last executing test programs:

13.435508566s ago: executing program 3:
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c00a3a2a4e7417e941910c27d130b55ac2d5f7a61e59ec6d5de07239091924c32eeb367d16409d6d3ec1fb755f9a7989ebc4e96918e268f0b7acebf67c07bc4731250f87d27b5e9e61000e70f0c6a4e2432073d0d3e18f864e9ef64637d14e5485f36e53c821cb5898685c055a367ea51b653eff6581710f6c3824bc667bd24219163c60803099f985567be0d978e301b4f6603628606afadb04eee58f42f1853f2e8598a5e250e0f4c9a"], 0x1, 0x14fe, &(0x7f0000002ac0)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZBz0mRLkiSnnML6rqndtve//b/s/e39//y/Pffvutb1rvtaz72etd6beZ/nuebwQ9fhtZrUrt6IiMS/BH57SRFCxAghBgkh8gkhAiFE+fjy8dnjeRSk/GsnYf9ej6Zd6xWwa4nrn7Nx/XM2rn/OxvXP2bj+ORvXP2fj+udsXH/GcrKtMwvfwC3ntn/9+X/Mby/8/P//Q/z5n7Nx/f/TnM7zzxzN9f9Pctl7/89lcP1zNq5/zsb1z9m4/jkb1z9n4/ozlpNd6+fP3K5tu9b//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qzn/BVaCPF7/1qvizHGGGOMMcYYY/8+Pve1XgFjjDHGGGOMMcb+54GQQgktApFL5BYxIo+IFdeJOHG9yCvyiYi4QcSLG0V+cZMoIAqKQqKwSBBFRFFhBAorSISimCguouJmUULcIhJFSVFKlBZOlBFJ4lZRVtwmyonbRXlxh6gg7hQVRSVRWVQRd4mq4m5RTdwjqot7RQ1RU9QStcV9oo64X9QVD4h64kFRXzwkGoiHRUPxiGgkHhWNxWOiiXhcNBVPiGaiuWghWopW/1f5r4ie4lXRS/QWKaKP6CteE/1EfzFADBSDxOtisHhDDBFviqFimBgu3hIjxNtipHhHjBKjxRjxrhgrxonxYoKYKCaJVPGemCzeF1PEB2KqmCamixkiTcwUs8SHYraYI+aKj8Q88bGYLxaIhWKRSBefiMViicgQn4ql4jORKZaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Co+F9vEdrFD7BS7xG6xR3wh9oovxT7xlcgSX/+T+Wf/S343ECBAggQNGnJBLoiBGIiFWIiDOMgLeSECEYiHeMgP+aEAFIBCUAgSIAGKQlFAQCAgKAbFIApRKAElIBESoRSUAgcOkiAJysJtUA7KQXkoDxWgAlSESlAJqkAVqApVoRpUg+pQHWpADagFteA+uA/uh7pQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBptAUmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIRk6QkfoBJ2gM3SGLtAFukJX6AbdoTu8Aq/Aq/Aq9IYasg/0hb7QD/rBABgIA+F1GAxvwBvwJgyFYTAc3oK34G0YCWdgFIyGMTAGqspxMB4mAMlJkAqpMBkmwxSYAlNhGkyDGZAGM2EWzILZMAfmwEcwDz6Gj2EBLIBFkA7psBiWQAZkwFI4C5mwDJbDClgJq2AlrIG1sAbWwwZYD5tgE2yBLfA5fA7bYTvshJ2wG3bDF/AFfAlfwlDIgizYD/vhAByAg3AQDsEhOAyH4QgcgaNwFI7BMTgOJ+AknIDTcBrOwFk4B+fgAlyAi3ARLsPl7P/8MpuWWuaSuWSMjJGxMlbGyTiZV+aVERmR8TJe5pf5ZQFZQBaShWSCTJBFZVGJEiXJUBaTxWRURmUJWUImykRZSpaSTjqZJJNkWVlWlpPlZHl5h6wg75QVZSXZ1lWRVWRV2c5Vk/fI6rK6rCFrylqytqwt68g6sq6sK+vJerK+rC8byIdlQ9kHBsCjMrsyTeQwaCqHQzPZXLaQLeXb8KRsLUdCG9lWtpNPy9EwCjrI1i5ZPic7yvHQSb4gJ8CLsoucBF3ly7Kb7C57yFdkT9nG9ZK95VToI/vKGdBP9pcD5EA5G2rK7IrVkm/KoXKYHC7fkovgbTlSviNHydFyjHxXjpXj5Hg5QU6Uk2SqfE9Olu/LKfIDOVVOk9PlDJkmZ8pZ8kM5W86Rc+VHcp78WM6XC+RCuUimy0/kYrlEZshP5VL5mcyUy+RyuUKulKvkarlGrpXr5Hq5QW6Um+RmuUVulZ/LbXK73CF3yl1yt9wjv5B75Zdyn/xKZsmv5X75J3lAfiMPym/lIfmdPCy/l0fkD/Ko/FEekz/J4/KEPClPydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaByqdwqRuVRseo6FaeuV3lVPhVRN6h4daPKr25SBVRBVUgVVgmqiCqqjEJlFalQFVPFVVTdrEqoW1SiKqlKqdLKqTIqSd2qyqrbVDl1uyqv7lAV1J2qoqqkKqsq6i5VVd2tqql7VHV1r6qhaqpaqra6T9VR96u66gFVTz2o6quHVAP1sGqoHlGN1KOqsXpMNVGPq6bqCdVMNVctVEvVSj2pWqunVBvVVrVTT6v26hnVQT2rktVzqqN6XnVSL6jO6kXVRb2kuqqXVTfVXfVQl9Rl5VUv1VulqD6qr3pN9VP91QA1UA1Sr6vB6g01RL2phqpharh6S41Qb6uR6h01So1WY9S7aqwap8arCWqimqRS1XtqsnpfTVEfqKlqmpquZqg0NVMN+PNMc/+B/Pf/Tv6QX8++RW1Vn6ttarvaoXaqXWq32qP2qL1qr9qn9qkslaX2q/3qgDqgDqqD6pA6pA6rw+qIOqKOqqPqmDqmjqsT6rw6pU6rn9UZdVadVefVBXVBXfzzeyA0aKmV1jrQuXRuHaPz6Fh9nY7T1+u8Op+O6Bt0vL5R59c36QK6oC6kC+sEXUQX1Uajtpp0qIvp4jqqb9Yl9C06UZfUpXRp7XQZnaRv/Zfzr7a+VrqVbq1b6za6jW6n2+n2ur3uoDvoZJ2sO+qOupPupDvrzrqL7qK76q66m+6me+geuqfuqb0QIkWn6L76Nd1P99cD9EA9SL+uB+vBeogeoofqoXq4Hq5H6BF6pB6pR+lReoweo8fqsXq8Hq8n6ok6VafqyXqynqKn6Kl6qp6up+s0naZn6Vl6tp6t5+q5ep6ep+fr+XqhXqjTdbperBfrDJ2hl+qlOlMv08v0Cr1Cr9Kr9Bq9Rq/T6/QGvUFv0pt0pv79GzR36B16l96l9+g9eq/eq/fpfTpLZ+n9er8+oA/og/qgPqQP6cP6sD6ij+ij+qg+po/p4/q4PqlP6tP6tD6jz+hz+py+oC/oi/qivqwvZ1/2BTKQgQ50kCvIFcQEMUFsEBvEBXFB3iBvEAkiQXwQH+QPbgoKBAWDQkHhICEoEhQNTICBDSgIg2JB8SAa3ByUCG4JEoOSQamgdOCCMkFScGtQNrgtKBfcHpQP7ggqBHcGFYNKQeWgSnBXUDW4O6gW3BNUD+4NagQ1g1pB7eC+oE5wf1A3eCCoFzwY1A8eChoEDwcNg0eCRsGjQePgsaBJ8HjQNHgiaBY0D1oELYNW/9b5vT9T8CnXy/Q2KaaP6WteM/1MfzPADDSDzOtmsHnDDDFvmqFmmBlu3jIjzNtmpHnHjDKjzRjzrhlrxpnxZoKZaCaZVPOemWzeN1PMB