last executing test programs: 4.17840263s ago: executing program 2 (id=1797): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="0f35f30f09c7442400cd000000c7442402bf770000ff1c240f01f87f2fc7442400bf000000c7442402fd7f0000ff2c2466baa10066ed6540e07ef30fb8f5642e3e262e640f01c2", 0x47}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.965457573s ago: executing program 2 (id=1800): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r1) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300), r1) sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000940)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="030f000000000000000008000020150001"], 0x2c}}, 0x0) 3.793386354s ago: executing program 2 (id=1804): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0105b08, &(0x7f0000000040)) 2.422372788s ago: executing program 3 (id=1825): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r0, &(0x7f00000001c0), 0x12) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r1, &(0x7f0000000080), 0x12) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r2, 0xffffffffffffffff, 0x0) 2.285122935s ago: executing program 3 (id=1826): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000380)='contention_end\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)=0x20, 0x4) write$binfmt_misc(r1, &(0x7f0000000300), 0x6) 2.122420681s ago: executing program 3 (id=1828): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000280)={[{@datacow}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'zlib'}}]}, 0x3, 0x50d4, &(0x7f00000051c0)="$eJzs3U+IVWUfB/Dnzjg6KDjXnbp48QW3wiQKRURDaFaYc82CosVMLYIQYVAwFy3EgpIWDgha4cJgWmR/nFVFC3GVBEEQBcEgzEKQdkIxGC6Ke8957pz7HO+5dyZ1TD+fmDnnOb/zPOeZy1nc783n3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhJNz585V1bdemTm7Y2DP1Us3T+w8NTE6H0KtdbyW1yeeeuaFNw5MPD8cO0zuz7b1erchs67zWWN1x8Fmv86f10IIQ8kAg/l292Bp1OLu4fKAlfZfXNh25NbeXTPHxg9dOLp5qvyn0zS80hNYKfl9dW3xXhpr/R5Izmi3C7dereMWzfqnN9w9+SMAgCUZbbQ27bej+Vvcdvt4Wk/aY0l7OmnHdwjTxcZyZOOu7jbPLWl9heY5lkWFNd3mWU/q+evfbjeSekjbnVFjCfPsPDWPNMPd5jmV1FdqngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3k6c/+eJ6VX3rlZmzOwb2XL1088TOUxOj8yHUW8drWbn2xMLcwqa3dj/63e4vP/6zPn5yMO8Xt6sKJ4ff4s5jIyG8Xqhci8P+vj6ERmeh1QwflQtvtnaejQUAAAAeJJtavwfa7SwODnW0a600WWv9F2Vhcf/FhW1Hbu3dNXNs/NCFo5unlj9eo8t4Y7cdr92uL/7UCsE4xt90vMV6PPVwaZxq6Yhpnn959MPtVf1L+b9enf/jKyf/AwAA8G/I/+k41Xrl//nPX91X1b+U/7d0XLKU/+OMY/4fCMvL/wAAAHA/u9v5f6w0TrVe+f/r9/edrupfyv+j/eX/VcVpx4M/xgkfHAlhtNfUAQAAgC7i/3df/Ggh5vXsk4M0r7+49fpQ1Xil/D/WX/6vHBQAAAC4p34488jfVfVS/m/0l//X3NVZAwAAAEvxv/cmD1TVS/l/sr/8vzbf5isfsk7fx3+FcHokhOHmzlRWuBKmn2wXAAAAgDsk5vSXvt18tOq8Uv6fqn7+f3zSQVz/3/H8v9L6/0Ihe+rf4x4MAAAAwMOovJ4/Ph4/++aCbt+/3+/6/09//nVD1fVL+f94f/l/sLi9k9//BwAAAMvwX/v+v1dK41Tr9fz/t9/dsLT8P91f/o/bdcU/73J8fd4ZCWFjcyd/muBn8XIHk8LsUKHQ0kh6HIg98sLsmkKhZSrpsX0khP83d44nhQ2xMJ0UbqzPC+eTwk+xkN8P7cJXSeFyvNPOrM+nmxa+iYV8gcVsXEGxrr0kIunxR7cezcJte8y1Lw4AAPBQieE5z7JDnc2QRtnZWq8T1vY6YaDXCYO9TliVnJCe2O14mOwsxON//TL+XKhQyv/n+8v/8aVYnW26rf8Pcf1//r2G7fX/k7FQTwqzsdBInxjQiNfIwu4H8Rr1Rt7jxsZ2AQAAAB5o8XOBwRWeBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAPe/ceY8dVHw787PN61+vdDUHKQxYxL0N+ktdrOw7WLyCcVBEIpGQtov6DQtbYm9TxBhs/Co4s1RhUlCKEC66IQh+2RFSnEsgqbXmEEosqQVUtGoU2fziPpgWEKkGjFNclSiRX986c2bln9j78WNsbPh/Je8+933POzDn33vGcmblnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgt8PV373hy+3i7/jR1796U+8HXvjBbw6u/9I9ky+FMNV4vScL97zvzHNnrvvU7Ru+d/s3Hjk9fudDg3m5PB6W1v/05k8+F2v92bIQvt0TQn8aWDWSBQby5yOxvuUjIVwV5gJFiZnhrES64PDkUAhHwlygqOq7QyGMlAJ3PfPDJ75YTxweCuGdIYRauowXatkyhtLAysEsMJwGdvRngf89mykC3+nNAnDB4peh+NAfn2rOMD5/uRafv4GLtmKXV9q8vpgYb53vV7cu8EqVDKYvTF3Q21apjgVR+Xqc8G1bBN+2Sj8f8raVd6TyPZSzc6Fa6N06c+/mvbN74iu9YWKir1VNC/Q+n3pl/5ZzSS+az2FcgfGL8jm8//DNzw5+7I4XH3n98f2na19bfqGr2ap7F1ot5J+5RfM+RhttTxbB16+yl7TCTlcI4fSJk/vbxSvj//H24//4cY6PvU25Y62vjWZj8/jKSEy8PJqNzQEAAGDRWAxHTQdX/OtP29VXGf+v6O78fzzlnw/ms9aeCGFjI/HZsRCubbyeBR6Li/v4WAhvbaSmmgO3JoETIVzXSNxYVJWUWBJLrEgCvxjNAxuTwFMxMJUEHo2BQ0ngczFwPAlsiYETSeC2GAjbmtvx/0bzdnQdGIqB6awTj8erEH49GpeW9NVzRVUAAAAXST46HGh+WrrW4UIzxOHl8aFOGeIV2C0z1JIa0hFsMaxqWUN/pxp6O9VQtPtA++ZXau7pVHPlMoye5gz/c+qaHaGNyvh/sv34vzbPivRUzv+HyU2Nh5i7N4/MFhmmp5oyAAAAABfg9948vbldvDL+39jd9f/xmEhfKXM4GQ9DbB8LYbI5kFV7SzWQnfVemgcAAABgMSjOxxfnwrflj9kl2ul4upp/6hzzxxP/G+fNv+PH//J4u/WtjP+nurv+f7j5MVuJp+JafGUshCWlwI/iWtYDDSti4KX3Nwfy9j8VO+ALsar8woSiqi/EEtMxMJkEjrQq8XRR4trmQP5mFQv/bNGObXmJUgAAAAAuuXg4IJ6Xj9f/r/nbP3yyXbnK+H/63K7/b4yDK5f3zy4NYXV/CH3pDwNODmcTA8bASE+e+PvhrK6+tKqDwyHcUm9YWtV/5PP/96dzDP5kKKsqBq5927FXVtYTXx8KYXU58OxHj66vJ/YmgWLhvzsUwg311qYL/7sl2cIH0oU/vCSEt5QCRVVbloRQX9hgWtU/1PL7GKRVHa+FcHUpUFT1nloI+wIAi1X8v3Rr+cXd+x7cvnl2dmbXAibiQfyhcO+22ZmJLTtmt9ZarNPWZJ2b5jH6TLVN3d765vk4R9Hdx8a6SRc/FJwsLys/kF+5cjB/HneGBhrtXDvQ9HRd2uR3v726iFDalWrV5N4FbvJwuZK5N7FSf8w/GJaGJXt3z+ya+PTmPXt2rcn+dpt9bfY3nmfK+mpN2lfD861bFx+PltNlJc63r1aWK1m954Gdq3fve3DVtgc23zdz38wnNkyuW7vh5sn171ldb9Rk9rdDS1fOV3PS0rNHu2zWRWzp9f2lSi7FRkNCQmKxJQYH7jzVbvNTGf/vbD/+j1uduOHP52dodf5/PJ7mz16fO80/HQNHuj3/P97qbH5xYcCKJHAgBg44zQ8AAMAbQzwcGY9mxoPSB971wvvalauM/w909/v/izT/fzF1/YdaTfN/Yywx2Wr+/3Sa/2L+/wOt5v9Pp/kv5v8/chnm/99bBJIu+bX5/wEAgDeCSzf/f8fp/dMbBFQydJzeP71BQCVDx2n8u71BwDnP//83v1yzPrRRGf8f6m78b+J+AAAAuHJcc9sNP24Xr4z/j3Q3/r/08/+FVtf/r2gVmGo1MaD5/wAAAFikWs3/98xHdr6/XbnK+P94d+P/eNlFb1PuWOtro9mcdiGd0+7l0eInAwAAALA49IaJiYEu8zZNjHrr+S/zVJwKtE267NDnj53b7/9PdDf+b/pdxv2Hb3528GN3vPjaI68/vv907WvL587/AwAAAAun2+MSAAAAAAAAAAAAAADA5ffo1d+ad16AqPL7/7Cp8Xqr3//H+/413TTxTD4Z4IE4s/6XxkzzBwAAAAvroVtffTj+u+/Lf/Rf7fJWxv/j3Y3/4/0F8vvgZbfeOxHv//fZsRAat9YbzwKPxcV9fCyEtzZSU7FEdkO9D8USk1ngsThh4o2xxPRUc1VLYuB4EvjFaB44kQSeioH8KMWxeGPAPx4NYX0jtam5xM5YYjwJ3BkDK5LARAxMJoFlMbAxCfxyWR6YSgL/FAP5zQeLvvrWsryvAAAAzkU+zhpofhrScd7x/k4Zejpl6LiI4U4ZejtlqLXIEJ//dVyHgfJ8/HmG+NJAWutQUkslQ7wZ3vk3vZiu7+nmnGnByqL7YsHx5pwxw85/vukroY3K+H9Fd+P/y3j///Ru/htjYEUS2BkDG5PA9KY8cOSa5oD7/wMAAHBla3X//9G3/NWhduUq4//J7sb/8UDEm5tyx1o73/8/f37Xh7+5r7HKJ0dDeHs5sP3g9qvqiUdHQ3hXOfDE3Tc2Ru0H0xLff/G2n9cT96SBD65605l64r1JYDp20nVpIB5VObMsCcTu/UkaiP1xPA0M5oGHlmXt6En76j9Hsr7qSfvq1Eh2eUVP2lffHsmW0ZM28HASKBr4yTQQG3hHHuhN1+qbS7O1ioGRWPQvlhYXfQAAcGWKe4ED4d5tszOT6U94r+9vfoyabln+mWq1PV0u/vl4a/K7j411k+5L90VrRVUDoVZvwprK7mo5S0+jlRenlg5d9+YWTe50t/feFuVS59p1g61bNJS1aGLLjtmtAx0bvq5zlrX9HbOsqQx2yll6G13aRS1drEsXLeqyb7pY5fi8N0xM9CW5/n8MjocmnT4R3d6vr3yf/1afgnKeo5//91fb1VcZ/2/sbvwf27M0lD7On4u1/mxZCN/umTsaUQRWjWSB2NyRODxePhLCVaV+KErMDGclBpMFhyeHshHqYFrVd4eyYwzx+V3P/PCJL9YTh4dCeGfpvSqW8UItW8ZQGlg5mAWG08CO/iwQr/woAt/pzQJwwYqNQvxA5T91KYzPX67F5++Nck/QtHmVa6DmyTffNneh1NIX8muqCuf2tlWqY0FUvh4nfNsW47ct+LaVd6TyPZSzc6Fa6N06c+/mvbN74ivlPdmKBXqfy3up3aQvwufwwPmvbWe1dAUmk83H5Pzl5v8c9sTq7j9887ODH7vjxUdef3z/6drXlne9Gi3EgcKT//2mq8rdu9BqIf/MLbrtyZTtyWL8b2Dc2xZCOPTnQ59sF6+M/6e6G//3J48Nr8bO3D0WwrtLnXsydv/vjGXbwVIg20peXQ1kl9z/dLTllhMAAAAutuJwR3G8YFv+mP0gPB0nV/NPnWP+eLxi47z5u13v/U/+/mPt4pXx/3T78f+SZDWd/3f+nwXi/P+8rvRD0UvSFw5c0KHoSnUsCOf/53Wlf9uc/5+X8//O/8/H+f8OnP+f15X+tlX2knba6QohnL1+4OF28cr4f2d34//fsvn/09n8i/n/00n7i/n/p1vN/7+z1fz/B8z/DwAALKgWE82n47zK5PyVDOnk/JUMPUmGc7/FQMdp9M3/n87/f/DPbtkT2qiM/w90N/6PH4eR8tIXy/z/45talNi4qXl1i8ChGNjpjgEAAABcRvEAQbzovdsZJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhYd7x6ZnO7+Dt+9PWv3tT7gRd+8JuD6790z+RLIWxrvN6ThXved+a5M9d96vYN37v9G4+cHr/zoVpebiB/XN6UO9b62mgIR0qvjMTEy6P1J3OBuz78zX399cTJ0RDeXg5sP7j9qnri0dEQ3lUOPHH3jdfUEwfTEt9/8baf1xP3pIEPrnrTmXrivXmgJ13dP12WrW5PurpfXBbCWClQrO79y5qrKpbxgTzQmy7jL0eyZcTASCz68Ei2jBiYjSW2LQlhdX8IfWlV/1jLqupLq/peLauqL63qD2oh3BJC6E+r+rfBrKr+tOVPD2ZVxcC1bzv2ysp64uhgCKvLgWc/enR9PbErCRQL/8hgCDfUPzLpwr81kC18IF34nwyE8JZSoKhqeiCE+sIG06pO9GdVDaZVfaM/hKtLgaKqm/pD2Be4XOKGZGv5xd37Hty+eXZ2ZtcCJgbzZQ2Fe7fNzkxs2TG7tZasUys9pfTZz5x/259/Zf+WRuLuY2PdpIv1miyvy9NTlRfLz/vzpwONdq4daHq6brE0ebhcydybWKk/5h8MS8OSvbtndk18evOePbvWZH+7zb42+9uXR7O+WrNY+mpluZLVex7YuXr3vgdXbXtg830z9818YsPkurUbbp5c/57V9UZNZn8vRkuPXvqWXt9fquRSbDQkJCQWW6K3aes2eaVvxys7+nMrOhBqjQ10ZVhRztLTaOXFaPSt59Ha3Lk2ujIkqbRoTWXgUMmytnOWdZUxw1yWoSxLY1+wMjgs19Tb6NL4vDdMTPS16ofx5qfl7v3VBXTvqdh1XaYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4P3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRs8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//Qczu7Q==") mknod$loop(&(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, 0x0) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3) 2.062942497s ago: executing program 1 (id=1829): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x800442d2, &(0x7f0000000080)={'macsec0\x00', @dev}) 1.973477014s ago: executing program 1 (id=1830): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_clone(0x20000, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000100), 0x0) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 1.722724225s ago: executing program 4 (id=1832): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001], 0x5000, 0x380f11}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.425096044s ago: executing program 4 (id=1835): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0x80}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576648eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0714b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b40867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"}) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000001600)={{0x0, 0x0, 0x80}}) 1.308273879s ago: executing program 0 (id=1836): r0 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) r1 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc0287c02, &(0x7f0000000100)={0x80000000, 0x0, &(0x7f0000000500)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000300)={r2, &(0x7f0000000340)=[{}, {0x80000000}], &(0x7f0000000480)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000280)={r4, 0x0, &(0x7f0000000200)=[{{0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f0000000400)={{r3, r6}, {r5, r6}}) 1.227288123s ago: executing program 1 (id=1837): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e0000000000000000000000000040000000000000000000000000000000000000000000380003"], 0x78) write$binfmt_elf32(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000003800000000000000000000000000200000000000000000000000000003"], 0x158) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 1.198548791s ago: executing program 0 (id=1838): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={0xffffffffffffffff, &(0x7f0000000780)}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) io_setup(0x0, 0x0) timerfd_create(0x0, 0x80800) syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x1000801, &(0x7f0000000340)=ANY=[], 0x2, 0x20d, &(0x7f0000000c40)="$eJzsmTFoFEEUhv+Z3eydURQLLWzWImBEs7e7p5ImRQRLQUhELQ+zhugkJ5sVkoDgYWNjaSHYWgsWFqks7OwEKy1UECy80kpwZOZmbieXu2ByHBz4vmL45/Hem7cze2/gFgRB/Ld8+/rry9PLs4vnARzBFCrG/sMrfbjj//n5g3PP5q68eP3p5bu1ow+3e/MxAFJqGfzL+srp7bwHPDqm51KaaMOUybkIrrXiOjjOGn0DLIStVZbRGRhuGfNdRzcPGSEydrsplu6siCxWQ6KGVA11oCzBx8eg3WJYAlA1SzCnvvXNrXsNAeR24/KORUxIu461HFjstX8+gPY8x5yzBeq8bj553FLzyNhjZ/8ScCRG18GwYPQsKoiiKDTTLLH5Wwyn/DK/55ztsM82UnF8ZizK+CPHooxRCvUq7D+KhweJEtnh4WpmvRb1g+5aTra33++O+j44oW0543IW1d6z0I0LwC7nD5NCXO2b58QOy2l3fxxhu0Bp8bDjlej0D+YDZ5z+5MPv9q9asXq/tr65NbOy2ljOlrO1NK1fii/E8cW0pntzZ9yj/1V1f5p08k8M8A1YgI1GUeTJBlDkSXeecj06HXfhTfOnjuG6/3FM/5bSXi/6sSv912CvPH1fcX1vKTXtDSyeIAiCIAiCIAiCIAiCIAhiX4RgMP9VMvtNrA/pNe39NwAA///24Ge2") 1.124274288s ago: executing program 4 (id=1839): syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00bc7811e943bbb3bc31a70c81525069e4320000000000"], 0x1, 0x1a2, &(0x7f0000000000)="$eJzs0L9r1GAcx/H390nul1DlVBwq2AOLMUe1yVUdnA6nEy7g4CJ46HGNvWKqXHODLS10kYJU+y/oIHVUQScRBefiIDhoXLpJbygO4iAnyT0V/Bt8XpB88v1Aki9PN+7FBeD33kqHOhmLg3xEsIEJGXVKjfK1nr/r3BwFl/S8ofOZzvF4afl2O4rCxcrFCuV/CuBH1v2t4hccU5SEOvJ5b6XTlpsBwzoLajag3KT6EKtFz33EuD3G0RtYDJ0NLit64jTh0HS/yHS8tHxmfqE9F86Fd2q1mQveOc87n+4fhd4rxH0gises4gYUAkruKrkW97ftA0wJ4nZVYkl1QL7F5rZ1+uTUAOXuMkR45wwofLW7FXWVUxSvp8s3OCI8wQqYbFJS2Nyaj0KvgVxRL8W3P9k/c4rimmWd7dyNZtevKfmV36rLblH8HXKOT63qM5MeDYd5z3rCZEIjYSth5xsT8ib9y/652mvp/bmejnOCp3nutfv9RT8PH8QJqKVXGcayz6lsrzK81e/o4Mv+g2EYhmEYhmEYhvEf+BMAAP//l8hh1g==") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./file0\x00') chroot(&(0x7f00000001c0)='./file0/../file0/../file0\x00') umount2(&(0x7f0000000240)='./file0/../file0/../file0\x00', 0x9) 1.055797044s ago: executing program 0 (id=1840): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=@newsa={0x160, 0x10, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@private2}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x4}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_IF_ID={0x8, 0x1f, 0x3}, @sec_ctx={0x15, 0x8, {0x11, 0x8, 0x0, 0x0, 0x9, "de82fc41ae2b0d22dd"}}]}, 0x160}}, 0x4810) r1 = socket$key(0xf, 0x3, 0x2) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x1, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}]}, 0x60}}, 0x0) sendmsg$key(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@private, @in6=@private0}]}, 0x38}}, 0x0) 1.055205352s ago: executing program 1 (id=1841): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x1, 0x0) close(r1) socket$tipc(0x1e, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0xa0028000}) 987.370505ms ago: executing program 4 (id=1842): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008002, &(0x7f0000000440)={[{@debug}, {@delalloc}, {@resuid}, {@errors_remount}, {@noinit_itable}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@max_batch_time={'max_batch_time', 0x3d, 0x40}}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 957.473045ms ago: executing program 0 (id=1843): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', 0x0, 0x0, 0x835, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) 857.421426ms ago: executing program 3 (id=1844): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa) ppoll(&(0x7f0000000180)=[{r0, 0x10}, {r0, 0x8040}], 0x2, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a1c95595915303d60ffdeffff000400"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x2) 722.927702ms ago: executing program 1 (id=1845): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6d0, &(0x7f0000001340)="$eJzs3cFvHFcdB/DvrNeOt1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitEKQAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmfXu/Y6Xif2OoHPJxrPe/Nm3vzmN29mvOusNsD/rctn0ryfIpfPvHG3rG+sL7Y31heP1M3tJGW5kTS7sxQ3k+JBslS2FwNTBubbfLx66a3PHm583q0166laf6q/3exYIY/Yx716ynzd3/zILafH6r/bVxVeXkxypZ4Pmxm3r6EVy6Sdrudw6Drb3NvL5jte78Czr/d0KrrPzW3mkhfqJ3P1O0F9d2hMLsKDsae7HAAAADynPr112BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA86f+/v+inhr1PPMpet//P9NbVpefQUtjr3n/QOMAAAAAAAAAgMn4+qM8yt0c7dU7RfU3/1NV5Xi+6CRfyvu5k5XcztnczXLWspbbOZ9kbqCjmbvLa2u3z/e3LI3e8sLILS9M6ogBAAAAAAAA4H/SL9Pa/Ps/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8C4pkqjurpuP1PHNpNLPZlnvJP5PMHHa8e1CMWnh/8nEAAADAU5l9gm2+/CiPcjdHe/VOUb3m/0r1enk27+dm1rKatbSzkqv1a+jyVX9jY32xvbG+eKOcyvpwv9//957CmKl7mKpqo/Z8slqjlWtZrZaczZUqmKtpdPd9OjnZi2cgrgEflTEV36uNGVmzTmu5s9/v9C7Cvhh+K6LxmDVbm8El/Yws1LGVWx7rZqCo3qhJtmZi17PTHKrNVb1O9/d0Po3+Oz/HDyDnL9Tz8nh+c6A536t+JhqpMnGhN/rKa+bxmUi+8dc/vX29ffPd69funHl2DmkXUzss3zomFgcy8cpznYnmHtdfqDJxol+/nB/lJzmT+byZ21nNT7OctaykU7cv1+O5/Dn3+EwtDdXe3C2Smfq8dM/ZODHN54dVaTmnqm2PZjVFbuVqVvJ69e9CzufbuZiLuTRwhk/sGHd1bNVV39h61ffO9N9GBn/6m3WhvLv9dvMut/S4I95pdO6X7r2/zOuxgbx2R/3D/lrHBq6DhYEsvdTLzvTIzp/k3tj8al0o9/GrXZ4TkzVXZ6K8gHpPiV50L3cz0ayeRdvH+R865XZp3+x0ri+/t0P/97bUX6vn5bBa/9pua/eMPhX7qxwvL2W2vpMMj46y7eX+XWagrbM5lrttw0/ccrsTVVtR9K7UH+dWNQC2X6kz9e9w23u6ULW9MrJtsWo7OdA29PtWbqWdqxPIHwBP4h9v94tzeWGm9a/Wp61PWr9uXW+9MfuDI9858upMpv8+/d3mwtRrjVeLv+ST/Hzz9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDk7nzw4bvL7fbK7dGFxs5NQ4VWti7Zqecjo/sp6i/0GWNfz0VhNsnQkup7jiYeRmtrGNsKnV8kE89P70sER6/zu7LQ3DaiRhWWhpb8eXuHH+0xwmK86+IAC41MdqdTGT0ADvGmBEzEubUb752788GH31q9sfzOyjsrN6cvXry0cOni64vnrq22Vxa6Pw87SuAgbD70DzsSAAAAAAAAAAAAYFyjPhhw6sXdPjQy1mc8/M9CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYF9cPpPm/RQ5v3B2oaxvrC+2y6lX3lyzmaTRSIqfJcWDZCndKXMD3RX544N0Ruzn49VLb332cOPzzb6a3fWTRj3f2eNbk9yrp8wnmarnT2GovytP3V/xn94xlAn7otPpLD1dfLA//hsAAP//P3v0tA==") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x4c37e, 0x0) rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') llistxattr(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) 688.735777ms