0 [ 247.649361][ T5985] __slab_alloc+0x58/0xa0 [ 247.653666][ T5985] __kmalloc_node_track_caller_noprof+0x281/0x440 [ 247.660062][ T5985] kmalloc_reserve+0x111/0x2a0 [ 247.664811][ T5985] __alloc_skb+0x1f3/0x440 [ 247.669224][ T5985] inet6_rt_notify+0xdf/0x290 [ 247.673882][ T5985] fib6_add+0x1e33/0x4430 [ 247.678189][ T5985] ip6_ins_rt+0x106/0x170 [ 247.682496][ T5985] __ipv6_ifa_notify+0x5d2/0x1230 [ 247.687505][ T5985] addrconf_dad_completed+0x181/0xcd0 [ 247.692858][ T5985] addrconf_dad_work+0xdc2/0x16f0 [ 247.697862][ T5985] page last free pid 5169 tgid 5169 stack trace: [ 247.704162][ T5985] free_unref_page+0xd22/0xea0 [ 247.708908][ T5985] __put_partials+0xeb/0x130 [ 247.713475][ T5985] put_cpu_partial+0x17c/0x250 [ 247.718218][ T5985] __slab_free+0x2ea/0x3d0 [ 247.722612][ T5985] qlist_free_all+0x9e/0x140 [ 247.727185][ T5985] kasan_quarantine_reduce+0x14f/0x170 [ 247.732624][ T5985] __kasan_slab_alloc+0x23/0x80 [ 247.737454][ T5985] kmem_cache_alloc_noprof+0x135/0x2a0 [ 247.742908][ T5985] __pmd_alloc+0x110/0x630 [ 247.747313][ T5985] handle_mm_fault+0xe66/0x1990 [ 247.752151][ T5985] __get_user_pages+0x6ec/0x16a0 [ 247.757069][ T5985] get_user_pages_remote+0x31e/0xb60 [ 247.762339][ T5985] get_arg_page+0x266/0x580 [ 247.766824][ T5985] copy_string_kernel+0x148/0x1f0 [ 247.771830][ T5985] kernel_execve+0x597/0xa10 [ 247.776399][ T5985] call_usermodehelper_exec_async+0x237/0x380 [ 247.782454][ T5985] [ 247.784755][ T5985] Memory state around the buggy address: [ 247.790364][ T5985] ffff88802d2ff780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 247.798406][ T5985] ffff88802d2ff800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.806442][ T5985] >ffff88802d2ff880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.814475][ T5985] ^ [ 247.820341][ T5985] ffff88802d2ff900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.828379][ T5985] ffff88802d2ff980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.836425][ T5985] ================================================================== [ 247.844571][ T5985] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 247.851766][ T5985] CPU: 1 UID: 0 PID: 5985 Comm: kworker/u8:21 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 247.862178][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 247.872215][ T5985] Workqueue: l2tp l2tp_tunnel_del_work [ 247.877669][ T5985] Call Trace: [ 247.880929][ T5985] [ 247.883841][ T5985] dump_stack_lvl+0x241/0x360 [ 247.888505][ T5985] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.893685][ T5985] ? __pfx__printk+0x10/0x10 [ 247.898257][ T5985] ? vscnprintf+0x5d/0x90 [ 247.902586][ T5985] panic+0x349/0x870 [ 247.906463][ T5985] ? check_panic_on_warn+0x21/0xb0 [ 247.911558][ T5985] ? __pfx_panic+0x10/0x10 [ 247.915957][ T5985] ? mark_lock+0x9a/0x360 [ 247.920270][ T5985] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 247.926147][ T5985] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 247.932034][ T5985] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 247.938355][ T5985] ? print_report+0x502/0x550 [ 247.943018][ T5985] check_panic_on_warn+0x86/0xb0 [ 247.947953][ T5985] ? l2tp_tunnel_del_work+0xe5/0x330 [ 247.953224][ T5985] end_report+0x77/0x160 [ 247.957449][ T5985] kasan_report+0x154/0x180 [ 247.961931][ T5985] ? l2tp_tunnel_del_work+0xe5/0x330 [ 247.967194][ T5985] l2tp_tunnel_del_work+0xe5/0x330 [ 247.972285][ T5985] ? process_scheduled_works+0x945/0x1830 [ 247.977988][ T5985] process_scheduled_works+0xa2c/0x1830 [ 247.983521][ T5985] ? __pfx_process_scheduled_works+0x10/0x10 [ 247.989488][ T5985] ? assign_work+0x364/0x3d0 [ 247.994062][ T5985] worker_thread+0x86d/0xd40 [ 247.998653][ T5985] ? __kthread_parkme+0x169/0x1d0 [ 248.003659][ T5985] ? __pfx_worker_thread+0x10/0x10 [ 248.008751][ T5985] kthread+0x2f0/0x390 [ 248.012816][ T5985] ? __pfx_worker_thread+0x10/0x10 [ 248.017920][ T5985] ? __pfx_kthread+0x10/0x10 [ 248.022493][ T5985] ret_from_fork+0x4b/0x80 [ 248.026892][ T5985] ? __pfx_kthread+0x10/0x10 [ 248.031463][ T5985] ret_from_fork_asm+0x1a/0x30 [ 248.036214][ T5985] [ 248.039443][ T5985] Kernel Offset: disabled [ 248.043754][ T5985] Rebooting in 86400 seconds..