2aqmWammxkmzcw0s8yHZraZY+aaj8w887GZbxaYhWaRSTefmMVmickwn5ql5jOTaZaZ5WaFWWlWmdVmjVlr1pn1ZoPZaDaZzWaL2Wo+N9vMdrPD7DS7zG6zx3xh9povzT7zlckyX5v95k/mgPnGHDTfmkPmO3PYfG+OmB/MUfOjOWZ+MsfNCXPSnDKnzc/mjDlrzpnz5oL5xVw0l8xl47Mv7rM/3lGjxlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBSzERIWw2IYxSiWwBKYiIlYCkuhQ4dJmIRlsSyWw3JYHstjBayAFbEiVsbs+5G78G68G+/Be/BevBdrYk2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsGm2BSbYTNsgS2wFbbC1tga22AbbIftsD22xw7YAZMxGTtiR+yEnbAzdsYu2AW7Ylfsht2wB/bAntgTe2EvTMEU7It9sR/2wwE4AAfhIByMg3EIDsGhOBSH43AcgSNwJI7EUTgax+C7OBbH4XicgBNxEqZiKk7GyTgFp+BUnIrTcTqmYRrOwlk4G2fjXJyL83Aezsf5uBAXYjqm42JcjBmYgUtxKWZiJi7H5bgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsNtuAN34C7chXtwD+7FvbgP92EWZuF+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8DifxJJ7G03gGz+A5PIcX8Be8iJfwMnqMsXlsrL3OxtnrbV6bz8bYPL2FEH+JC9nCNsEWsUWtsQVswb+J0VqbaEvaUra0dbaMTbK3/iGuaCvZyraKvctWtXfban+I69j7bV37gK1nH7S17X1/E9e3D9kG9nHb0D5hG9nmtrFtaZvYx21T+4RtZpvbFralbW+fsR3sszbZPmc72uf/EC+2S+xau86utxvsXvulPWfP2yP2B3vB/mJ72d52kH3dDrZv2CH2TTvUDvtDPMa+a8facXa8nWAn2kl/iKfbGTbNzrSz7Id2tp3zhzjdfmLn2Qw73y6wC+2iX+PsNWXYT+1S+5nNtMvscrvCrrSr7Gq75i9rXWE32c12i91jv7Db7Ha7w+60u+zuX+PsfeyzX9ks+7U9bL+3B+w39qA9ag/Z736Ns/d31P5oj9mf7HF7wp60p+xp+7M9Y8/+uv/svZ+yl+xl660gIEmKNAWUi3JTDOWhWLqO4uh6ykv5KEI3UDzdSPnpJipABakQFaYEKkJFyRCSJaKQilFxitLNVIJuoUQqSaWoNDkqQ0l0K5Wl26gc3U7l6Q6qQHdSRapElakK3UVV6W6qRvdQdbqXalBNqkW16T6qQ/dTXXqA6tGDVJ8eogb0MDWkR6gRPUqN6TFqQo9TU3qCmlFzakEtqRU9Sa3pKWpDbakdPU3t6RnqQM9SMj1HHel56kQvUGd6kbrQS9SVXqZu1J160CvUk16lXtSbUqgP9aXXqB/1pwE0kAbR6zSY3qAh9CYNpWE0nN6iEfQ2jaR3aBSNpjH0Lo2lcTSeJtBEmkSp9B5NpvdpCn1AU2kaTacZlEYzaRZ9SLNpDs2lj2gefUzzaQEtpEWUTp/QYlpCGfQpLaXPKJOW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6nbbSddtBO2kW7aQ99QXvpS9pHX1EWfU376U90gL6hg/QtHaLv6DB9T0foBzpKP9Ix+omO0wk6SafoNP1MZ+gsnaPzdIF+oYt0iS6TJxFCKEMV6jAIc4W5w5gwTxgbXhfGhdeHecN8YSS8IYwPbwzzhzeFBcKCYaGwcJgQFgmLhibE0IYUhmGxsHgYDW8OS4S3hIlhybBUWDp0YZkwKbw1LBveFpYLbw/Lh3eEFcI7w4phpbByWCW8K6wa3h1WC+8Jq4f3hjXCmmGtsHZ4X1gnvD+sGz4Q1gsfDMuFD4UNwofDhuEjYaPw0bBx+FjYJHw8bBo+ETYLm4ctwpZhq/DJsHX4VNgmbBu2C58O24fPhB3CZ8Pk8LmwY/j8VcdTwj5h3/C18LXQ+wfUwuiiaHr0k+ji6JJoRvTT6NLoZ9HM6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kbo5uiWqPe1cwsHTjrltAtcLpfbxbg8LtZd5+Lc9S6vy+ci7gYX7250+d1NroAr6Aq5wi7BFXFFnXHorCMXumKuuIu6m10Jd4tLdCVdKVfaOVfGJbmWrpVr5Vq7p1wb19a1c0+7p90z7hn3rHvWPec6uuddJ/eC6+xedF3cS+4l97Lr5rq7Hu4V19O96nq53i7Fpbi+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6iS3WpbrKb7Ka4KW6qm+qmu+kuzaW5WW6Wm+1mu7lurpvn5rn5br5b6Ba6dJfuFrvFLsNluKVuqct0mW65W+5WupVutVvt1rq1br1b7za6jW6z2+y2uq1um9vmdrgdbpfb5fa4PW6v2+v2uX0uy2W5/W6/O+AOuIPuW3fIfecOu+/dEfeDO+p+dMfcT+64O+FOulPutPvZnXFn3Tl33l1wv7iL7pK77LxLjbwXmRx5PzIl8kFkamRaZHpkRiQtMjMyK/JhZHZkTmRu5KPIvMjHkfmRBZGFkUWR9MgnkcWRJZGMyKeRpZHPIpmRZZHlkRWRlZFVEe+LbAt9MV/cR/3NvoS/xSf6kr6UL+2dL+OT/K2+rL/Nl/O3+/L+Dl/B3+kr+kq+sn/CN/PNfQvf0rfyT/rW/infxrf17fzTvr1/xnfwz/pk/5zv6J/3nfwLvrN/0XfxL/mu/mXfzXf3Pfwrvqd/1ffyvX2K7+P7+td8P9/fD/AD/SD/uh/s3/BD/Jt+qB/mh/u3/Aj/th/p3/Gj/Gg/xr/rx/pxfryf4Cf6ST7Vv+cn+/f9FP+Bn+qn+el+hk/zM/0s/6Gf7ef4uf4jP89/7Of7BX6hX+TT/Sd+sV/iM/ynfqn/zGf6ZX65X+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+s/9Nr/d7/A7/S6/2+/xX/i9/ku/z3/ls/zXfr//kz/gv/EH/bf+kP/OH/bf+yP+B3/U/+iP+Z/8cX/Cn/Sn/Gn/sz/jz/pz/ry/4H/xF/0lf5l/Zo0xxhhj7B+irjLe57/JkX/u9xVCXL+98KH/Or6xwG/9/rkT2keEEM/17vro761GjZSUlD8fm6lEUHyBECJyJT+XuBIvE+3EMyJZtBVl/zIe81fn6i+7X6CrzB+9Q4jYv8rJzv89vjL/bX93//3luHlXnX+BEInFr+TkEVfiK/OX+2/mL9j6KvPn+SZViDZ/lRMnrsRX5k8ST4nnRfLfHMkYY4wxxhhjjP2mv6zc+Wr3t9n35wn6Sk5ucSX+e/fnjDHGGGOMMcYY+9/lxe49nn0yObltZ+78T3V8vt/e6v8t6+EOd/6BzrX+ysQYY4wxxhj7d7ty0X+tV8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVc/y9+ndjv57ra3xpkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG/lP9nwAAAP//sjE7Eg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f00000000c0)=""/154, 0x9a)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x18032, 0xffffffffffffffff, 0x0)
getdents64(r0, &(0x7f0000000280)=""/158, 0x9e)