ago: executing program 0 (id=1846): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000001c0)={0x3, 0x8, 0x0, 0x0, @vifc_lcl_ifindex=r2}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_addr=@dev, @dev}, 0x10) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000080)=0xc, 0x4) 577.436199ms ago: executing program 2 (id=1847): r0 = io_uring_setup(0xb3e, &(0x7f0000000340)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000380), &(0x7f0000000040)=@udp=r2}, 0x20) recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000280)=""/231, 0xe7}], 0x1}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 370.808066ms ago: executing program 2 (id=1848): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0, 0xfffd}, 0x90) 300.821901ms ago: executing program 1 (id=1849): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x30008c0, &(0x7f0000000540)=ANY=[@ANYBLOB="71756965742c66696c655f756d61736b3d30303030303030303030303030303030303030303031332c696f636861727365743d69736f383835392d352c717569657400ac845be36dd02fde8b0c7731baa421792e073a9514eda0f5853b240595ac4a28343ad2a340392663a16b323d1623f98855dd84169a10087d8e2589bf53c55258f9b3f5528910b5c99b7f8401f4048539c23ce7dfec8180e982f129c102eaf83585c2134488ebcc912fc75c99726910db9c3fd38370a8bb0d53b8df0ece8f663a6810552f5ca783d52e3d4a2e57be"], 0x51, 0x2bf, &(0x7f0000000680)="$eJzs3T1v00Acx/HfOWkbaFVcWoTEWKgEC4KyIJYglBfBhIAmSBVREVDEw1QQE0Kws/MWeBEsIN4ATEy8gDIZ3fmc2LHz0CqJG/r9SI2c+M73v5ztu3+kygJwbN1q/Px87bf9M1JFFendDSmQVJOqks7obO3Zzu72brvVHHSgiqth/4zimiZXZmunVVTV1nM1vNC+q2op/RkmI4qim7/KDgKlc1d/gUBa8Fen21/zn89NNbr+Xh+y3t6Y45g1Zl/7eqHlsuMAAJTLz/+Bn+eX/Po9CKQNP+1n5v9Zt192ABMXDdybmv9dlhUZO76n3K5uvudSOLs/SLLEUVruXRvOKz6zMgtMMyyrdLEEJx5st1uXtx61m4HeqO6liq2512Z86iaGRLtekJsOMELfTfGKctH1Yc72YTOO/7mkTPyrh2zx0MxX893cMaE+qdlZ/1UjY4fJjVTYM1Jx/Ff6H9H1MrSl5G8b9Xo9yBRZcY2c8y14Q3pZK85IlJxRK8r+QBAOi9PVOt1TK+7d1SG1VgtrbSbv+tRay9Syvemczf3bmzTzwdw26/qjL2qk1v+BjW9DqSuzlguye9WYjXgqcN943J/54uaq7phhbubIXy5B8TeZ8nfwPQ0H8F73dV3LT1++elhpt1tP7Ma97kYymu3HS51dc2+ldJmjsqG97icLipxc4WRSmmZgl8Z6QHv/GFrYXmUFu9xQHpXxmv2NxrfpnkhlbJR3a8L0ZG8ROIbsmsvE+V83X6nGiz37Ehau00f8IcAfMbJr7E4G160bxStySScPlMEt9s/g8jlXLmd0Odf5i9KF0VsMfZz/CdPQD93l938AAAAAAAAAAAAAAAAAAIBZM41/Jyi7jwAAAAAAAAAAAAAAAAAAAAAAzLrO83+VPP9Xoz3/t/dRLON8/u/HHfH8X2Dy/gUAAP//xt93Mw==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.stat\x00', 0x275a, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) utimensat(r0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0) 211.209097ms ago: executing program 4 (id=1850): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa07, &(0x7f0000000040)={{&(0x7f00009db000/0x4000)=nil, 0x4000}, 0x2, 0x2}) 208.751413ms ago: executing program 0 (id=1851): io_setup(0x7, &(0x7f0000000280)=0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x9, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) write$UHID_INPUT(r3, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f91b4847f70e06d038e7ff7fc6e5539b3265078b089b3b083872090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31300d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f097e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f028dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0xfffffffffffffebd}}, 0x1006) 150.292839ms ago: executing program 3 (id=1852): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) shutdown(r0, 0x1) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000180)={r2, @in6={{0x2, 0x0, 0x0, @local}}}, 0x90) 120.215675ms ago: executing program 2 (id=1853): r0 = socket$unix(0x1, 0x2, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/unix\x00') lseek(r1, 0x38, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000240)=0x8000, 0x4) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) read$FUSE(r1, &(0x7f0000000c00)={0x2020}, 0x2020) 18.737358ms ago: executing program 4 (id=1854): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) clock_getres(0xeaffffff, 0x0) 0s ago: executing program 3 (id=1855): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) pipe2$9p(&(0x7f0000000000), 0x800) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) kernel console output (not intermixed with test programs): auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1072" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 174.851894][ T29] audit: type=1800 audit(1727800560.130:68): pid=8535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1072" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 174.858353][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.896752][ T8] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 174.913155][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.937709][ T8] usb 2-1: config 0 descriptor?? [ 174.987566][ T8541] loop0: detected capacity change from 0 to 32768 [ 175.020629][ T8541] JBD2: Ignoring recovery information on journal [ 175.073490][ T8541] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 175.098455][ T51] plantronics 0003:047F:FFFF.000F: ignoring exceeding usage max [ 175.115220][ T51] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 175.136995][ T51] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 175.283351][ T8176] ocfs2: Unmounting device (7,0) on (node local) [ 175.401044][ T8] ryos 0003:1E7D:3138.0010: collection stack underflow [ 175.409666][ T8] ryos 0003:1E7D:3138.0010: item 0 1 0 12 parsing failed [ 175.418212][ T8] ryos 0003:1E7D:3138.0010: parse failed [ 175.423947][ T8] ryos 0003:1E7D:3138.0010: probe with driver ryos failed with error -22 [ 175.469029][ T25] usb 4-1: USB disconnect, device number 12 [ 175.572900][ T5247] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 175.587825][ T5247] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 175.598310][ T5247] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 175.615956][ T5247] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 175.633926][ T5285] usb 2-1: USB disconnect, device number 15 [ 175.646478][ T5247] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 175.656099][ T5247] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 175.796468][ T8545] loop4: detected capacity change from 0 to 32768 [ 175.818084][ T8545] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1079 (8545) [ 175.850087][ T8545] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 175.860891][ T8545] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 175.870044][ T8545] BTRFS info (device loop4): using free-space-tree [ 175.920861][ T8548] chnl_net:caif_netlink_parms(): no params data found [ 175.935085][ T8564] loop0: detected capacity change from 0 to 1024 [ 175.944397][ T8564] EXT4-fs: Ignoring removed nobh option [ 175.978629][ T8564] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.087046][ T8176] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.099954][ T8548] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.119154][ T8548] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.119727][ T7566] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 176.126616][ T8548] bridge_slave_0: entered allmulticast mode [ 176.162038][ T8548] bridge_slave_0: entered promiscuous mode [ 176.175315][ T5247] Bluetooth: hci4: command 0x0406 tx timeout [ 176.190865][ T5238] Bluetooth: hci0: command 0x0406 tx timeout [ 176.225768][ T8548] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.279530][ T8548] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.288084][ T8548] bridge_slave_1: entered allmulticast mode [ 176.295605][ T8548] bridge_slave_1: entered promiscuous mode [ 176.373160][ T8548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.398384][ T8548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.545916][ T8548] team0: Port device team_slave_0 added [ 176.603522][ T8548] team0: Port device team_slave_1 added [ 176.699934][ T8548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.716750][ T8548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.774169][ T8548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.857391][ T8548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.874737][ T8548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.904207][ T8605] loop1: detected capacity change from 0 to 1024 [ 176.922786][ T8605] EXT4-fs: Ignoring removed oldalloc option [ 176.935273][ T8548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.975152][ T8605] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.095030][ T5240] EXT4-fs error (device loop1): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /215/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.186278][ T5240] EXT4-fs error (device loop1): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.213990][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.226997][ T5240] EXT4-fs error (device loop1): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /215/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.234439][ T8612] netlink: 'syz.0.1091': attribute type 4 has an invalid length. [ 177.256198][ T5240] EXT4-fs error (device loop1): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.282577][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.303025][ T5240] EXT4-fs error (device loop1): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /215/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.337683][ T8548] hsr_slave_0: entered promiscuous mode [ 177.344362][ T8548] hsr_slave_1: entered promiscuous mode [ 177.349027][ T5240] EXT4-fs error (device loop1): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.372158][ T8548] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 177.381970][ T8548] Cannot create hsr debugfs directory [ 177.410877][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.443073][ T5240] EXT4-fs error (device loop1): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /215/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.473513][ T5240] EXT4-fs error (device loop1): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.506746][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.534000][ T5240] EXT4-fs error (device loop1): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /215/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.600946][ T5240] EXT4-fs error (device loop1): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 177.662043][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.708268][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.756510][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.775956][ T5236] Bluetooth: hci5: command tx timeout [ 177.802679][ T8548] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.835042][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.863687][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.879422][ T5240] EXT4-fs warning (device loop1): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 177.946441][ T8548] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.059561][ T8548] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.127097][ T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 178.190128][ T8548] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.314226][ T8] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 178.337540][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.345580][ T8] usb 1-1: Product: syz [ 178.362419][ T8] usb 1-1: Manufacturer: syz [ 178.369254][ T8] usb 1-1: SerialNumber: syz [ 178.375803][ T8] usb 1-1: config 0 descriptor?? [ 178.382810][ T8548] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 178.424654][ T8548] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 178.434779][ T8548] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 178.450563][ T5240] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.554107][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.630138][ T8548] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 178.648023][ T25] usb 1-1: USB disconnect, device number 9 [ 178.792465][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.918541][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.938819][ T8548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.978013][ T5249] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 178.985559][ T8634] loop3: detected capacity change from 0 to 2048 [ 178.993763][ T8548] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.005361][ T5249] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 179.016217][ T5249] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 179.019065][ T2939] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.030280][ T2939] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.043261][ T8634] NILFS (loop3): invalid segment: Magic number mismatch [ 179.045080][ T5249] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 179.051154][ T8634] NILFS (loop3): trying rollback from an earlier position [ 179.065144][ T5249] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 179.066390][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.079329][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.094248][ T5249] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 179.099743][ T8634] NILFS (loop3): recovery complete [ 179.144711][ T8637] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 179.158704][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.194171][ T8548] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 179.219688][ T8548] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.455288][ T11] bridge_slave_1: left allmulticast mode [ 179.466748][ T11] bridge_slave_1: left promiscuous mode [ 179.486852][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.519774][ T8646] loop3: detected capacity change from 0 to 1024 [ 179.526609][ T8646] EXT4-fs: Ignoring removed orlov option [ 179.549066][ T11] bridge_slave_0: left allmulticast mode [ 179.554887][ T8646] EXT4-fs: Ignoring removed nomblk_io_submit option [ 179.575113][ T11] bridge_slave_0: left promiscuous mode [ 179.589712][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.605184][ T8646] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.682651][ T8119] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.864922][ T5249] Bluetooth: hci5: command tx timeout [ 180.197262][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 180.211326][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 180.224393][ T11] bond0 (unregistering): Released all slaves [ 180.414205][ T8548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.446603][ T8659] loop4: detected capacity change from 0 to 4096 [ 180.651754][ T29] audit: type=1800 audit(1727800565.950:69): pid=8659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1114" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 180.721646][ T29] audit: type=1800 audit(1727800565.950:70): pid=8659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1114" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 180.790170][ T8635] chnl_net:caif_netlink_parms(): no params data found [ 180.872981][ T11] hsr_slave_0: left promiscuous mode [ 180.885745][ T11] hsr_slave_1: left promiscuous mode [ 180.894334][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.905491][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.936211][ T11] veth1_macvtap: left promiscuous mode [ 180.943621][ T11] veth0_macvtap: left promiscuous mode [ 180.949857][ T11] veth1_vlan: left promiscuous mode [ 180.955323][ T11] veth0_vlan: left promiscuous mode [ 180.990517][ T8662] loop3: detected capacity change from 0 to 32768 [ 181.009764][ T8662] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1116 (8662) [ 181.032723][ T8662] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 181.043944][ T8662] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 181.053517][ T8662] BTRFS info (device loop3): using free-space-tree [ 181.144165][ T5249] Bluetooth: hci4: command tx timeout [ 181.413374][ T8119] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 181.936950][ T5249] Bluetooth: hci5: command tx timeout [ 182.264241][ T11] team0 (unregistering): Port device team_slave_1 removed [ 182.310343][ T8712] loop4: detected capacity change from 0 to 1764 [ 182.383508][ T8712] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 182.384371][ T11] team0 (unregistering): Port device team_slave_0 removed [ 183.217677][ T5249] Bluetooth: hci4: command tx timeout [ 183.242973][ T8548] veth0_vlan: entered promiscuous mode [ 183.310374][ T8548] veth1_vlan: entered promiscuous mode [ 183.484264][ T8635] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.516890][ T8635] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.526351][ T8635] bridge_slave_0: entered allmulticast mode [ 183.557917][ T8635] bridge_slave_0: entered promiscuous mode [ 183.627036][ T8635] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.656817][ T8635] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.674409][ T8635] bridge_slave_1: entered allmulticast mode [ 183.682907][ T8635] bridge_slave_1: entered promiscuous mode [ 183.740622][ T8548] veth0_macvtap: entered promiscuous mode [ 183.759088][ T8548] veth1_macvtap: entered promiscuous mode [ 183.781263][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.801477][ T8723] loop3: detected capacity change from 0 to 40427 [ 183.802599][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.816558][ T8723] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1fffff [ 183.824881][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.834426][ T8723] F2FS-fs (loop3): invalid crc value [ 183.838756][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.853278][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.864483][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.876451][ T8723] F2FS-fs (loop3): Found nat_bits in checkpoint [ 183.890363][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.914957][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.926601][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 183.938259][ T8723] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 183.959904][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.975545][ T8548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.990552][ T8635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 184.007524][ T5249] Bluetooth: hci5: command tx timeout [ 184.016578][ T8740] loop0: detected capacity change from 0 to 256 [ 184.021002][ T8635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.040288][ T8740] vfat: Bad value for 'fmask' [ 184.054485][ T8723] F2FS-fs (loop3): inject dquot initialize in f2fs_dquot_initialize of f2fs_setxattr+0x148/0x320 [ 184.068822][ T8723] overlayfs: failed to create directory ./file0/index (errno: 3); mounting read-only [ 184.078861][ T8723] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 184.100350][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.112164][ T8740] loop0: detected capacity change from 0 to 512 [ 184.131160][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.135613][ T8119] F2FS-fs (loop3): access invalid blkaddr:2816 [ 184.150719][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.152704][ T8119] CPU: 0 UID: 0 PID: 8119 Comm: syz-executor Not tainted 6.12.0-rc1-next-20241001-syzkaller #0 [ 184.171490][ T8119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 184.181547][ T8119] Call Trace: [ 184.184823][ T8119] [ 184.187750][ T8119] dump_stack_lvl+0x241/0x360 [ 184.192428][ T8119] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.197621][ T8119] ? __pfx_f2fs_get_dnode_of_data+0x10/0x10 [ 184.203523][ T8119] ? validate_chain+0x11e/0x5920 [ 184.208555][ T8119] __f2fs_is_valid_blkaddr+0xe16/0x1460 [ 184.214100][ T8119] f2fs_map_blocks+0xdd4/0x4f10 [ 184.218964][ T8119] ? mark_lock+0x9a/0x360 [ 184.223326][ T8119] ? __pfx_f2fs_map_blocks+0x10/0x10 [ 184.228611][ T8119] ? xa_load+0x2dd/0x350 [ 184.232860][ T8119] ? __pfx_xa_load+0x10/0x10 [ 184.237471][ T8119] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 184.243187][ T8119] ? folio_index+0xab/0x350 [ 184.247688][ T8119] f2fs_mpage_readpages+0xcae/0x2140 [ 184.252993][ T8119] ? __pfx_f2fs_mpage_readpages+0x10/0x10 [ 184.258714][ T8119] ? __folio_batch_add_and_move+0x81a/0xf00 [ 184.264604][ T8119] ? __pfx_lock_release+0x10/0x10 [ 184.269639][ T8119] ? rcu_is_watching+0x15/0xb0 [ 184.274435][ T8119] ? f2fs_readahead+0x184/0x340 [ 184.279316][ T8119] read_pages+0x17e/0x840 [ 184.283654][ T8119] ? percpu_ref_put+0x19/0x180 [ 184.288422][ T8119] ? __pfx_read_pages+0x10/0x10 [ 184.293269][ T8119] ? filemap_add_folio+0x26d/0x650 [ 184.298386][ T8119] ? __pfx_filemap_add_folio+0x10/0x10 [ 184.303857][ T8119] page_cache_ra_unbounded+0x774/0x8a0 [ 184.309331][ T8119] f2fs_readdir+0x5b9/0xbf0 [ 184.313836][ T8119] ? __pfx___might_resched+0x10/0x10 [ 184.319191][ T8119] ? __pfx_f2fs_readdir+0x10/0x10 [ 184.324237][ T8119] ? __mutex_trylock_common+0x183/0x2e0 [ 184.329814][ T8119] ? iterate_dir+0x8fd/0xd30 [ 184.334434][ T8119] ? __pfx___mutex_trylock_common+0x10/0x10 [ 184.340364][ T8119] ? rcu_is_watching+0x15/0xb0 [ 184.345145][ T8119] ? end_current_label_crit_section+0x151/0x180 [ 184.351399][ T8119] ? common_file_perm+0x1a6/0x210 [ 184.356437][ T8119] iterate_dir+0x9e2/0xd30 [ 184.360860][ T8119] ? __pfx_iterate_dir+0x10/0x10 [ 184.365799][ T8119] ? fdget_pos+0x24e/0x320 [ 184.370221][ T8119] __se_sys_getdents64+0x1d3/0x4a0 [ 184.375340][ T8119] ? __pfx___se_sys_getdents64+0x10/0x10 [ 184.380965][ T8119] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 184.386946][ T8119] ? __pfx_filldir64+0x10/0x10 [ 184.391811][ T8119] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 184.398162][ T8119] ? exc_page_fault+0x590/0x8c0 [ 184.403030][ T8119] ? do_syscall_64+0xb6/0x230 [ 184.407707][ T8119] do_syscall_64+0xf3/0x230 [ 184.412208][ T8119] ? clear_bhb_loop+0x35/0x90 [ 184.416885][ T8119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.422782][ T8119] RIP: 0033:0x7f6d591b0193 [ 184.427204][ T8119] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 184.446819][ T8119] RSP: 002b:00007ffd30b2f048 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 184.455240][ T8119] RAX: ffffffffffffffda RBX: 00005555779cb600 RCX: 00007f6d591b0193 [ 184.463211][ T8119] RDX: 0000000000008000 RSI: 00005555779cb600 RDI: 0000000000000005 [ 184.471178][ T8119] RBP: 00005555779cb5d4 R08: 0000000000000000 R09: 0000000000000000 [ 184.479143][ T8119] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 184.487113][ T8119] R13: 0000000000000010 R14: 00005555779cb5d0 R15: 00007ffd30b312f0 [ 184.495098][ T8119] [ 184.501853][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.512205][ T8740] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 184.512291][ T8740] System zones: 0-2, 18-18, 34-35 [ 184.528410][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.539053][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.549219][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.559903][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.570116][ T8548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.571004][ T8740] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.580783][ T8548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.582571][ T8548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.593774][ T8740] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 184.668505][ T8548] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.680857][ T8548] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.690147][ T8548] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.706849][ T8548] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.717020][ T8119] F2FS-fs (loop3): access invalid blkaddr:2816 [ 184.723779][ T8119] CPU: 1 UID: 0 PID: 8119 Comm: syz-executor Not tainted 6.12.0-rc1-next-20241001-syzkaller #0 [ 184.734145][ T8119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 184.744228][ T8119] Call Trace: [ 184.747510][ T8119] [ 184.750450][ T8119] dump_stack_lvl+0x241/0x360 [ 184.755135][ T8119] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.760327][ T8119] ? __pfx_f2fs_get_dnode_of_data+0x10/0x10 [ 184.766228][ T8119] __f2fs_is_valid_blkaddr+0xe16/0x1460 [ 184.771772][ T8119] f2fs_map_blocks+0xdd4/0x4f10 [ 184.776613][ T8119] ? mark_lock+0x9a/0x360 [ 184.780984][ T8119] ? __pfx_f2fs_map_blocks+0x10/0x10 [ 184.786281][ T8119] ? xa_load+0x2dd/0x350 [ 184.790527][ T8119] ? __pfx_xa_load+0x10/0x10 [ 184.795133][ T8119] ? folio_index+0xab/0x350 [ 184.799639][ T8119] f2fs_mpage_readpages+0xcae/0x2140 [ 184.804942][ T8119] ? __pfx_f2fs_mpage_readpages+0x10/0x10 [ 184.810744][ T8119] ? __folio_batch_add_and_move+0x81a/0xf00 [ 184.816631][ T8119] ? __pfx_lock_release+0x10/0x10 [ 184.821653][ T8119] ? rcu_is_watching+0x15/0xb0 [ 184.826427][ T8119] ? f2fs_readahead+0x184/0x340 [ 184.831364][ T8119] read_pages+0x17e/0x840 [ 184.835697][ T8119] ? percpu_ref_put+0x19/0x180 [ 184.840461][ T8119] ? __pfx_read_pages+0x10/0x10 [ 184.845306][ T8119] ? filemap_add_folio+0x26d/0x650 [ 184.850424][ T8119] ? __pfx_filemap_add_folio+0x10/0x10 [ 184.855976][ T8119] page_cache_ra_unbounded+0x774/0x8a0 [ 184.861452][ T8119] f2fs_readdir+0x5b9/0xbf0 [ 184.865953][ T8119] ? __pfx___might_resched+0x10/0x10 [ 184.871261][ T8119] ? __pfx_f2fs_readdir+0x10/0x10 [ 184.876278][ T8119] ? __mutex_trylock_common+0x183/0x2e0 [ 184.881822][ T8119] ? iterate_dir+0x8fd/0xd30 [ 184.888630][ T8119] ? __pfx___mutex_trylock_common+0x10/0x10 [ 184.894588][ T8119] ? rcu_is_watching+0x15/0xb0 [ 184.899376][ T8119] ? end_current_label_crit_section+0x151/0x180 [ 184.905773][ T8119] ? common_file_perm+0x1a6/0x210 [ 184.910842][ T8119] iterate_dir+0x9e2/0xd30 [ 184.915283][ T8119] ? __pfx_iterate_dir+0x10/0x10 [ 184.920313][ T8119] ? fdget_pos+0x24e/0x320 [ 184.924730][ T8119] __se_sys_getdents64+0x1d3/0x4a0 [ 184.929869][ T8119] ? __pfx___se_sys_getdents64+0x10/0x10 [ 184.935514][ T8119] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 184.941496][ T8119] ? __pfx_filldir64+0x10/0x10 [ 184.946264][ T8119] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 184.952589][ T8119] ? exc_page_fault+0x590/0x8c0 [ 184.957443][ T8119] ? do_syscall_64+0xb6/0x230 [ 184.962288][ T8119] do_syscall_64+0xf3/0x230 [ 184.966885][ T8119] ? clear_bhb_loop+0x35/0x90 [ 184.971570][ T8119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.977463][ T8119] RIP: 0033:0x7f6d591b0193 [ 184.981873][ T8119] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 185.001477][ T8119] RSP: 002b:00007ffd30b2f048 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 185.009896][ T8119] RAX: ffffffffffffffda RBX: 00005555779cb600 RCX: 00007f6d591b0193 [ 185.017868][ T8119] RDX: 0000000000008000 RSI: 00005555779cb600 RDI: 0000000000000005 [ 185.025919][ T8119] RBP: 00005555779cb5d4 R08: 0000000000000000 R09: 0000000000000000 [ 185.034001][ T8119] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 185.041978][ T8119] R13: 0000000000000010 R14: 00005555779cb5d0 R15: 00007ffd30b312f0 [ 185.049957][ T8119] [ 185.054979][ T8119] syz-executor: attempt to access beyond end of device [ 185.054979][ T8119] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 185.086047][ T8176] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.093828][ T8635] team0: Port device team_slave_0 added [ 185.106631][ T8635] team0: Port device team_slave_1 added [ 185.175135][ T8635] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.195809][ T8635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.250482][ T8635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.302663][ T5249] Bluetooth: hci4: command tx timeout [ 185.321969][ T8749] loop0: detected capacity change from 0 to 16 [ 185.332098][ T8749] erofs: (device loop0): mounted with root inode @ nid 36. [ 185.341962][ T8635] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.353164][ T8635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.385890][ T8635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 185.399920][ T8749] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 185.413648][ T8749] syz.0.1142: attempt to access beyond end of device [ 185.413648][ T8749] loop0: rw=0, sector=296, nr_sectors = 8 limit=16 [ 185.427446][ T8749] erofs: (device loop0): z_erofs_read_folio: read error -5 @ 0 of nid 36 [ 185.435910][ T8749] erofs: (device loop0): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 185.465933][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 86 @ nid 36 [ 185.482275][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 84 @ nid 36 [ 185.492594][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 80 @ nid 36 [ 185.508817][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 74 @ nid 36 [ 185.521103][ T8119] syz-executor: attempt to access beyond end of device [ 185.521103][ T8119] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 185.542521][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 72 @ nid 36 [ 185.547076][ T8119] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 185.551921][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 70 @ nid 36 [ 185.561921][ T8119] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 185.576181][ T8750] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 62 of nid 36 [ 185.578787][ T8635] hsr_slave_0: entered promiscuous mode [ 185.619981][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 63 @ nid 36 [ 185.620987][ T8635] hsr_slave_1: entered promiscuous mode [ 185.629484][ T8750] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 62 of nid 36 [ 185.629520][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 62 @ nid 36 [ 185.629717][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 58 @ nid 36 [ 185.664630][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 57 @ nid 36 [ 185.674280][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 54 @ nid 36 [ 185.685086][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 53 @ nid 36 [ 185.685373][ T8635] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 185.706943][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 52 @ nid 36 [ 185.721487][ T8635] Cannot create hsr debugfs directory [ 185.725800][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 51 @ nid 36 [ 185.736312][ T8750] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 363 @ lcn 50 of nid 36 [ 185.747390][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 50 @ nid 36 [ 185.757977][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 47 @ nid 36 [ 185.767433][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 46 @ nid 36 [ 185.784087][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 40 @ nid 36 [ 185.805769][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 39 @ nid 36 [ 185.831046][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 38 @ nid 36 [ 185.844270][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 34 @ nid 36 [ 185.887155][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 32 @ nid 36 [ 185.923908][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 30 @ nid 36 [ 185.929200][ T3000] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.952806][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 27 @ nid 36 [ 185.974305][ T2939] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.984678][ T2939] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.006803][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 26 @ nid 36 [ 186.016058][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 186.047884][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 186.076914][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 23 @ nid 36 [ 186.093426][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 22 @ nid 36 [ 186.116975][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 21 @ nid 36 [ 186.126161][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 20 @ nid 36 [ 186.138689][ T3000] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.160161][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.177840][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 18 @ nid 36 [ 186.179671][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.227034][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 12 @ nid 36 [ 