13.168598707s ago: executing program 3:
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x800090, &(0x7f0000000700)={[{@shortname_winnt}, {@uni_xlate}, {@uni_xlateno}, {@uni_xlateno}, {@uni_xlate}, {@shortname_mixed}, {@shortname_win95}, {@utf8no}, {@rodir}, {@shortname_mixed}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'cp857'}}, {@fat=@codepage={'codepage', 0x3d, '861'}}, {@shortname_lower}, {@shortname_lower}, {@utf8}, {@shortname_lower}, {@utf8}, {@shortname_lower}, {@uni_xlate}, {@uni_xlate}, {@shortname_win95}, {@rodir}, {@shortname_mixed}, {@shortname_winnt}, {@utf8no}, {@utf8no}, {@nonumtail}], [{@subj_user={'subj_user', 0x3d, '\\$*[)*:\'\\'}}]}, 0x6, 0x2d3, &(0x7f0000000a40)="$eJzs3b1rJGUYAPBnNrMfarFbWInggBZWx+Vamw1yB2Iqjy1OCw3eHUh2ES4Q8QPXq8TOxtK/QBD8Q2zsLAVbwc4IgZGZncl+ZNhsJBvx8vsVyZuZ55n3ed+ZJNPkyQcvTw4fZvH46Re/Ra+XRGvYjThJYhCtqH0VS4bfBgDwf3aS5/FnPtNw+tdv1uT2tlgXALA9F/z+r6TlxwdFxE/XVxsAsB33H7z79t7+/t13sqwX9yZfH4+SiCg+z87vPY6PYhyP4nb04zSifFFoR/m2UAzv5Xk+TbPCIF6bTI9HRebk/Z+r6+/9EVHm70Y/BuWhs7eNMv+t/bu72cxC/rSo4/lq/mGRfyf68eJZ8lL+nYb8GHXi9VcX6r8V/fjlw/g4xvGwLGKe/+Vulr2Zf/fX5+8V5RX5yfR41C3j5vKdevLpNd8jAAAAAAAAAAAAAAAAAAAAAACePbeq3jndKPv3FIeq/js7p8UX7chqg+X+PLP8pL7QvD9QtPI8n+bxfd1f53aWZXkVOM9P46W0aiwIAAAAAAAAAAAAAAAAAAAAN9zRp58dHozHj55cyaDuBpBGxN/3I/7tdYYLR16J9cHdas6D8bhVDZdj0sUjsVPHJBFryygWcUXbctHguXM1V4MffmzMKlZ0lEbTqd7Fk7ab57rk4JP2bB8bY+qn6/Agad7D7lnxveLGxeqN60Tz7O1YOdKp7+dqcP0obracTuOp/qW3pfNCOZiuiYlk3ffFG78vLSeJleBO2XGjMb1dDZp2Y/ZsbPQ8R2+Wfv5nRaJbBwAAAAAAAAAAAAAAAAAAbNX8r38bTj5dm9rKu1srCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACu1fz//28ySJeTN8jqxJOj/2ptAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3Bz/BAAA//8a6VGq")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

12.900362008s ago: executing program 3:
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed000e, &(0x7f00000000c0)={[{@jqfmt_vfsold}, {@data_err_abort}, {@debug}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x600}}, {@grpquota}]}, 0xfe, 0x46a, &(0x7f0000000dc0)="$eJzs3M9vFFUcAPDvTH/w21bEHyBIFY3EHy0tP+TgRaMJB01M9IDxVNuFVBZqaE2EEK0e8Ggw3o13/wDjSS9GPZl41bshIYYL6GnN7MyUpey2Xbplgf18klnem5nlve/MvJ0382YaQM8ayT6SiK0R8WdEDOXZm1cYyf+5fvXC1L9XL0wlUau9/U9SX+/a1QtT5arl97bkmVqtyG9oUu7F9yImq9XK2SI/Nn/6w7G5c+dfnDk9ebJysnJm4ujRQwf3DB6ZONyROLO4ru36ZHb3zmPvXnpz6vil93/9Lqvv1mJ5YxydMpJv3aae6XRhXbatIZ30d7EitKUvIrLdNVBv/0PRF5sWlw3F6593tXLAuqrVarVm5+fCQg24jyXR7RoA3VGe6LPr33K6Q12Pu8KVV/ILoCzu68WUL+mPNE/sHVhyfdtJIxFxfOG/b7Ip1uk+BABAox+z/s8Lzfp/aTySJwazjweKMZThiHgwIrZHxEMRsSMiHo6or/toRDzWZvlLR0hu7f+kl287uFXI+n8vF2NbN/f/0nKV4b4it60e/0ByYqZaOVBsk/0xsOHETFIZX6aMn17748tWyxr7f9mUlV/2BYt6XO5fcoNuenJ+ci0xN7ryWcSu/mbxJ1EO4yQRsTMidt1mGTPPtR4QWjn+ZXRgnKn2bcSz+f5fiCXxl5KW45PjLx2ZODy2MaqVA2PlUbFooUz89vvFt1qVv6b4OyDb/5ubHv+L8Q8nGyPmzp0/VR+vnWu/jIt/fdHymqbN4//YtuL4H0zeqc8YLBZ8PDk/f3Y8YjB549b5Ezf+tzJfrp/Fv39f8/a/PW5siccjYndE7ImIJ7KLwqLuT0bEUxGxb5n4f3n16Q/aj3+Zu/IdlMU/vdL+j8b9336i79TPP7Qffynb/4fqqf3FnNX8/q22gmvZdgAAAHCvSOvPwCfp6GI6TUdH82f4d8TmtDo7N//8idmPzkznz8oPx0Ba3ukaargfOl7cGy7zE0vyB4v7xl/3barnR6dmq9PdDh563JYW7T/zd1+3awesO+9rQe/S/qF3af/QmxLtH3qa9g89qf6UcbP2/2nLr4x+v54VAu4s53/oXato/8XLbK17BcC9yfkfepf2Dz2p5bvx6Zpe+V974quuli6xYiLSu6Ia93+if9V/zKJpYm/TRbWhvP1nczY0/Xq3f5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA64/8AAAD//zaw47E=")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001"})
chdir(&(0x7f0000000240)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
setresgid(0xee01, 0xffffffffffffffff, 0xffffffffffffffff)
getgroups(0x2, &(0x7f00000000c0)=[0xffffffffffffffff, <r1=>0xffffffffffffffff])
setresgid(0x0, r1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0)
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "fe80f8aea80baf6fa68ed65bf05547fc83e96e", 0x0, 0x7fffffff})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3, &(0x7f0000000d40), 0x9, 0x61d, &(0x7f0000000700)="$eJzs3U1rXFUfAPD/nbwnz/MkDQ9qXWhAtAVt0qStFBG0CK5KqS8LwY1jk5ba6QtNRFMrTaFuBHHjQnDlwrrwO2hBcOUXcOHGlVSKSDdK0ZE7uTNOk7nJTMzMtJnfD8Y5556bOeea/HvOnDnnTgA9ayr9TyFid0RcSCIm68r6IyucWj3v9m+XT6SPJMrlV35N4vKVZKX+tZLseSwi0oI/xyP5LiIm+9bXu7h86UyxVFq4mOVnls5emFlcvrTv9NniqYVTC+fmnp47fOjgocOz++t+6uSLrV7frrr00WtvvTP+4bHXv/jsTjL75Y/Hkni+VpZeV6uvvZmpmIpypv54+v/18HZX1iV9tb+TfyRrD6z1QhsbREuqv7+BiHgwxqOv7rc5Hh+81NXGAW1VTqLWRwG9JhH/0KOq44Dqe/vm3gcPtnlUAnTCrSMRT9TifyAiqvHfvzo3GMOVuYHR28ld8zxJROzfhvrTOr7/9ti19BFtmocDGlu5OpTN26/t/5NKbE7EcCU3ertwV/wXsmnciWz+8OWNqxnPK5hak8/qH9rq9QDNW7kaEQ81Gv9vHv9vZM/p8Te3WH9O/AMAAAAAAABbcONIRDzV6PO/Qm39z2CD9T9jEXW757Zu88//Cje3oRqggVtHIp5tuP63UD1loi/L/beyHmAgOXm6tLA/Iv4XEXtjYCjNz9a/6Fd1Px0R+z6a/DSv/vr1f+kjrb+6FjBrx83+NauB5otLxW24dOh5t65GPNyfv/4n7f+TBv1/Gt8Xmqxj8vHrx/PKNo9/oF3Kn0fsadj/J7Vzko3vzzFTGQ/MVEcF6z3y3sdf59Uv/qF70v5/dOP4H0rq79ez2NrrD0bEgeX+cl75Vsf/g8mrfVG3E/Hd4tLSxdmIweTo+uNzrbUZ7ifDzZ/6fkRU4qEaL2n8731s4/m/2vi/Lg5Hsnt8NeOBv8Z+yivT/0P3pPE/v3H/P3F3/996Yu76xDd59R9vqv8/WOnT92ZHzP/BxpoN0G63EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuR4WI+E8khelaulCYno4Yi4j/x2ihdH5x6cmT598+N5+WVb7/v1D9pt/x1XxS/f7/ibr83Jr8gYjYFRGf9I1U8tMnzpfmu33xAAAAAAAAAAAAAAAAAAAAcI8YW31at/8/9XNfV5sGdEJ/9izeoff0d7sBQNeIf+hd4h96V378/36nXNHR5gAd1Gz/X77S5oYAHbfF8b+PC2AH8P4fetVAc6cNt7sdQDfo/wEAAAAAYEfZ9eiNH5KIWHlmpPJIDWZltQ8GR7rVOqCdCnkFQ51tB9B51vBC77L0B3pXk4t/gR0sqaX+aLjZP3/1f9KeBgEAAAAAAAAAAAAA6+zZ3cT+f2BHyt3/D+x4G+z/b7Sxx+0CYAex/x96l9t8AdXBft43/dv/DwAAAAAAAAAAAAD3gOFLZ4ql0sLFxeWmE1daOfnfJ36JvKLnOtmM7UqsFO+JZtwPiYGIWFNUHl/9sz1TLL0WnW1PNWI6UddgB+vKSXTp3yMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCdvwMAAP//emUoLA==")
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000002c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x28}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x90)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f0000001400))
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1b8a877, &(0x7f0000000000)={[{@nr_inodes}]})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000200), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000000)=""/2, 0x2}, {&(0x7f0000000280)=""/4096, 0x1000}], 0x2, &(0x7f0000001280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xf8}, 0x3)
syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00')