186.236337][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 10 @ nid 36 [ 186.250360][ T3000] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.293875][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 6 @ nid 36 [ 186.317201][ T8750] erofs: (device loop0): z_erofs_readahead: readahead error at folio 4 @ nid 36 [ 186.337198][ T8750] syz.0.1142: attempt to access beyond end of device [ 186.337198][ T8750] loop0: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 186.368259][ T8750] syz.0.1142: attempt to access beyond end of device [ 186.368259][ T8750] loop0: rw=524288, sector=6520, nr_sectors = 16 limit=16 [ 186.394982][ T3000] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.409217][ T8750] syz.0.1142: attempt to access beyond end of device [ 186.409217][ T8750] loop0: rw=524288, sector=34359736328, nr_sectors = 16 limit=16 [ 186.439313][ T8750] syz.0.1142: attempt to access beyond end of device [ 186.439313][ T8750] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 186.484508][ T8750] syz.0.1142: attempt to access beyond end of device [ 186.484508][ T8750] loop0: rw=524288, sector=536576856, nr_sectors = 16 limit=16 [ 186.501234][ T8750] syz.0.1142: attempt to access beyond end of device [ 186.501234][ T8750] loop0: rw=524288, sector=13478624032, nr_sectors = 8 limit=16 [ 186.526368][ T8750] syz.0.1142: attempt to access beyond end of device [ 186.526368][ T8750] loop0: rw=524288, sector=13716630376, nr_sectors = 8 limit=16 [ 186.554883][ T5236] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 186.569977][ T5236] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 186.586408][ T5236] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 186.609101][ T5236] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 186.635597][ T5236] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 186.644874][ T5236] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 186.944425][ T8769] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1149'. [ 186.973957][ T8769] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1149'. [ 187.152170][ T8776] syz_tun: entered promiscuous mode [ 187.197363][ T8776] syz_tun: left promiscuous mode [ 187.271850][ T3000] bridge_slave_1: left allmulticast mode [ 187.290205][ T3000] bridge_slave_1: left promiscuous mode [ 187.310556][ T3000] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.340210][ T3000] bridge_slave_0: left allmulticast mode [ 187.356833][ T3000] bridge_slave_0: left promiscuous mode [ 187.367338][ T5236] Bluetooth: hci4: command tx timeout [ 187.388336][ T3000] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.443646][ T8792] loop0: detected capacity change from 0 to 4096 [ 187.478115][ T8792] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.606215][ T29] audit: type=1800 audit(1727800572.900:71): pid=8795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1160" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 187.716118][ T8176] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.942671][ T8802] loop0: detected capacity change from 0 to 164 [ 188.080281][ T8806] loop0: detected capacity change from 0 to 1024 [ 188.088174][ T8806] EXT4-fs: Ignoring removed nomblk_io_submit option [ 188.098501][ T8806] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 188.179513][ T8806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.390754][ T8176] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.515411][ T3000] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.533245][ T3000] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.558886][ T3000] bond0 (unregistering): Released all slaves [ 188.727247][ T5236] Bluetooth: hci3: command tx timeout [ 188.896506][ T8754] chnl_net:caif_netlink_parms(): no params data found [ 188.977984][ T8825] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1172'. [ 189.262173][ T3000] hsr_slave_0: left promiscuous mode [ 189.262422][ T8838] loop4: detected capacity change from 0 to 1024 [ 189.275112][ T3000] hsr_slave_1: left promiscuous mode [ 189.286097][ T3000] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 189.294360][ T3000] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 189.303775][ T3000] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.313107][ T8838] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.314977][ T3000] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 189.370099][ T3000] veth1_macvtap: left promiscuous mode [ 189.375960][ T3000] veth0_macvtap: left promiscuous mode [ 189.384180][ T3000] veth1_vlan: left promiscuous mode [ 189.389807][ T3000] veth0_vlan: left promiscuous mode [ 189.535686][ T7566] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.983207][ T8849] loop4: detected capacity change from 0 to 4096 [ 190.386519][ T3000] team0 (unregistering): Port device team_slave_1 removed [ 190.454278][ T3000] team0 (unregistering): Port device team_slave_0 removed [ 190.827069][ T5236] Bluetooth: hci3: command tx timeout [ 191.268288][ T8635] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 191.286207][ T8635] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 191.320914][ T8754] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.328758][ T8754] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.335968][ T8754] bridge_slave_0: entered allmulticast mode [ 191.347052][ T8754] bridge_slave_0: entered promiscuous mode [ 191.360778][ T8754] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.368545][ T8754] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.375935][ T8754] bridge_slave_1: entered allmulticast mode [ 191.383164][ T8754] bridge_slave_1: entered promiscuous mode [ 191.390104][ T8635] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 191.489284][ T8635] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 191.545472][ T8754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.577907][ T8754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.643848][ T8754] team0: Port device team_slave_0 added [ 191.655057][ T8754] team0: Port device team_slave_1 added [ 191.687304][ T8867] sctp: [Deprecated]: syz.0.1188 (pid 8867) Use of struct sctp_assoc_value in delayed_ack socket option. [ 191.687304][ T8867] Use struct sctp_sack_info instead [ 191.706203][ T8754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.713530][ T8754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.755503][ T8754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.785618][ T8754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.793242][ T8754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.826394][ T8754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.941284][ T8635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.959222][ T8635] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.058971][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.066170][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.092275][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.099461][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.121262][ T8875] loop0: detected capacity change from 0 to 512 [ 192.141656][ T8754] hsr_slave_0: entered promiscuous mode [ 192.150737][ T8754] hsr_slave_1: entered promiscuous mode [ 192.161701][ T8754] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 192.171339][ T8754] Cannot create hsr debugfs directory [ 192.205266][ T8875] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.219496][ T8875] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.338554][ T8176] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.567698][ T8635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.760115][ T8635] veth0_vlan: entered promiscuous mode [ 192.773309][ T8635] veth1_vlan: entered promiscuous mode [ 192.797794][ T8635] veth0_macvtap: entered promiscuous mode [ 192.807828][ T8635] veth1_macvtap: entered promiscuous mode [ 192.827859][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.838423][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.848571][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.859237][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.869322][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.879868][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.889963][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.900519][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.910436][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 192.920967][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.932436][ T8635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 192.942162][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.948488][ T5236] Bluetooth: hci3: command tx timeout [ 192.953103][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.968048][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.978514][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.988342][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 192.998826][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.008811][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.019294][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.029145][ T8635] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.039632][ T8635] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.050954][ T8635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.100816][ T8635] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.112738][ T8635] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.121965][ T8635] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.131517][ T8635] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.292597][ T193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.360780][ T193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.485204][ T3000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.527607][ T3000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.569207][ T8754] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 193.599364][ T8754] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 193.657446][ T8754] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 193.687453][ T8754] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 193.923483][ T8754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.978924][ T8754] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.441521][ T8906] loop1: detected capacity change from 0 to 32768 [ 194.498612][ T8906] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 194.550509][ T8920] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 194.589160][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.595510][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.659369][ T8920] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 194.674331][ T8920] bond0 (unregistering): Released all slaves [ 194.702433][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.709733][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.789823][ T8635] ocfs2: Unmounting device (7,1) on (node local) [ 194.822355][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.829547][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.967343][ T5236] Bluetooth: hci3: command tx timeout [ 195.028523][ T8754] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 195.039245][ T8754] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.415886][ T8754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.545044][ T8754] veth0_vlan: entered promiscuous mode [ 195.584755][ T8754] veth1_vlan: entered promiscuous mode [ 195.660704][ T8754] veth0_macvtap: entered promiscuous mode [ 195.677308][ T8754] veth1_macvtap: entered promiscuous mode [ 195.694097][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.716770][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.726618][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.739411][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.750234][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.761013][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.771170][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.773318][ T8970] loop0: detected capacity change from 0 to 256 [ 195.781649][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.781675][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.781691][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.781706][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.781718][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.783030][ T8754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.870381][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.881476][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.899049][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.909963][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.920991][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.946307][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.956756][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.969417][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.979932][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.999119][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.015282][ T8754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 196.028833][ T8754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.048925][ T8754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.060510][ T8754] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.069521][ T8754] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.080479][ T8754] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.089778][ T8754] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.282485][ T3000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.282510][ T3000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.329521][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.355101][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.941485][ T9003] loop4: detected capacity change from 0 to 64 [ 197.096256][ T8985] loop0: detected capacity change from 0 to 32768 [ 197.105653][ T9006] loop3: detected capacity change from 0 to 512 [ 197.113514][ T9008] loop4: detected capacity change from 0 to 256 [ 197.124907][ T9006] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 197.133873][ T9008] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 197.179063][ T8985] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 197.204331][ T9006] EXT4-fs (loop3): 1 truncate cleaned up [ 197.220853][ T9006] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.235727][ T9008] exFAT-fs (loop4): write: fail to zero from 0 to 3(-5) [ 197.305054][ T29] audit: type=1804 audit(1727800582.600:72): pid=9006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1243" name="/newroot/3/bus/file1" dev="loop3" ino=15 res=1 errno=0 [ 197.338156][ T8985] syz.0.1234 (8985) used greatest stack depth: 15576 bytes left [ 197.369427][ T8754] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.451746][ T8176] ocfs2: Unmounting device (7,0) on (node local) [ 197.717049][ T51] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 197.882044][ T51] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 197.902618][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 197.916433][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 197.938102][ T51] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 197.956400][ T51] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 197.970646][ T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.981564][ T51] usb 4-1: config 0 descriptor?? [ 197.987563][ T25] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 198.006430][ T9019] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 198.158434][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 198.169240][ T9029] loop1: detected capacity change from 0 to 32768 [ 198.187854][ T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 198.202764][ T9029] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1252 (9029) [ 198.216858][ T25] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x2C, changing to 0xC [ 198.237034][ T25] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 