11.939506817s ago: executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)

10.719588425s ago: executing program 3:
r0 = io_uring_setup(0x5ed8, &(0x7f00000003c0))
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000200)={&(0x7f0000001000)}, 0x1)

10.339932994s ago: executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000017c0)={0x14, 0x3d, 0x9, 0x0, 0x0, {0x3}}, 0x14}}, 0x0)

2.854636359s ago: executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff})

2.614925716s ago: executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10040, 0x2)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x1, 0x4, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x7}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x80}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0xffffffff, [{0x0, 0x2}]}, @ptr={0x0, 0x0, 0x0, 0x9, 0x3}, @restrict={0x0, 0x0, 0x0, 0x10, 0x2}]}}, 0x0, 0x4a}, 0x20)
sendmsg$nl_route_sched(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x3c, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x1}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x2}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xfffffffd}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0xffffffff}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7fff}, @TCA_FQ_CODEL_DROP_BATCH_SIZE={0x8, 0x8, 0x2}, @TCA_FQ_CODEL_ECN={0x8}]}}, @TCA_RATE={0x6, 0x5, {0x4}}]}, 0x78}}, 0x0)

2.555581596s ago: executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11)

2.475259938s ago: executing program 0:
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x4, 0x8, 0x2}, 0x48)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000700)={r0, &(0x7f0000000600), &(0x7f00000006c0)=@tcp6=r1}, 0x20)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000900)={r0, &(0x7f0000000800)="e8", &(0x7f00000008c0)=@tcp6=r2}, 0x20)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x8, 0x8, 0x2}, 0x48)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000700)={r3, &(0x7f0000000600), &(0x7f00000006c0)=@tcp6=r4}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f00000000c0)=@tcp6=r4, 0x1}, 0x20)