64 [ 198.248682][ T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 2.40 [ 198.260253][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.271847][ T9029] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 198.283567][ T9029] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 198.294118][ T9032] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 198.303258][ T9029] BTRFS info (device loop1): using free-space-tree [ 198.439563][ T51] plantronics 0003:047F:FFFF.0011: unknown main item tag 0xd [ 198.485416][ T51] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 198.519631][ T51] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 198.597584][ T8635] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 198.759160][ T835] usb 4-1: USB disconnect, device number 13 [ 199.334228][ T25] cdc_ncm 1-1:1.0: bind() failure [ 199.358114][ T25] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 199.398913][ T25] usb 1-1: USB disconnect, device number 10 [ 199.588572][ T9103] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1277'. [ 199.823856][ T9109] overlayfs: failed to clone upperpath [ 199.987620][ T9114] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 199.997965][ T9114] TCP: tcp_parse_options: Illegal window scaling value 15 > 14 received [ 200.310654][ T9101] loop3: detected capacity change from 0 to 32768 [ 200.338904][ T9101] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 200.352341][ T9129] loop0: detected capacity change from 0 to 1024 [ 200.358898][ T9101] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 200.367137][ T9129] EXT4-fs: Ignoring removed orlov option [ 200.388256][ T9101] gfs2: fsid=syz:syz.s: no journals! [ 200.420200][ T9133] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1291'. [ 200.447318][ T9133] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1291'. [ 200.479361][ T9138] loop1: detected capacity change from 0 to 128 [ 200.515921][ T9139] netlink: 4272 bytes leftover after parsing attributes in process `syz.4.1293'. [ 200.527244][ T9139] netlink: 'syz.4.1293': attribute type 1 has an invalid length. [ 200.528814][ T9129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.534988][ T9139] netlink: 121 bytes leftover after parsing attributes in process `syz.4.1293'. [ 200.705749][ T8176] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.114975][ T9164] loop3: detected capacity change from 0 to 2048 [ 201.183078][ T9164] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.304650][ T9164] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 201.427978][ T9164] EXT4-fs (loop3): Remounting filesystem read-only [ 201.836251][ T8754] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.018789][ T9156] loop0: detected capacity change from 0 to 32768 [ 202.079494][ T9156] XFS (loop0): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 202.303169][ T193] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.347960][ T5249] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 202.374190][ T5249] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 202.385204][ T5249] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 202.400659][ T5249] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 202.403592][ T9168] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 202.437185][ T5249] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 202.446943][ T5249] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 202.456370][ T9156] XFS (loop0): Ending clean mount [ 202.591971][ T8176] XFS (loop0): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 202.758722][ T9186] loop4: detected capacity change from 0 to 32768 [ 202.781353][ T193] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.873508][ T9186] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 202.900957][ T9201] mkiss: ax0: crc mode is auto. [ 203.210940][ T193] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.226587][ T9186] XFS (loop4): Ending clean mount [ 203.259969][ T9186] XFS (loop4): Quotacheck needed: Please wait. [ 203.392892][ T9186] XFS (loop4): Quotacheck: Done. [ 203.441240][ T193] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.514367][ T7566] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 203.548840][ T9189] chnl_net:caif_netlink_parms(): no params data found [ 203.705760][ T9236] netlink: 'syz.0.1328': attribute type 33 has an invalid length. [ 203.778062][ T51] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 203.831829][ T9236] team0: Port device team_slave_0 removed [ 203.838238][ T9236] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 203.974531][ T9189] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.977062][ T51] usb 2-1: Using ep0 maxpacket: 32 [ 203.990387][ T9189] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.002770][ T9241] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1324'. [ 204.017910][ T51] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 204.021715][ T9189] bridge_slave_0: entered allmulticast mode [ 204.031290][ T51] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 204.049660][ T51] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 204.057818][ T9189] bridge_slave_0: entered promiscuous mode [ 204.061581][ T51] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 59391, setting to 1024 [ 204.085966][ T51] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 204.114163][ T51] usb 2-1: config 0 interface 0 has no altsetting 0 [ 204.128098][ T51] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 204.136888][ T9189] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.138098][ T51] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 204.162831][ T51] usb 2-1: Product: syz [ 204.168234][ T9189] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.171447][ T51] usb 2-1: Manufacturer: syz [ 204.188740][ T9189] bridge_slave_1: entered allmulticast mode [ 204.210719][ T9189] bridge_slave_1: entered promiscuous mode [ 204.226314][ T193] bridge_slave_1: left allmulticast mode [ 204.236271][ T51] usb 2-1: SerialNumber: syz [ 204.242823][ T193] bridge_slave_1: left promiscuous mode [ 204.257898][ T51] usb 2-1: config 0 descriptor?? [ 204.261614][ T193] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.265469][ T9226] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 204.286448][ T9246] loop4: detected capacity change from 0 to 128 [ 204.290016][ T51] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 204.308588][ T51] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 204.323916][ T193] bridge_slave_0: left allmulticast mode [ 204.356828][ T193] bridge_slave_0: left promiscuous mode [ 204.376942][ T193] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.467988][ T9251] loop4: detected capacity change from 0 to 256 [ 204.506834][ T5236] Bluetooth: hci3: command tx timeout [ 204.529941][ T9251] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 204.584060][ T9251] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d) [ 204.738105][ T25] usb 2-1: USB disconnect, device number 16 [ 204.745964][ T25] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 205.229483][ T193] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 205.263647][ T193] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 205.305315][ T193] bond0 (unregistering): Released all slaves [ 205.384291][ T9189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 205.405786][ T9189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.538747][ T9189] team0: Port device team_slave_0 added [ 205.645614][ T9189] team0: Port device team_slave_1 added [ 205.731020][ T9189] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 205.744245][ T9189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.799361][ T9189] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.988396][ T9189] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.995472][ T9189] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.041459][ T9189] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.046578][ T9288] loop1: detected capacity change from 0 to 764 [ 206.064168][ T9287] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.1348'. [ 206.198633][ T193] hsr_slave_0: left promiscuous mode [ 206.219931][ T193] hsr_slave_1: left promiscuous mode [ 206.245294][ T193] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 206.253716][ T193] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 206.265657][ T193] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 206.265870][ T9290] loop0: detected capacity change from 0 to 2048 [ 206.275014][ T193] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 206.319467][ T9296] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 206.325305][ T193] veth1_macvtap: left promiscuous mode [ 206.348355][ T193] veth0_macvtap: left promiscuous mode [ 206.361457][ T193] veth1_vlan: left promiscuous mode [ 206.381682][ T193] veth0_vlan: left promiscuous mode [ 206.412401][ T9296] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 206.428898][ T9296] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 206.486535][ T9296] Remounting filesystem read-only [ 206.517027][ T9290] NILFS (loop0): mounting fs with errors [ 206.596799][ T5236] Bluetooth: hci3: command tx timeout [ 206.603129][ T9290] NILFS (loop0): nilfs_palloc_commit_free_entry (ino=3): entry number 2048 already freed [ 206.621726][ T9290] NILFS error (device loop0): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 206.645801][ T9290] Remounting filesystem read-only [ 206.666982][ T9290] NILFS (loop0): error -5 reading inode: ino=18 [ 206.677128][ T9290] NILFS (loop0): cannot mark inode dirty (ino=18): error -5 loading inode block [ 206.697282][ T9290] NILFS error (device loop0): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 206.708173][ T9290] NILFS (loop0): error -5 reading inode: ino=18 [ 206.714574][ T9290] NILFS (loop0): cannot mark inode dirty (ino=18): error -5 loading inode block [ 206.763859][ T8176] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 206.896072][ T9308] loop0: detected capacity change from 0 to 1024 [ 206.960321][ T9308] EXT4-fs: Ignoring removed nomblk_io_submit option [ 206.968114][ T9308] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 206.978082][ T9308] EXT4-fs (loop0): Test dummy encryption mode enabled [ 206.998102][ T9308] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 207.021018][ T9308] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.094964][ T9308] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 207.201509][ T9314] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 207.231834][ T9314] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 207.312511][ T8176] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.076448][ T9318] loop0: detected capacity change from 0 to 32768 [ 208.159479][ T9318] XFS (loop0): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 208.260404][ T193] team0 (unregistering): Port device team_slave_1 removed [ 208.329454][ T9318] XFS (loop0): Ending clean mount [ 208.437423][ T193] team0 (unregistering): Port device team_slave_0 removed [ 208.447084][ T8176] XFS (loop0): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 208.648375][ T5236] Bluetooth: hci3: command tx timeout [ 209.490357][ T9189] hsr_slave_0: entered promiscuous mode [ 209.496651][ T9189] hsr_slave_1: entered promiscuous mode [ 209.504460][ T9189] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 209.512224][ T9189] Cannot create hsr debugfs directory [ 209.534499][ T9341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1366'. [ 209.773063][ T9356] vcan0: entered allmulticast mode [ 210.157984][ T9375] tap0: tun_chr_ioctl cmd 1074025677 [ 210.163515][ T9375] tap0: linktype set to 6 [ 210.731691][ T5236] Bluetooth: hci3: command tx timeout [ 210.755679][ T9365] loop0: detected capacity change from 0 to 40427 [ 210.802901][ T9365] F2FS-fs (loop0): invalid crc value [ 210.835142][ T9365] F2FS-fs (loop0): Found nat_bits in checkpoint [ 210.978870][ T9365] F2FS-fs (loop0): Start checkpoint disabled! [ 210.981671][ T9189] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 211.002956][ T9365] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 211.010975][ T9189] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 211.030616][ T9189] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 211.054855][ T9189] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 211.080630][ T29] audit: type=1800 audit(1727800596.380:73): pid=9365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1373" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 211.128365][ T9365] bio_check_eod: 15 callbacks suppressed [ 211.128385][ T9365] syz.0.1373: attempt to access beyond end of device [ 211.128385][ T9365] loop0: rw=2049, sector=77824, nr_sectors = 848 limit=40427 [ 211.155116][ T29] audit: type=1800 audit(1727800596.390:74): pid=9365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1373" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 211.192524][ T9379] loop1: detected capacity change from 0 to 32768 [ 211.236235][ T9189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.272743][ T9379] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 211.322318][ T9189] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.351966][ T2939] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.359140][ T2939] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.415949][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.420114][ T8635] ocfs2: Unmounting device (7,1) on (node local) [ 211.423142][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.492968][ T9189] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 211.530813][ T64] kworker/u8:4: attempt to access beyond end of device [ 211.530813][ T64] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 211.563357][ T64] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 211.581646][ T64] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 211.806112][ T9189] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.919642][ T9189] veth0_vlan: entered promiscuous mode [ 211.944004][ T9401] loop0: detected capacity change from 0 to 2048 [ 211.959561][ T9189] veth1_vlan: entered promiscuous mode [ 211.984626][ T9401] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 212.057038][ T9189] veth0_macvtap: entered promiscuous mode [ 212.079727][ T9189] veth1_macvtap: entered promiscuous mode [ 212.118718][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.132456][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.150636][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.161452][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.172959][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.183642][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.193804][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.207370][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.217489][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.228482][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.238664][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.250168][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.262951][ T9189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.287898][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.310912][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.325094][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.346154][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.356120][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.374093][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.384023][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.401101][ T5331] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 212.414080][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.434419][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.444976][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.455072][ T9189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.473272][ T9189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.484954][ T9189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.510179][ T9189] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.519406][ T9189] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.528852][ T9189] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.537881][ T9189] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.590477][ T5331] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.620118][ T5331] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.656767][ T5331] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 212.678658][ T5331] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 212.720478][ T5331] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 212.737028][ T5331] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 212.764584][ T5331] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 212.774510][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.782733][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.816985][ T5331] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.825037][ T5331] usb 2-1: Product: syz [ 212.844604][ T5331] usb 2-1: Manufacturer: syz [ 212.849670][ T5331] usb 2-1: SerialNumber: syz [ 212.921984][ T2939] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.942913][ T2939] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.627341][ T9416] loop0: detected capacity change from 0 to 32768 [ 213.727637][ T9416] jfs_strtoUCS: char2uni returned -22. [ 213.733789][ T9416] charset = cp932, char = 0xfe [ 213.941590][ T9437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1402'. [ 213.942822][ T5331] cdc_ncm 2-1:1.0: bind() failure [ 213.982990][ T9437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1402'. [ 213.990111][ T5331] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 214.021365][ T5331] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 214.046902][ T5331] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 214.096139][ T5331] usb 2-1: USB disconnect, device number 17 [ 214.403716][ T9445] loop0: detected capacity change from 0 to 4096 [ 214.436039][ T9445] ntfs3: Unknown parameter 'noacsrules' [ 215.033951][ T9439] loop3: detected capacity change from 0 to 40427 [ 215.056317][ T9439] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 215.070207][ T9439] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 215.198136][ T9439] F2FS-fs (loop3): Found nat_bits in checkpoint [ 215.309781][ T9439] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 215.326825][ T9439] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 215.421630][ T9439] syz.3.1403: attempt to access beyond end of device [ 215.421630][ T9439] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 215.667097][ T8] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 215.833237][ T8] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 215.842628][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.856101][ T8] usb 1-1: Product: syz [ 215.860382][ T8] usb 1-1: Manufacturer: syz [ 215.865268][ T8] usb 1-1: SerialNumber: syz [ 215.887645][ T8] usb 1-1: config 0 descriptor?? [ 216.192519][ T9502] openvswitch: netlink: Missing key (keys=20040, expected=80) [ 216.302389][ T8] usb 1-1: Firmware: major: 0, minor: 248, hardware type: UNKNOWN (124) [ 216.343748][ T9508] loop3: detected capacity change from 0 to 1024 [ 216.357445][ T9507] loop1: detected capacity change from 0 to 4096 [ 216.365112][ T9507] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 216.405649][ T9508] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.492535][ T9189] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.503388][ T8] usb 1-1: failed to fetch extended address, random address set [ 216.511850][ T8] usb 1-1: atusb_probe: initialization failed, error = -524 [ 216.525659][ T8] atusb 1-1:0.0: probe with driver atusb failed with error -524 [ 216.538685][ T8] usb 1-1: USB disconnect, device number 11 [ 216.746072][ T9522] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1438'. [ 216.802246][ T9525] loop1: detected capacity change from 0 to 128 [ 216.827726][ T9525] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 216.849645][ T9525] sysv_count_free_blocks: cannot read free-list block [ 216.859229][ T9527] loop3: detected capacity change from 0 to 512 [ 216.880263][ T9527] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1441: corrupted in-inode xattr: invalid ea_ino [ 216.903642][ T9527] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.1441: couldn't read orphan inode 15 (err -117) [ 216.919953][ T9527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.932336][ T9525] sysv_count_free_inodes: unable to read inode table [ 216.938810][ T9529] syz.1.1440: attempt to access beyond end of device [ 216.938810][ T9529] loop1: rw=2049, sector=2066843070, nr_sectors = 1 limit=128 [ 216.996204][ T8635] sysv_free_block: trying to free block not in datazone [ 217.009132][ T8635] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 217.071092][ T9189] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.094119][ T9531] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1442'. [ 217.119518][ T9531] netlink: 'syz.1.1442': attribute type 7 has an invalid length. [ 217.128143][ T9531] netlink: 'syz.1.1442': attribute type 8 has an invalid length. [ 217.136458][ T9531] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1442'. [ 217.152284][ T9531] gretap0: entered promiscuous mode [ 217.169035][ T9531] batadv_slave_1: entered promiscuous mode [ 217.498141][ T9549] loop3: detected capacity change from 0 to 4096 [ 217.557134][ T9552] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 217.842467][ T9560] loop1: detected capacity change from 0 to 128 [ 217.871180][ T29] audit: type=1800 audit(1727800603.170:75): pid=9560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1456" name="file1" dev="loop1" ino=1048667 res=0 errno=0 [ 217.908690][ T2939] FAT-fs (loop1): error, invalid FAT chain (i_pos 548, last_block 8) [ 217.916771][ T29] audit: type=1800 audit(1727800603.190:76): pid=9560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1456" name="file1" dev="loop1" ino=1048667 res=0 errno=0 [ 217.939185][ T2939] FAT-fs (loop1): Filesystem has been set read-only [ 217.945995][ T2939] FAT-fs (loop1): error, corrupted file size (i_pos 548, 522) [ 217.946194][ T9543] loop0: detected capacity change from 0 to 32768 [ 217.972454][ T9543] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1448 (9543) [ 217.979744][ T9560] FAT-fs (loop1): error, corrupted file size (i_pos 548, 522) [ 218.000135][ T9543] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 218.003298][ T9560] FAT-fs (loop1): Filesystem has been set read-only [ 218.016841][ T9543] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 218.036451][ T9543] BTRFS info (device loop0): using free-space-tree [ 218.148901][ T9543] BTRFS info (device loop0): rebuilding free space tree [ 218.182570][ T9583] loop3: detected capacity change from 0 to 1024 [ 218.191567][ T9583] EXT4-fs: Ignoring removed orlov option [ 218.199264][ T9583] EXT4-fs (loop3): Test dummy encryption mode enabled [ 218.206653][ T9583] EXT4-fs (loop3): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 218.231236][ T29] audit: type=1800 audit(1727800603.530:77): pid=9543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1448" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 218.261907][ T9583] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.335370][ T8176] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 218.395761][ T9583] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 218.519278][ T9595] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1464'. [ 218.527728][ T9189] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.529923][ T5228] jfs_flush_journal: synclist not empty [ 218.586812][ T5228] metapage: ffff88801eb04ba0: 00001000 00000000 00003a48 00000000 [ 218.644027][ T5228] metapage: ffff88801eb04bb0: 6252fa28 ffff8880 6252fa28 ffff8880 [ 218.689367][ T5228] metapage: ffff88801eb04bc0: 00000004 00000000 00000000 00000000 [ 218.738706][ T5228] metapage: ffff88801eb04bd0: 67851000 ffff8880 0000001c 00000000 [ 218.738734][ T5228] metapage: ffff88801eb04be0: 00000000 dead4ead ffffffff 00000000 [ 218.738755][ T5228] metapage: ffff88801eb04bf0: ffffffff ffffffff 9a524ec0 ffffffff [ 218.738774][ T5228] metapage: ffff88801eb04c00: 93cc3c88 ffffffff 00000000 00000000 [ 218.738802][ T5228] metapage: ffff88801eb04c10: 8c436ac0 ffffffff 00000200 00000000 [ 218.738822][ T5228] metapage: ffff88801eb04c20: 1eb04c20 ffff8880 1eb04c20 ffff8880 [ 218.738839][ T5228] metapage: ffff88801eb04c30: 019e1440 ffffea00 290d8000 ffff8880 [ 218.738858][ T5228] metapage: ffff88801eb04c40: 00001000 00003b94 00000000 00000000 [ 218.738874][ T5228] metapage: ffff88801eb04c50: 6252f800 ffff8880 [ 218.738892][ T5228] page: ffffea00019e1440: 00fff4800000422c ffffea00019e1408 [ 218.738908][ T5228] page: ffffea00019e1450: ffff88807d268240 0000000000000000 [ 218.738926][ T5228] page: ffffea00019e1460: 000000000000001c ffff88801eb04ba0 [ 218.738943][ T5228] page: ffffea00019e1470: 00000001ffffffff ffff88807cca6000 [ 218.744593][ T5228] read_mapping_page failed! [ 218.744612][ T5228] diWriteSpecial: failed to read aggregate inode extent! [ 218.745323][ T5228] read_mapping_page failed! [ 218.745336][ T5228] diWriteSpecial: failed to read aggregate inode extent! [ 219.275242][ T9613] input: syz0 as /devices/virtual/input/input17 [ 219.297552][ T9613] input: failed to attach handler leds to device input17, error: -6 [ 219.898857][ T9601] loop0: detected capacity change from 0 to 40427 [ 219.916643][ T9601] F2FS-fs (loop0): build fault injection attr: rate: 691, type: 0x1fffff [ 219.941939][ T9601] F2FS-fs (loop0): Image doesn't support compression [ 219.956811][ T9601] F2FS-fs (loop0): heap/no_heap options were deprecated [ 219.964155][ T9601] F2FS-fs (loop0): Image doesn't support compression [ 219.980982][ T9601] F2FS-fs (loop0): invalid crc value [ 220.037001][ T9601] F2FS-fs (loop0): Found nat_bits in checkpoint [ 220.141659][ T9601] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 220.196873][ T8] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 220.244114][ T9601] syz.0.1462: attempt to access beyond end of device [ 220.244114][ T9601] loop0: rw=0, sector=77848, nr_sectors = 8 limit=40427 [ 220.295523][ T9601] syz.0.1462: attempt to access beyond end of device [ 220.295523][ T9601] loop0: rw=0, sector=77848, nr_sectors = 8 limit=40427 [ 220.324422][ T9601] syz.0.1462: attempt to access beyond end of device [ 220.324422][ T9601] loop0: rw=0, sector=77848, nr_sectors = 8 limit=40427 [ 220.357373][ T9601] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of f2fs_submit_page_read+0x121/0x190 [ 220.401330][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 220.431697][ T8] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 220.455966][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.488840][ T8] usb 4-1: config 0 descriptor?? [ 220.525770][ T8176] syz-executor: attempt to access beyond end of device [ 220.525770][ T8176] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 220.563924][ T8176] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 220.716350][ T9668] MTD: Couldn't look up './file0': -15 [ 220.756947][ T870] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 220.929068][ T8] lenovo 0003:17EF:6047.0012: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.3-1/input0 [ 220.948424][ T870] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 220.963707][ T870] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 220.986642][ T870] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 221.012315][ T870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.035739][ T870] usb 2-1: config 0 descriptor?? [ 221.289067][ T870] usb 2-1: USB disconnect, device number 18 [ 221.525790][ T8] lenovo 0003:17EF:6047.0012: Fn-lock setting failed: -71 [ 221.538321][ T8] lenovo 0003:17EF:6047.0012: Sensitivity setting failed: -71 [ 221.566815][ T8] usb 4-1: USB disconnect, device number 14 [ 221.824337][ T9689] loop0: detected capacity change from 0 to 32768 [ 221.833455][ T9689] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1505 (9689) [ 221.850542][ T9689] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 221.861364][ T9689] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 221.870851][ T9689] BTRFS info (device loop0): disk space caching is enabled [ 221.879043][ T9689] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 221.971441][ T9689] BTRFS info (device loop0): rebuilding free space tree [ 222.001564][ T9689] BTRFS info (device loop0): disabling free space tree [ 222.009085][ T9689] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 222.019700][ T9689] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 222.214746][ T8176] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 222.233311][ T9712] loop3: detected capacity change from 0 to 256 [ 222.343362][ T9693] loop1: detected capacity change from 0 to 32768 [ 222.380400][ T9693] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1507 (9693) [ 222.440182][ T9693] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 222.465883][ T9693] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 222.516895][ T9693] BTRFS info (device loop1): using free-space-tree [ 222.685021][ T9734] netlink: 'syz.3.1513': attribute type 13 has an invalid length. [ 222.697127][ T9734] netlink: 24859 bytes leftover after parsing attributes in process `syz.3.1513'. [ 222.699036][ T9693] BTRFS info (device loop1): rebuilding free space tree [ 222.816890][ T51] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 222.908731][ T8635] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 222.978080][ T51] usb 1-1: Using ep0 maxpacket: 8 [ 223.026222][ T51] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 223.056925][ T51] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 223.077855][ T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.098170][ T51] usb 1-1: config 0 descriptor?? [ 223.319052][ T5285] usb 1-1: USB disconnect, device number 12 [ 223.805729][ T9746] loop1: detected capacity change from 0 to 32768 [ 223.853989][ T9746] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 223.948538][ T9746] XFS (loop1): Ending clean mount [ 224.385254][ T9764] loop0: detected capacity change from 0 to 32768 [ 224.478553][ T9764] ERROR: (device loop0): dbFindCtl: Corrupt dmapctl page [ 224.478553][ T9764] [ 224.485521][ T9767] loop3: detected capacity change from 0 to 256 [ 224.509808][ T8635] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 224.529981][ T9764] ERROR: (device loop0): remounting filesystem as read-only [ 224.560327][ T9768] ERROR: (device loop0): dbFindCtl: Corrupt dmapctl page [ 224.560327][ T9768] [ 224.714854][ T9776] ptrace attach of "./syz-executor exec"[9189] was attempted by "./syz-executor exec"[9776] [ 224.779121][ T29] audit: type=1326 audit(1862018338.084:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9779 comm="syz.3.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0802d7dff9 code=0x7ffc0000 [ 224.821818][ T29] audit: type=1326 audit(1862018338.104:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9779 comm="syz.3.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0802d7dff9 code=0x7ffc0000 [ 224.846935][ T29] audit: type=1326 audit(1862018338.104:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9779 comm="syz.3.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7f0802d7dff9 code=0x7ffc0000 [ 224.869319][ T29] audit: type=1326 audit(1862018338.104:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9779 comm="syz.3.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0802d7dff9 code=0x7ffc0000 [ 224.887770][ T9785] binder: 9784:9785 ioctl c0306201 200001c0 returned -14 [ 224.918670][ T29] audit: type=1326 audit(1862018338.104:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9779 comm="syz.3.