2.428396186s ago: executing program 2:
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000001880)=ANY=[@ANYBLOB="b4000000020000006600000000000000730135000000000095000000000000004bb5eea0a6ec9fcd4b0a008a8443f22702000000e65b3bde9e4a0587536a966992ae7011d6e6c03175717e9912e0dd1a59541f7cbb1548ee5bd627f5b0b8ec77bd6d5f7b543f9aafaabe53339b12fbbe7decc4aa61b8aad0359083bdd61543fbeee8d560bb4b5925fae801f4c91e31674b124a1b38000000bc4da4a9b3d5cc9e0000f6a7a729009973ff07000000000000ac79e5d84abbec7d96629490727375b853f6308a980fba61fbe0131f3c7a026d8f000008000000000000000b20d7ac2df89d7989bf53bec908213d396edf24e9fc3cc004a1097fddc65c1b1b328277ff85ed56b9261eb7bcee28ec2d3616689ab3f31f849eebce6f21e6302003c0467844e000000000db0700bd694a09b253a1c6c7c138b3ec6ee9b83edcc55d3403acd5c50e27401aa306a7ab7069790da79b7ab45184caffff00009bab066bf7a4ab148d44c7e2e4d219cdd7ebeb51511d9df85a648b1b85f93cb6cd21f93d5ea3da2b31657c065d052d9b9ee00320def97ebac25b929b3c15e33be6e7d54e622b4200000000400000002fb5c58a936620ba1f5fbb48703ab220f442697edc165b449db2e3c221fbf270a6db414516949b97c200000096a1cbe81a38a23f03bd741a3e60c2e294f828e06f1b2cb70328f151f949e369efed52a28b87aae9d7d2800c8efe7f93c05adc9086d3f143a7b87d06838c6525cafdc01820a8912a131ff1f6acb9439f2d95a746291641b38333ce1c33edc9da00c8a2b42e8adfeff69fce7a35f79748e3e5b235269310988a05bf7c4e4cef3d1aa550c83d6328eb000000044a6458c31431d58973c93f5e9452258a7098bc3d014afe638a40948498faa261213bc20845526e054d6b3ba5ca8f357df67c41acc28edacb31d38994544c3511ea1e8a448e66039425cfb03efb5d5eb81a306746adb8809ef9691863c00085e2dc401325327e54cbfceb400c2663466cd4a79c94b62c9882626499a8a29c564464f2a7aee6a929f831c93d23005787d272b5eaf0c6e11a7f0f1f39f68df44f6bf2ebe448cbe850efd24bf7b96ad33abbd3a8b5814b5e7f85d1a47ee604ccef20bda53c9ce06910568fc200eee12fc6ef2734a6e9af5132f0c507e277fd97f9b48c840697289d38e454467f4d2f94b2f76d06edd083dafefd76deb251b5818de9c27d0df6e7b8862fe42f6c453f551f35b6d76395a1d205f276ae628fbdb8081905a1d7c2805532d3387b88f2997e8ce41c5dca83659cfb7f3a1c7b2bec8a7575dc4241dde6c680ee9a27b197739f4ad86f3bad3e42d4954bef864586ad02c27858d63efc495bcfb6e30f30fedf536d63769a196fc3b472195d0a1a13ecf803136d751cefb0edb5794cab8681214b39f86d88f3aebea4d465ef05f975b09f264d6c8d8e3bb6ea7d21c6602bcc8f76f2546cccc074f55c22aa8b502968040000000000000047c8a50036dd268a1aeff951f5090492b5e941feb1d3785aafe108568c4df0a78fc102b93d655876e5a36c40fb5afcfd1eb28952662782097836a4d1aa3de0c06bb7dc27cf1a546b6aa6ce9932f3c6a013bc3791da4d8a33680ba8f1334d75a43e991ebd4582d786ec05cdd3152d52ab15fc7595cbd339f730d2ec8e37e6c500c4c30280a6af986f62a22d9c5c275e7798c165545abfcd304243274db15924a136a0896d56576ed5de90b1bda90f4024b9a0b3b33f688db8e38f784ae3942aba874f95d10c47e2405ceb0438cc272133fac718a6553710e4ca97df646b21d03652c54eade2e99344e11a2671cf274d397650fba8fcfb7e51a926e37b3980a1732111175dd99b9d979042b3ea411a7b4f9081ae9b82974d5eb6fd4e4bcd95e4f897dfba4e44777e6d02a896b650a66d9139696b9c6c36a33eb3adc092bf4586bfab34002f802bbfe6a7679cec20cc25e01f129bbe92a65961fac7bffa3d8feda2ac927743d2bce57ee39b671948576337535180aa754e035421cf1709bc1b5e46c35515fb1fcda637a6405e9b216d2ca09795c5d2f27665da5b17bcf0f387e6dd58202a3a1148e46e55ac7ea027eb3022eee4a000ca543ab566921e5db4f741a71dc202c851d99851bc7a62ea705f942855a9fa30b912045f78ab1e3fdeada84bc8ac36cc1223901e56f6ecbabbc3263098c9c47a1f505a8299b5715a455e834ddddc430f387cafa07bf915522f6a70c031929a42e34eea5169b796320e892d27924045bcf56135684ca96ada82749371d5766c0d0cae8772f140eef001ca39dc28743f77b8724487a9b37ca66d20aef8a5236393fce29b0531cbd3265c209761ed41a2e473fbd84ca9b67e3ceb58a4b774ee127628faba8702c0a73f8311d269429aaadf74c439404fc9f864e69807dfe2bae2bd4c498a10d4e17dddb1f7539bfeb392e22e7b93d0ecf66cd253a4062bbc8a4307f0e4360651dc7f8924ee7a89ab73dd7c11be13707482c369f02d7b6f242599f95dbfcb55bea158665231f8fe04ed2a375fd23a67c4438c407fed1a8702e2486386f2ae6347231128be789186ff5651208c8b781f85d3fb51bd28b939a8bc88a471c36fa17fd04c3fbdbd3f7bf144b1466014a77c582aa0380e612cd101d557dd1e5b7bae3da3ea2659f66a3641eaa3b008b978e0a5f69671f52401892dba8a63c8f7eb280880dbdcee5d8e8aae9de9d28cbe0de2f4642c4fe69db3b7432b2eb7ca282fbfe030ad6c33a73feef1cd517cedc2c0059e5636ae0fb3969ce7f64c6f4cffcc40ac1331f6b50d4f95c490edd75e8cdba278a602c8a200000000000000000000000091b39eb79b22cc68dde3760f3bd7377b35f4d41a46959070cddc4a9c340455f97ff0ea8c6adbff47a39269b2e90dffa1ec22d41f9da01ec44847a88334e106ff455f9ca2a0b2900591ceac1f0e823eaa7ed5b359eed1a39a6f75e7556ab52ac0c2c46b28f3791edf8f25cc2e6cab30841d3fac1e16443be84d4e9a903df3901f89e13cee8589df43652fbe05a789881dcae97ffdc52363bc61c334480afac09e04f9e5ce0bcd12c997545053b64cb2ba920a1071d2ca692c72965bdc0022f7f147943001a55ed8c7b3181fbfabd2069ac7bd4f9b459463edb8a05d1fde9a00000000d74252538611cce57a71ef716b41b016aaa8aeb8d15f0a82a8905427859ff9f8f68d041bcf92da5effebdf2efad10bc7fea0b571bce2820a977e94e3e431fdf98571915596cd4248a765d38f530aa4d94ebe9c44e9"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x21e, 0x10, &(0x7f00000002c0), 0x83419149c3b785d0}, 0x48)

2.358508856s ago: executing program 0:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r1, 0x7fff)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x1670e68)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000, 0x1100}])

2.26677767s ago: executing program 2:
r0 = syz_io_uring_setup(0x40f, &(0x7f0000000280), &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)={0x0, 0x40}, &(0x7f0000000040)='./file0\x00', 0x18})
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)={0x77359400}})
syz_io_uring_submit(r1, r2, &(0x7f0000000540)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4)
io_uring_enter(r0, 0x19be, 0x0, 0x0, 0x0, 0x0)

2.149851358s ago: executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000007c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=""/80, 0x50}}], 0x1, 0x0, 0x0)

2.147025999s ago: executing program 2:
r0 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000001280)={'ip6tnl0\x00', &(0x7f0000001200)={'syztnl0\x00', 0x0, 0x4, 0x80, 0xb2, 0x3, 0x6, @dev={0xfe, 0x80, '\x00', 0x27}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8, 0x0, 0x7fffffff, 0x1}})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x140}}, 0x0)
getsockname$packet(r6, &(0x7f0000000080)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r1, 0x8982, &(0x7f00000004c0))
sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240), 0x48}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x6c, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x4}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x3c, 0x2, [@TCA_CGROUP_ACT={0x38, 0x1, [@m_connmark={0x34, 0x0, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x6c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000240)={'syztnl0\x00', r7, 0x29, 0x6, 0x1f, 0x6, 0x3a, @mcast1, @rand_addr=' \x01\x00', 0x8, 0x10, 0x7f, 0x180}})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000002dc0)={@mcast1, 0x81, 0x0, 0x3, 0xa, 0xca7f, 0xaa6d}, 0x20)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r9, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYRESOCT, @ANYRES32=r9, @ANYBLOB="1400050000000000000000000000000000000013797b29b3d71482bf19dfde38a807347495bdc4e5faf832781f4bbc146217f2bac3fe349df134cb29b64cebf496e2c2de49dbbaf711f76f912d13c8dc8df3e71da83f378b5b46e75dfcd10be1934cb9fbe2abab8c25bdae572962b91efeedad0d28c1d420626f2813a51ae9a732b772232fb0258a35e6cff30830b1aa04cf311f6e15a4849394cd4195a994d14b6d61a1387991cd4e1f9db398290f84021b8697d721047a1dffc833a371f8227bd06ad18a2b668e5972fbef1c99e61fd24ef55bc425dd36b3cb8d4849"], 0x2c}}, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000006d80)={'syztnl2\x00', &(0x7f0000006d00)={'syztnl2\x00', r9, 0x2d, 0x4, 0x8, 0x6239, 0x30, @local, @mcast2, 0x20, 0x700, 0x8000, 0x10001}})
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r11, &(0x7f0000000000), &(0x7f0000000080)=@buf='\x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000001400)={r11, &(0x7f00000018c0)="c8286c390e7de4d887bb6bc203d58fcf3801000000982a39e0b4e2946b35d51bfd6ae7d962254f5e7bae72aa0722ea2561e9540bde1402e525d8ce54f6199796801267b5a6039c28cd7195136f1e4718de1beb15e8fb3b39ae5f61fd61c19761c0ec7edfe795979a842d0eac031f7c3dbb937084f02b00"/128}, 0x23)
sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r10, &(0x7f00000097c0)={&(0x7f0000008b00), 0xc, &(0x7f0000009780)={&(0x7f0000000800)=ANY=[@ANYBLOB="62870000", @ANYRES16=r11, @ANYBLOB="00c62bbd7000fddbdf257a000000080003002bb8afbd0de9", @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x40884}, 0x90)
getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r10, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newlink={0x94, 0x10, 0xffffff1f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x35288}, [@IFLA_LINKINFO={0x6c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x5c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @empty}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LINK={0x8, 0x1, r12}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x37}}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x29}]}}}, @IFLA_MASTER={0x8, 0xa, r12}]}, 0x94}, 0x1, 0x0, 0x0, 0x8000}, 0x4000080)