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0802d7dff9 code=0x7ffc0000 [ 225.158667][ T9801] loop3: detected capacity change from 0 to 512 [ 225.172073][ T9801] EXT4-fs: Mount option(s) incompatible with ext2 [ 225.193810][ T9803] netlink: 'syz.2.1542': attribute type 7 has an invalid length. [ 225.205786][ T9803] netlink: 'syz.2.1542': attribute type 6 has an invalid length. [ 225.368576][ T9811] loop3: detected capacity change from 0 to 1024 [ 225.846929][ T25] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 226.088690][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 226.100294][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.110623][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 226.146865][ T25] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 226.155951][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.187697][ T25] usb 4-1: config 0 descriptor?? [ 226.512947][ T9823] loop1: detected capacity change from 0 to 40427 [ 226.539981][ T9823] F2FS-fs (loop1): Found nat_bits in checkpoint [ 226.602812][ T25] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 226.612723][ T9823] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 226.623271][ T25] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 226.710742][ T8635] syz-executor: attempt to access beyond end of device [ 226.710742][ T8635] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 226.725805][ T8635] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 226.882131][ T870] usb 4-1: USB disconnect, device number 15 [ 227.307420][ T9847] loop1: detected capacity change from 0 to 128 [ 227.337844][ T9847] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 227.385535][ T9847] ext4 filesystem being mounted at /80/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 227.493024][ T8635] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 228.560639][ T9860] loop1: detected capacity change from 0 to 40427 [ 228.594667][ T9860] F2FS-fs (loop1): invalid crc value [ 228.636798][ T9860] F2FS-fs (loop1): Found nat_bits in checkpoint [ 228.722907][ T9860] F2FS-fs (loop1): Start checkpoint disabled! [ 228.747647][ T9860] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 228.778846][ T9860] syz.1.1566: attempt to access beyond end of device [ 228.778846][ T9860] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 228.799860][ T9860] F2FS-fs (loop1): Remounting filesystem read-only [ 228.807775][ T9860] syz.1.1566: attempt to access beyond end of device [ 228.807775][ T9860] loop1: rw=2049, sector=53264, nr_sectors = 8 limit=40427 [ 228.843055][ T9860] F2FS-fs (loop1): Remounting filesystem read-only [ 229.113453][ T9894] GUP no longer grows the stack in syz.4.1581 (9894): 20004000-20005000 (20001000) [ 229.127135][ T9894] CPU: 0 UID: 0 PID: 9894 Comm: syz.4.1581 Not tainted 6.12.0-rc1-next-20241001-syzkaller #0 [ 229.137347][ T9894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 229.147427][ T9894] Call Trace: [ 229.150707][ T9894] [ 229.153635][ T9894] dump_stack_lvl+0x241/0x360 [ 229.158323][ T9894] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.163609][ T9894] ? __pfx__printk+0x10/0x10 [ 229.168204][ T9894] ? find_vma+0xf9/0x170 [ 229.172584][ T9894] __get_user_pages+0x4260/0x48d0 [ 229.177617][ T9894] ? __pfx_lock_acquire+0x10/0x10 [ 229.182668][ T9894] ? __pfx___get_user_pages+0x10/0x10 [ 229.188040][ T9894] ? __gup_longterm_locked+0xd11/0x17d0 [ 229.193591][ T9894] ? __pfx_lock_release+0x10/0x10 [ 229.198629][ T9894] ? __pfx_down_read_killable+0x10/0x10 [ 229.204192][ T9894] __gup_longterm_locked+0xed7/0x17d0 [ 229.209578][ T9894] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 229.216094][ T9894] ? gup_fast_fallback+0x2223/0x2b60 [ 229.221385][ T9894] gup_fast_fallback+0x2748/0x2b60 [ 229.226519][ T9894] ? __pfx_gup_fast_fallback+0x10/0x10 [ 229.232046][ T9894] ? __lock_acquire+0x1384/0x2050 [ 229.237086][ T9894] ? is_valid_gup_args+0x124/0x200 [ 229.242196][ T9894] get_user_pages_fast+0xcc/0x160 [ 229.247220][ T9894] ? __pfx_get_user_pages_fast+0x10/0x10 [ 229.252850][ T9894] ? rcu_is_watching+0x15/0xb0 [ 229.257633][ T9894] __iov_iter_get_pages_alloc+0x3b4/0x8e0 [ 229.263387][ T9894] iov_iter_get_pages2+0xcf/0x130 [ 229.268429][ T9894] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 229.274070][ T9894] __se_sys_vmsplice+0x76c/0x1470 [ 229.279104][ T9894] ? __lock_acquire+0x1384/0x2050 [ 229.284168][ T9894] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 229.289627][ T9894] ? __pfx_futex_wait+0x10/0x10 [ 229.294515][ T9894] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 229.300513][ T9894] ? do_syscall_64+0x100/0x230 [ 229.305365][ T9894] ? do_syscall_64+0xb6/0x230 [ 229.310126][ T9894] do_syscall_64+0xf3/0x230 [ 229.314626][ T9894] ? clear_bhb_loop+0x35/0x90 [ 229.319303][ T9894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.325209][ T9894] RIP: 0033:0x7f0191d7dff9 [ 229.329621][ T9894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.349232][ T9894] RSP: 002b:00007f0192aa3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 229.357651][ T9894] RAX: ffffffffffffffda RBX: 00007f0191f35f80 RCX: 00007f0191d7dff9 [ 229.365619][ T9894] RDX: 0000000000000002 RSI: 0000000020000300 RDI: 0000000000000004 [ 229.373614][ T9894] RBP: 00007f0191df0296 R08: 0000000000000000 R09: 0000000000000000 [ 229.381686][ T9894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.389657][ T9894] R13: 0000000000000000 R14: 00007f0191f35f80 R15: 00007fff88281278 [ 229.397643][ T9894] [ 230.322933][ T9929] loop1: detected capacity change from 0 to 4096 [ 230.331098][ T9929] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 230.471979][ T9929] ntfs3: loop1: mft corrupted [ 230.564873][ T9923] loop3: detected capacity change from 0 to 32768 [ 230.632748][ T9923] XFS (loop3): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 230.704465][ T9923] XFS (loop3): Ending clean mount [ 230.787343][ T9189] XFS (loop3): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 230.826950][ T9949] loop1: detected capacity change from 0 to 512 [ 230.834499][ T9949] EXT4-fs: Ignoring removed i_version option [ 230.843304][ T9949] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002] [ 230.851721][ T9949] System zones: 1-12 [ 230.859580][ T9949] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1603: bg 0: block 131: padding at end of block bitmap is not set [ 230.874837][ T9949] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 230.885095][ T9949] EXT4-fs (loop1): 1 truncate cleaned up [ 230.891946][ T9949] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 230.940998][ T8635] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.245171][ T9953] loop1: detected capacity change from 0 to 40427 [ 231.252634][ T9953] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 231.259451][ T9953] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 231.274012][ T9953] F2FS-fs (loop1): Found nat_bits in checkpoint [ 231.306122][ T9953] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 231.313435][ T9953] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 231.354785][ T8635] syz-executor: attempt to access beyond end of device [ 231.354785][ T8635] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 231.369283][ T8635] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 231.376441][ T8635] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 231.590191][ T9957] loop1: detected capacity change from 0 to 16 [ 231.600130][ T9957] erofs: (device loop1): mounted with root inode @ nid 36. [ 231.611658][ T9957] erofs: (device loop1): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 231.622472][ T9957] syz.1.1605: attempt to access beyond end of device [ 231.622472][ T9957] loop1: rw=0, sector=296, nr_sectors = 8 limit=16 [ 231.635900][ T9957] erofs: (device loop1): z_erofs_read_folio: read error -5 @ 0 of nid 36 [ 231.644813][ T9957] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 231.660409][ T9957] syz.1.1605: attempt to access beyond end of device [ 231.660409][ T9957] loop1: rw=524288, sector=296, nr_sectors = 16 limit=16 [ 231.674297][ T9957] syz.1.1605: attempt to access beyond end of device [ 231.674297][ T9957] loop1: rw=524288, sector=1049264, nr_sectors = 8 limit=16 [ 232.122930][ T9959] loop1: detected capacity change from 0 to 40427 [ 232.136888][ T9959] F2FS-fs (loop1): Found nat_bits in checkpoint [ 232.173343][ T9959] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 232.214197][ T9959] syz.1.1606: attempt to access beyond end of device [ 232.214197][ T9959] loop1: rw=2049, sector=78672, nr_sectors = 848 limit=40427 [ 232.275627][ T8635] syz-executor: attempt to access beyond end of device [ 232.275627][ T8635] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 232.299249][ T8635] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 232.482481][ T9972] loop3: detected capacity change from 0 to 16 [ 232.490181][ T9972] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 232.948295][ T9988] loop1: detected capacity change from 0 to 4096 [ 232.973995][ T9988] NILFS (loop1): invalid segment: Checksum error in segment payload [ 232.990972][ T9988] NILFS (loop1): trying rollback from an earlier position [ 233.014717][ T9988] NILFS (loop1): recovery complete [ 233.026578][ T9991] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 233.113167][ T9993] Process accounting resumed [ 233.585452][T10011] loop3: detected capacity change from 0 to 4096 [ 233.604889][T10011] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 234.011714][ T5249] Bluetooth: Wrong link type (-71) [ 234.067601][T10035] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1635'. [ 234.081731][T10035] vlan2: entered promiscuous mode [ 234.305483][T10043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1640'. [ 234.458779][T10045] netlink: 'syz.4.1639': attribute type 1 has an invalid length. [ 234.470662][T10045] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1639'. [ 234.602573][T10030] loop1: detected capacity change from 0 to 40427 [ 234.621714][T10030] F2FS-fs (loop1): invalid crc value [ 234.632387][T10030] F2FS-fs (loop1): Found nat_bits in checkpoint [ 234.640505][T10053] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 234.696924][ T51] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 234.717565][T10030] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 234.874031][ T51] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 234.906996][ T51] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 234.931301][ T51] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 234.941530][ T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 234.951055][ T51] usb 4-1: SerialNumber: syz [ 235.143946][ T5236] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 235.157854][ T5236] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 235.167539][ T51] usb 4-1: 0:2 : does not exist [ 235.172708][ T5236] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 235.185418][ T5236] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 235.195050][ T5236] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 235.203712][ T5236] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 235.203870][ T51] usb 4-1: USB disconnect, device number 16 [ 235.469707][T10066] chnl_net:caif_netlink_parms(): no params data found [ 235.573520][T10066] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.581194][T10066] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.591381][T10066] bridge_slave_0: entered allmulticast mode [ 235.605678][T10066] bridge_slave_0: entered promiscuous mode [ 235.615294][T10066] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.623024][T10066] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.630451][T10066] bridge_slave_1: entered allmulticast mode [ 235.637986][T10066] bridge_slave_1: entered promiscuous mode [ 235.668382][T10066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.694981][T10066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.707823][T10073] loop1: detected capacity change from 0 to 32768 [ 235.730990][T10073] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1652 (10073) [ 235.755749][T10073] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 235.780244][T10073] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 235.789431][T10066] team0: Port device team_slave_0 added [ 235.795270][T10073] BTRFS info (device loop1): using free-space-tree [ 235.807110][T10081] loop3: detected capacity change from 0 to 128 [ 235.824868][T10066] team0: Port device team_slave_1 added [ 235.838552][T10081] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 235.884745][T10081] sysv_count_free_blocks: free block count was -2041545935, correcting to 3 [ 235.923757][T10066] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.952876][T10066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.008863][T10066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.023696][T10066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.031432][T10066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.049712][T10081] sysv_count_free_inodes: unable to read inode table [ 236.059045][T10066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.107685][T10101] sysv_count_free_inodes: unable to read inode table [ 236.115586][T10081] sysv_count_free_inodes: unable to read inode table [ 236.178256][T10066] hsr_slave_0: entered promiscuous mode [ 236.189998][T10066] hsr_slave_1: entered promiscuous mode [ 236.231111][T10066] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 236.244942][T10066] Cannot create hsr debugfs directory [ 236.246229][ T8635] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 236.314125][ T9189] sysv_free_block: trying to free block not in datazone [ 236.375723][ T9189] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 236.661338][T10066] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.939723][T10118] loop3: detected capacity change from 0 to 4096 [ 236.945564][T10066] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.967580][T10118] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 237.108349][T10066] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.274614][T10066] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.288424][ T5236] Bluetooth: hci6: command tx timeout [ 237.437644][ T51] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 237.507982][T10138] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 237.581571][T10066] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 237.602207][T10066] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 237.628597][ T51] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 237.641390][ T51] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 237.653698][T10066] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 237.669047][T10066] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 237.682599][ T51] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 237.706449][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 237.733878][ T51] usb 2-1: SerialNumber: syz [ 237.878604][T10066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.921759][T10066] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.959442][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.966629][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.991700][ T51] usb 2-1: 0:2 : does not exist [ 238.001516][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.006582][ T51] usb 2-1: 5:0: cannot get min/max values for control 5 (id 5) [ 238.008707][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.021643][ T51] usb 2-1: 5:0: cannot get min/max values for control 6 (id 5) [ 238.060943][ T51] usb 2-1: unit 255 not found! [ 238.091913][ T51] usb 2-1: USB disconnect, device number 19 [ 238.286511][T10145] loop3: detected capacity change from 0 to 256 [ 238.334608][T10066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.395119][ T29] audit: type=1326 audit(1862018351.684:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10155 comm="syz.2.1678" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcbb17dff9 code=0x0 [ 238.452532][T10066] veth0_vlan: entered promiscuous