2.026166278s ago: executing program 0:
r0 = eventfd2(0x0, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f00000000c0)=0x1, 0x4)
r3 = dup3(r1, r0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
read$alg(r3, &(0x7f0000000680)=""/225, 0xe1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r4=>0x0})
bind$can_j1939(r1, &(0x7f0000000240)={0x1d, r4}, 0x18)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x4c}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10012, r5, 0x0)

2.004459361s ago: executing program 1:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff})

1.827867518s ago: executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'hsr0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000305000000000000000000000068", @ANYRES32=0x0, @ANYBLOB="000000000000000030001280080001006873720024000280050007000000000008000200", @ANYRES32=r2, @ANYBLOB="0a000100", @ANYRES32=r1], 0x50}}, 0x0)

1.648191266s ago: executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11)

1.608203512s ago: executing program 4:
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000340)={'fscrypt:', @auto=[0xe, 0x36, 0x64, 0x36, 0x66, 0x39, 0x34, 0x37, 0x30, 0x33, 0x38, 0x37, 0x31, 0x66, 0x30, 0x36]}, &(0x7f0000000400)={0x0, "d3d08265ba2098bb1c848f3ac942881519747a688d764e93017e31f79c084be5ce82416b0344e5f0c249bbc75964b24fee4b44eecc5ee8d872d9796a3851512f", 0x2b}, 0x48, 0xfffffffffffffffc)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$clear(0x11, 0xfffffffffffffffd)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xb, &(0x7f0000000340)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
sendto$inet(r3, 0x0, 0x0, 0x81, &(0x7f0000000000)={0x2, 0x4e20, @private=0xa010101}, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000808500000015000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r6, &(0x7f00000004c0)={&(0x7f00000003c0), 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x24040000)

1.566752898s ago: executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES8=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xc80, 0x0)
openat(r1, &(0x7f0000000bc0)='./file0\x00', 0x40200, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}]}, 0x38}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x8000, 0x8000, 0x6, 0x40, 0xffffffffffffffff, 0x7, '\x00', r3, 0xffffffffffffffff, 0x4, 0x1, 0x1, 0xb}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sched_setscheduler(0x0, 0x0, &(0x7f0000000100)=0x5)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x100})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa000000000000007000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000002000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a62951e532b33c57004ffc2e83361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da73c32bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c54d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f6b5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415bd0f9db009acaba9eaea93f7a1d434e00000000000000000000d154ba10a8e51489a614e69722bac300"/1551], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

1.546267352s ago: executing program 1:
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000200), 0x12)
r3 = openat$cgroup(r1, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000040)='cpu.weight\x00', 0x2, 0x0)
sendfile(r4, r2, 0x0, 0x10000a006)

919.074129ms ago: executing program 0:
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
r1 = open(&(0x7f00000000c0)='./bus\x00', 0x24142, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5")
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$FITRIM(r5, 0xc0185879, &(0x7f0000000240)={0x0, 0xfffffffffffffffc, 0x4000})
syz_genetlink_get_family_id$mptcp(&(0x7f0000000400), r4)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x4040)
ftruncate(0xffffffffffffffff, 0x2007ffd)
sendfile(r1, r4, 0x0, 0x1000000201005)
fallocate(r0, 0x10, 0x401, 0x2000402)
ioctl$TIOCGICOUNT(0xffffffffffffffff, 0x545d, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d)

566.335393ms ago: executing program 1:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r1, 0x7fff)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x1670e68)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000, 0x1100}])

362.712544ms ago: executing program 1:
r0 = syz_io_uring_setup(0x40f, &(0x7f0000000280), &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)={0x0, 0x40}, &(0x7f0000000040)='./file0\x00', 0x18})
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)={0x77359400}})
syz_io_uring_submit(r1, r2, &(0x7f0000000540)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4)
io_uring_enter(r0, 0x19be, 0x0, 0x0, 0x0, 0x0)

346.234947ms ago: executing program 4:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f00000000c0)={0x741b1df080cefadc, 0x0, "a489c4df73b4be42eaf641d84321a7ac1d58a166aa73d1c90ec14829134b8ee2"})

260.34056ms ago: executing program 4:
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @local}, 0x2}}, 0x26)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e)
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x3, 0x20000000, 0x4)

235.213134ms ago: executing program 1:
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
preadv(r0, &(0x7f0000001880)=[{&(0x7f000001aa80)=""/102395, 0x7ffff000}], 0x1, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0xc, 0x13, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000700000001801000020646c2500000000002020207b1af8ff00000000bf21ea587e569fe6ed4224c26affa100000000000007010000f8ffffffb702000008000000b70300000000000085000000080000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x10, 0x38, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x8004550f, &(0x7f0000000040)=@usbdevfs_connect)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000003c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_ZEROPAGE(r5, 0x8010aa01, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}})

120.016392ms ago: executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2c, 0x3, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_MARK_MASK={0x8, 0x19}, @CTA_MARK={0x8}, @CTA_ZONE={0x6}]}, 0x2c}}, 0x0)

0s ago: executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11)

kernel console output (not intermixed with test programs):