mode [ 238.481835][T10066] veth1_vlan: entered promiscuous mode [ 238.552097][T10066] veth0_macvtap: entered promiscuous mode [ 238.566418][T10066] veth1_macvtap: entered promiscuous mode [ 238.618219][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.635249][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.646132][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.658266][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.668293][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.715287][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.725770][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.743324][T10170] loop1: detected capacity change from 0 to 2048 [ 238.771922][T10170] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 238.792026][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.805572][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.823624][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.851567][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.874715][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.893143][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.932554][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.959928][T10066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.995414][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.019577][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.042704][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.055865][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.068452][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.079376][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.089732][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.104715][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.116924][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.131283][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.141364][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.152077][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.164820][T10066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.175457][T10066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.189221][T10066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.197348][T10180] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1688'. [ 239.237583][T10066] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.266884][T10066] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.286014][T10066] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.314879][T10066] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.327937][T10189] loop1: detected capacity change from 0 to 128 [ 239.331370][T10185] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1690'. [ 239.344058][T10189] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 239.370235][ T5236] Bluetooth: hci6: command tx timeout [ 239.576918][ T193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.584802][ T193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.674255][ T193] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.701930][ T193] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.801922][T10211] loop1: detected capacity change from 0 to 32768 [ 240.830102][T10211] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1701 (10211) [ 240.921251][T10211] BTRFS info (device loop1): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 240.952214][T10211] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 240.987429][T10211] BTRFS info (device loop1): using free-space-tree [ 241.470965][ T5236] Bluetooth: hci6: command tx timeout [ 241.537457][ T8635] BTRFS info (device loop1): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 241.836443][T10234] loop3: detected capacity change from 0 to 32768 [ 241.844222][T10263] syz.1.1714[10263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 241.844325][T10263] syz.1.1714[10263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 241.850884][T10234] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1710 (10234) [ 241.886914][T10263] syz.1.1714[10263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 241.957104][T10234] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 242.060495][T10234] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 242.087041][T10234] BTRFS info (device loop3): using free-space-tree [ 242.365596][T10298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1724'. [ 242.512729][ T9189] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 242.788159][T10318] input input18: cannot allocate more than FF_MAX_EFFECTS effects [ 243.537196][ T5236] Bluetooth: hci6: command tx timeout [ 243.902852][T10352] sctp: [Deprecated]: syz.0.1749 (pid 10352) Use of struct sctp_assoc_value in delayed_ack socket option. [ 243.902852][T10352] Use struct sctp_sack_info instead [ 243.912145][T10327] loop3: detected capacity change from 0 to 32768 [ 243.929720][T10327] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1729 (10327) [ 243.963500][T10327] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 243.976876][T10327] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 243.985583][T10327] BTRFS info (device loop3): using free-space-tree [ 244.160676][T10373] Invalid ELF header len 1 [ 244.529549][ T9189] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 244.888885][T10404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1765'. [ 245.067576][ T5331] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 245.233602][ T5331] usb 4-1: Using ep0 maxpacket: 32 [ 245.250225][ T5331] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 245.274572][ T5331] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 245.287013][ T5331] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.305460][ T5331] usb 4-1: Product: syz [ 245.315628][ T5331] usb 4-1: Manufacturer: syz [ 245.336014][ T5331] usb 4-1: SerialNumber: syz [ 245.353479][ T5331] usb 4-1: config 0 descriptor?? [ 245.387599][T10406] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 245.398631][ T5331] hub 4-1:0.0: bad descriptor, ignoring hub [ 245.404595][ T5331] hub 4-1:0.0: probe with driver hub failed with error -5 [ 245.438401][ T5331] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input19 [ 245.632519][ T51] usb 4-1: USB disconnect, device number 17 [ 245.638552][ C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 246.204814][T10430] tls_set_device_offload: netdev not found [ 246.529614][T10449] loop3: detected capacity change from 0 to 512 [ 246.550303][T10449] EXT4-fs: Ignoring removed mblk_io_submit option [ 246.572034][T10449] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 246.637026][T10449] EXT4-fs (loop3): 1 truncate cleaned up [ 246.643594][T10449] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 247.121540][ T9189] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.187478][T10471] : renamed from ipvlan1 [ 247.231008][T10447] loop1: detected capacity change from 0 to 32768 [ 247.279371][T10478] loop3: detected capacity change from 0 to 256 [ 247.332624][T10447] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 247.518843][T10447] XFS (loop1): Ending clean mount [ 247.540961][T10447] XFS (loop1): Quotacheck needed: Please wait. [ 247.599392][T10498] netlink: 'syz.2.1800': attribute type 1 has an invalid length. [ 247.681998][T10447] XFS (loop1): Quotacheck: Done. [ 247.800668][T10509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1803'. [ 247.853652][ T8635] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 248.395753][T10535] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 248.395753][T10535] The task syz.3.1815 (10535) triggered the difference, watch for misbehavior. [ 248.518504][T10543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1819'. [ 248.523904][T10544] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 248.551366][T10544] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 248.638788][T10548] loop3: detected capacity change from 0 to 2048 [ 248.647873][T10548] EXT4-fs: Ignoring removed mblk_io_submit option [ 248.676980][ T51] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 248.698344][T10548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.743765][T10547] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1822: bg 0: block 234: padding at end of block bitmap is not set [ 248.786306][T10547] EXT4-fs (loop3): Remounting filesystem read-only [ 248.793591][T10547] EXT4-fs (loop3): error restoring inline_data for inode -- potential data loss! (inode 18, error -5) [ 248.848178][ T9189] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.856178][ T51] usb 1-1: Using ep0 maxpacket: 16 [ 248.896771][ T51] usb 1-1: config 0 has an invalid interface number: 107 but max is 0 [ 248.905131][ T51] usb 1-1: config 0 has no interface number 0 [ 248.925392][ T51] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 187, changing to 11 [ 248.948742][ T51] usb 1-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 248.959320][ T51] usb 1-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 248.971802][T10555] loop3: detected capacity change from 0 to 2048 [ 248.979208][ T51] usb 1-1: Product: syz [ 248.983404][ T51] usb 1-1: Manufacturer: syz [ 248.991841][T10555] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 248.996940][ T51] usb 1-1: SerialNumber: syz [ 249.009437][T10555] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 249.037732][ T51] usb 1-1: config 0 descriptor?? [ 249.059021][ T51] keyspan 1-1:0.107: Keyspan 4 port adapter converter detected [ 249.069007][ T51] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 81 [ 249.078529][ T51] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 1 [ 249.087914][ T51] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 249.099040][ T51] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 2 [ 249.111246][ T51] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 249.124503][ T51] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 4 [ 249.147756][ T51] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 249.175033][ T51] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 6 [ 249.194468][ T51] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 249.284049][ T51] usb 1-1: USB disconnect, device number 13 [ 249.304193][ T51] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 249.327455][ T51] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 249.357366][ T51] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 249.384968][ T51] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 249.396443][ T51] keyspan 1-1:0.107: device disconnected [ 250.127954][T10563] loop3: detected capacity change from 0 to 32768 [ 250.143434][T10563] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1828 (10563) [ 250.197143][T10563] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 250.226850][T10563] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 250.256567][T10563] BTRFS info (device loop3): using free-space-tree [ 250.617301][ T9189] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 250.874767][T10620] bridge0: entered allmulticast mode [ 250.924985][T10621] loop1: detected capacity change from 0 to 1024 [ 250.935374][T10620] pimreg: entered allmulticast mode [ 250.974034][T10620] pimreg: left allmulticast mode [ 250.983498][T10620] bridge0: left allmulticast mode [ 251.148943][T10621] hfsplus: xattr searching failed [ 251.166773][ T29] audit: type=1800 audit(1862018364.454:84): pid=10621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1845" name="bus" dev="loop1" ino=4 res=0 errno=0 [ 251.225873][ T193] hfsplus: b-tree write err: -5, ino 3 [ 251.463107][T10640] loop1: detected capacity change from 0 to 64 [ 256.017333][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.023874][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.560168][ T5331] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c7: 0000 [#1] PREEMPT SMP KASAN PTI [ 257.572786][ T5331] KASAN: null-ptr-deref in range [0x0000000000000638-0x000000000000063f] [ 257.581191][ T5331] CPU: 1 UID: 0 PID: 5331 Comm: kworker/1:7 Not tainted 6.12.0-rc1-next-20241001-syzkaller #0 [ 257.591417][ T5331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 257.601463][ T5331] Workqueue: events_long flush_mdb [ 257.606605][ T5331] RIP: 0010:hfs_mdb_commit+0x37/0xfd0 [ 257.611976][ T5331] Code: 53 48 83 ec 48 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 8c 0f 0a ff 48 89 5c 24 08 4c 8d a3 38 06 00 00 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 fa f2 73 ff 4d 8b 34 24 49 8d 6e [ 257.631574][ T5331] RSP: 0018:ffffc900041ffb40 EFLAGS: 00010202 [ 257.637633][ T5331] RAX: ffffffff828ac694 RBX: 00000000000000c7 RCX: ffff888025e8bc00 [ 257.645593][ T5331] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000 [ 257.653553][ T5331] RBP: ffffc900041ffdc0 R08: ffff88805544d1eb R09: 1ffff1100aa89a3d [ 257.661513][ T5331] R10: dffffc0000000000 R11: ffffed100aa89a3e R12: 0000000000000638 [ 257.669559][ T5331] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000001800000 [ 257.677520][ T5331] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 257.686525][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 257.693095][ T5331] CR2: 0000001b2f81bff8 CR3: 000000007648c000 CR4: 00000000003526f0 [ 257.701058][ T5331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 257.709027][ T5331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 257.716989][ T5331] Call Trace: [ 257.720251][ T5331] [ 257.723176][ T5331] ? __die_body+0x5f/0xb0 [ 257.727496][ T5331] ? die_addr+0xb0/0xe0 [ 257.731647][ T5331] ? exc_general_protection+0x3dd/0x5d0 [ 257.737190][ T5331] ? asm_exc_general_protection+0x26/0x30 [ 257.742905][ T5331] ? hfs_mdb_commit+0x24/0xfd0 [ 257.747665][ T5331] ? hfs_mdb_commit+0x37/0xfd0 [ 257.752420][ T5331] ? process_scheduled_works+0x976/0x1850 [ 257.758131][ T5331] ? _raw_spin_unlock+0x28/0x50 [ 257.762973][ T5331] ? process_scheduled_works+0x976/0x1850 [ 257.768685][ T5331] process_scheduled_works+0xa63/0x1850 [ 257.774232][ T5331] ? __pfx_process_scheduled_works+0x10/0x10 [ 257.780295][ T5331] ? assign_work+0x364/0x3d0 [ 257.784880][ T5331] worker_thread+0x870/0xd30 [ 257.789463][ T5331] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 257.795353][ T5331] ? __kthread_parkme+0x169/0x1d0 [ 257.800384][ T5331] ? __pfx_worker_thread+0x10/0x10 [ 257.805489][ T5331] kthread+0x2f0/0x390 [ 257.809549][ T5331] ? __pfx_worker_thread+0x10/0x10 [ 257.814650][ T5331] ? __pfx_kthread+0x10/0x10 [ 257.819226][ T5331] ret_from_fork+0x4b/0x80 [ 257.823637][ T5331] ? __pfx_kthread+0x10/0x10 [ 257.828217][ T5331] ret_from_fork_asm+0x1a/0x30 [ 257.833062][ T5331] [ 257.836069][ T5331] Modules linked in: [ 257.840670][ T5331] ---[ end trace 0000000000000000 ]--- [ 257.846160][ T5331] RIP: 0010:hfs_mdb_commit+0x37/0xfd0 [ 257.852409][ T5331] Code: 53 48 83 ec 48 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 8c 0f 0a ff 48 89 5c 24 08 4c 8d a3 38 06 00 00 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 fa f2 73 ff 4d 8b 34 24 49 8d 6e [ 257.872537][ T5331] RSP: 0018:ffffc900041ffb40 EFLAGS: 00010202 [ 257.878948][ T5331] RAX: ffffffff828ac694 RBX: 00000000000000c7 RCX: ffff888025e8bc00 [ 257.886975][ T5331] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000 [ 257.894955][ T5331] RBP: ffffc900041ffdc0 R08: ffff88805544d1eb R09: 1ffff1100aa89a3d [ 257.902980][ T5331] R10: dffffc0000000000 R11: ffffed100aa89a3e R12: 0000000000000638 [ 257.910999][ T5331] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000001800000 [ 257.919104][ T5331] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 257.929089][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 257.935773][ T5331] CR2: 0000001b2f81bff8 CR3: 000000007648c000 CR4: 00000000003526f0 [ 257.944069][ T5331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 257.952100][ T5331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 257.960135][ T5331] Kernel panic - not syncing: Fatal exception [ 257.966553][ T5331] Kernel Offset: disabled [ 257.970902][ T5331] Rebooting in 86400 seconds..