 T4179] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   86.331201][ T4179] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   86.421045][ T4179] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   86.497761][ T4235] device hsr_slave_0 entered promiscuous mode
[   86.520868][ T4235] device hsr_slave_1 entered promiscuous mode
[   86.531248][ T4235] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   86.552524][ T4235] Cannot create hsr debugfs directory
[   86.581658][ T4379] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[   86.649536][ T4379] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   86.653712][ T4363] loop2: detected capacity change from 0 to 40427
[   86.720695][ T3582] Bluetooth: hci1: command tx timeout
[   86.721143][ T4363] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   86.792842][ T4363] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   86.850064][ T4363] F2FS-fs (loop2): invalid crc value
[   86.899829][ T4179] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.909538][ T4363] F2FS-fs (loop2): Found nat_bits in checkpoint
[   86.988020][ T4179] 8021q: adding VLAN 0 to HW filter on device team0
[   87.006376][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.014901][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.060772][ T4235] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.082735][ T4363] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   87.103396][ T3667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.113200][ T3667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.121743][ T4363] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   87.130928][ T3667] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.138028][ T3667] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.148673][ T3667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.162515][ T3667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.171043][ T3667] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.178132][ T3667] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.186059][ T3667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.194916][ T3667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   87.259272][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   87.334985][ T4235] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.520671][ T4398] syz-executor.2: attempt to access beyond end of device
[   87.520671][ T4398] loop2: rw=2049, sector=53248, nr_sectors = 408 limit=40427
[   87.718684][ T4179] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   87.790157][ T4179] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   87.919019][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   87.920498][ T3571] syz-executor.2: attempt to access beyond end of device
[   87.920498][ T3571] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   87.928264][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   87.949963][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   87.958886][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   87.968885][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   87.978163][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.003925][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   88.031310][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.047892][ T4235] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.080901][ T3582] Bluetooth: hci4: command tx timeout
[   88.096815][ T4400] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.3'.
[   88.107817][ T4400] Zero length message leads to an empty skb
[   88.110072][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.161416][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   88.161940][ T3582] Bluetooth: hci3: command tx timeout
[   88.237157][ T4235] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.531192][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   88.541540][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   88.569983][ T4179] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.629701][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   88.648720][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   88.714743][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   88.730495][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   88.752490][ T4235] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   88.765886][ T4235] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   88.787294][ T4179] device veth0_vlan entered promiscuous mode
[   88.794987][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   88.802652][ T3582] Bluetooth: hci1: command tx timeout
[   88.817560][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   88.828335][ T4421] netlink: 'syz-executor.2': attribute type 10 has an invalid length.
[   88.844492][ T4421] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   88.864781][ T4235] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   88.889572][ T4235] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   88.953810][ T4179] device veth1_vlan entered promiscuous mode
[   89.089129][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   89.098856][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   89.182058][ T4235] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.190396][ T4179] device veth0_macvtap entered promiscuous mode
[   89.209943][ T4433] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'.
[   89.231202][ T4433] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'.
[   89.279753][ T4179] device veth1_macvtap entered promiscuous mode
[   89.299447][ T4235] 8021q: adding VLAN 0 to HW filter on device team0
[   89.311888][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   89.320055][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   89.329002][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   89.338075][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   89.397383][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   89.413158][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   89.422936][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.430172][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.439264][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   89.453483][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   89.462140][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.469263][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.477029][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   89.487068][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.513553][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.543935][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.564832][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.585106][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.605855][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.627479][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.648267][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.675174][ T4179] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.706554][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   89.721445][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   89.730199][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   89.763394][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   89.792863][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.820865][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.830760][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.850979][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.871042][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.900606][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.910455][ T4179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.940612][ T4179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.964423][ T4179] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.995839][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   90.011815][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   90.020442][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   90.058527][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   90.081502][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   90.090094][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   90.112155][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   90.122680][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   90.139489][ T4235] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   90.156435][ T4454] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[   90.168154][ T4235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   90.179640][ T4179] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.189190][ T4179] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.198003][ T4179] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.207211][ T4179] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.221304][ T4459] af_packet: tpacket_rcv: packet too big, clamped from 64034 to 3952. macoff=96
[   90.257679][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   90.266126][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   90.275114][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   90.489896][ T4158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.525849][ T4158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.578570][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   90.631031][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.665426][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.695409][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   90.784450][ T4076] device hsr_slave_0 left promiscuous mode
[   90.797973][ T4076] device hsr_slave_1 left promiscuous mode
[   90.824079][ T4076] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.847407][ T4076] batman_adv: batadv0: Removing interface: batadv_slave_0
[   90.874997][ T4076] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.892522][ T4076] batman_adv: batadv0: Removing interface: batadv_slave_1
[   90.902252][ T4076] device bridge_slave_1 left promiscuous mode
[   90.909631][ T4076] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.918796][ T4076] device bridge_slave_0 left promiscuous mode
[   90.925896][ T4076] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.945541][ T4076] device veth1_macvtap left promiscuous mode
[   90.960449][ T4076] device veth0_macvtap left promiscuous mode
[   90.972005][ T4076] device veth1_vlan left promiscuous mode
[   90.977950][ T4076] device veth0_vlan left promiscuous mode
[   91.021691][ T4464] loop2: detected capacity change from 0 to 40427
[   91.030135][ T4464] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[   91.039681][ T4464] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   91.052565][ T4464] F2FS-fs (loop2): invalid crc value
[   91.065182][ T4464] F2FS-fs (loop2): Found nat_bits in checkpoint
[   91.124016][ T4464] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   91.132153][ T4464] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[   91.180399][ T3571] syz-executor.2: attempt to access beyond end of device
[   91.180399][ T3571] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   91.290255][ T4076] team0 (unregistering): Port device team_slave_1 removed
[   91.312945][ T4076] team0 (unregistering): Port device team_slave_0 removed
[   91.336451][ T4076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   91.350024][ T4076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   91.470942][ T4076] bond0 (unregistering): Released all slaves
[   91.540077][ T4480] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'.
[   91.549972][ T4480] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'.
[   91.646961][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   91.661448][ T4495] binder: BINDER_SET_CONTEXT_MGR already set
[   91.667746][ T4495] binder: 4494:4495 ioctl 4018620d 20000040 returned -16
[   91.675370][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   91.710101][ T4235] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.895356][ T4511] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[   91.920782][ T4513] 9pnet_fd: Insufficient options for proto=fd
[   92.318513][ T4528] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[   92.636972][ T4540] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[   92.696421][ T4515] loop0: detected capacity change from 0 to 32768
[   92.697382][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   92.719766][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   92.743015][ T4515] 
[   92.743015][ T4515]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   92.743015][ T4515] 
[   92.780858][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   92.808765][ T4546] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[   92.809941][ T4515] 
[   92.809941][ T4515]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   92.809941][ T4515] 
[   92.841102][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   92.867753][ T4548] capability: warning: `syz-executor.2' uses 32-bit capabilities (legacy support in use)
[   92.869753][ T4235] device veth0_vlan entered promiscuous mode
[   92.891641][ T4548] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   92.896413][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   92.914369][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   92.924446][ T4546] CIFS mount error: No usable UNC path provided in device string!
[   92.924446][ T4546] 
[   92.942387][ T4515] 
[   92.942387][ T4515]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   92.942387][ T4515] 
[   92.945148][ T4235] device veth1_vlan entered promiscuous mode
[   92.968269][ T4546] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[   92.980871][ T4515] 
[   92.980871][ T4515]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   92.980871][ T4515] 
[   93.014104][ T4515] 
[   93.014104][ T4515]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.014104][ T4515] 
[   93.027537][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   93.046469][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   93.058111][  T134] 
[   93.058111][  T134]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.058111][  T134] 
[   93.076634][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   93.080930][ T4549] 
[   93.080930][ T4549]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.080930][ T4549] 
[   93.115448][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   93.122317][ T4549] 
[   93.122317][ T4549]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.122317][ T4549] 
[   93.138227][ T4235] device veth0_macvtap entered promiscuous mode
[   93.170099][ T4554] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[   93.203213][ T4549] 
[   93.203213][ T4549]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.203213][ T4549] 
[   93.228894][ T4549] 
[   93.228894][ T4549]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.228894][ T4549] 
[   93.265031][  T134] 
[   93.265031][  T134]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.265031][  T134] 
[   93.278809][ T4235] device veth1_macvtap entered promiscuous mode
[   93.302543][ T4179] 
[   93.302543][ T4179]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.302543][ T4179] 
[   93.336459][ T4179] 
[   93.336459][ T4179]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   93.336459][ T4179] 
[   93.336621][ T4235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.405926][ T4235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.440919][ T4235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.472032][ T4235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.500622][ T4235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.525615][ T4235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.567288][ T4235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.593378][ T4235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.611348][ T4564] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[   93.641825][ T4235] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.678300][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   93.687724][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   93.725807][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   93.755185][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   93.791961][ T4235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.820597][ T4235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.858097][ T4235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.884779][ T4235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.915433][ T4235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.942609][ T4576] loop0: detected capacity change from 0 to 1024
[   93.959208][ T4235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.973111][ T4235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.014553][ T4235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.055068][ T4235] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.086409][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   94.109808][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   94.132830][ T4235] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.150782][ T4556] loop2: detected capacity change from 0 to 32768
[   94.161125][ T4235] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.180503][ T4235] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.199565][ T4235] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.425516][ T4078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.459240][ T4078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.512780][ T4078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.522018][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   94.550308][ T4078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.598471][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   94.610783][ T3983] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   94.702180][ T4589] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[   94.850771][ T3983] usb 1-1: Using ep0 maxpacket: 16
[   94.970862][ T3983] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8
[   95.166265][ T3983] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[   95.196017][ T3983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.216109][ T3983] usb 1-1: Product: syz
[   95.220325][ T3983] usb 1-1: Manufacturer: syz
[   95.235823][ T3983] usb 1-1: SerialNumber: syz
[   95.257635][ T3983] usb 1-1: config 0 descriptor??
[   95.307457][ T3983] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[   95.334990][ T3983] usb 1-1: Detected FT232R
[   95.521307][ T3983] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   95.683354][ T4597] loop2: detected capacity change from 0 to 32768
[   95.697433][ T4597] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (4597)
[   95.726886][ T4597] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   95.737665][ T4597] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[   95.747233][ T4597] BTRFS info (device loop2): using free space tree
[   95.795738][ T3983] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   95.837908][ T4633] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[   95.874784][ T4597] BTRFS info (device loop2): enabling ssd optimizations
[   95.952120][ T3571] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   96.076475][ T3896] usb 1-1: USB disconnect, device number 3
[   96.133436][ T3896] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   96.168997][ T3896] ftdi_sio 1-1:0.0: device disconnected
[   96.394341][ T4660] loop2: detected capacity change from 0 to 256
[   96.421878][ T4660] exfat: Deprecated parameter 'namecase'
[   96.440915][ T4660] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[   96.867501][ T4667] CIFS mount error: No usable UNC path provided in device string!
[   96.867501][ T4667] 
[   96.922349][ T4650] loop4: detected capacity change from 0 to 32768
[   96.930666][ T4667] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[   97.413873][ T4692] input: syz1 as /devices/virtual/input/input5
[   97.987929][ T4720] loop2: detected capacity change from 0 to 256
[   98.008977][ T4720] exfat: Deprecated parameter 'namecase'
[   98.035614][ T4720] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[   99.333385][ T4712] loop0: detected capacity change from 0 to 32768
[   99.382032][ T4712] 
[   99.382032][ T4712]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   99.382032][ T4712] 
[   99.472592][ T4712] 
[   99.472592][ T4712]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   99.472592][ T4712] 
[   99.666396][   T26] kauditd_printk_skb: 35 callbacks suppressed
[   99.666478][   T26] audit: type=1800 audit(1718249657.214:108): pid=4737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1967 res=0 errno=0
[   99.715571][ T4712] 
[   99.715571][ T4712]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   99.715571][ T4712] 
[   99.971823][ T4712] 
[   99.971823][ T4712]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   99.971823][ T4712] 
[  100.166289][ T4712] 
[  100.166289][ T4712]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.166289][ T4712] 
[  100.189790][  T134] 
[  100.189790][  T134]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.189790][  T134] 
[  100.249735][ T4736] 
[  100.249735][ T4736]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.249735][ T4736] 
[  100.291589][ T4736] 
[  100.291589][ T4736]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.291589][ T4736] 
[  100.337541][ T4736] 
[  100.337541][ T4736]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.337541][ T4736] 
[  100.368506][ T4736] 
[  100.368506][ T4736]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.368506][ T4736] 
[  100.385536][  T134] 
[  100.385536][  T134]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.385536][  T134] 
[  100.427267][ T4741] 9pnet_fd: Insufficient options for proto=fd
[  100.435296][ T4179] 
[  100.435296][ T4179]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.435296][ T4179] 
[  100.466840][ T4729] loop4: detected capacity change from 0 to 32768
[  100.485638][ T4179] 
[  100.485638][ T4179]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  100.485638][ T4179] 
[  100.485858][ T4729] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (4729)
[  100.527074][ T4746] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  100.552316][ T4729] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  100.580395][ T4729] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  100.602690][ T4729] BTRFS info (device loop4): using free space tree
[  100.667528][   T26] audit: type=1800 audit(1718249658.224:109): pid=4718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1951 res=0 errno=0
[  101.483723][ T4729] BTRFS info (device loop4): enabling ssd optimizations
[  101.628154][ T4235] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  102.166166][ T4815] loop4: detected capacity change from 0 to 4096
[  102.581007][ T4815] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512)
[  102.600069][ T4813] 9pnet: p9_errstr2errno: server reported unknown error �§
[  102.657871][ T4815] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  102.756336][ T4825] loop0: detected capacity change from 0 to 128
[  102.916846][ T4825] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  102.927749][ T4825] ext4 filesystem being mounted at /root/syzkaller-testdir1330814780/syzkaller.LUa3xV/23/mnt supports timestamps until 2038 (0x7fffffff)
[  103.007986][ T4179] EXT4-fs (loop0): unmounting filesystem.
[  103.074223][ T4818] loop2: detected capacity change from 0 to 32768
[  103.134664][ T4818] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (4818)
[  103.182535][ T4818] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  103.216779][ T4818] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  103.228167][ T4818] BTRFS info (device loop2): using free space tree
[  103.254458][ T4818] BTRFS info (device loop2): enabling ssd optimizations
[  103.287701][ T3571] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  106.957418][ T4867] Invalid ELF header magic: != ELF
[  107.133665][ T4868] loop0: detected capacity change from 0 to 4096
[  107.165083][ T4868] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  107.273291][ T4881] loop4: detected capacity change from 0 to 256
[  107.476146][   T26] audit: type=1800 audit(1718249665.014:110): pid=4883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1048609 res=0 errno=0
[  107.584092][ T4868] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  107.729927][ T4878] ALSA: mixer_oss: invalid OSS volume 'D£n*@\%΂`.%å½p€�lÄ/¡á²“Î'
[  107.801484][ T4868] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  107.820707][ T4868] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  107.885117][ T4868] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  107.956430][ T4868] ntfs: volume version 3.1.
[  107.989703][ T4868] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  108.066100][ T4868] ntfs: (device loop0): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  108.140856][ T4868] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  108.244476][ T4868] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  109.050215][ T4922] loop4: detected capacity change from 0 to 256
[  109.154931][ T4926] loop0: detected capacity change from 0 to 256
[  109.568893][ T4926] kvm: emulating exchange as write
[  109.631385][ T4914] loop2: detected capacity change from 0 to 40427
[  109.648658][ T4914] F2FS-fs (loop2): invalid crc_offset: 16
[  109.679131][ T4914] F2FS-fs (loop2): Found nat_bits in checkpoint
[  109.707312][ T4947] loop4: detected capacity change from 0 to 4096
[  109.735401][ T4947] ntfs: volume version 3.1.
[  109.801137][ T4914] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  109.808308][ T4957] loop0: detected capacity change from 0 to 256
[  110.084272][ T4968] loop0: detected capacity change from 0 to 4096
[  110.098191][ T4968] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512)
[  110.175347][ T3571] syz-executor.2: attempt to access beyond end of device
[  110.175347][ T3571] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  110.289375][ T4975] loop4: detected capacity change from 0 to 4096
[  110.301839][ T4975] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512)
[  110.335526][ T4975] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  110.399723][ T4981] ebt_among: wrong size: 1048 against expected 1006634004, rounded to 1006634008
[  110.501365][ T4985] loop0: detected capacity change from 0 to 64
[  110.545571][ T4985] Trying to free block not in datazone
[  110.553522][ T4987] device vlan2 entered promiscuous mode
[  110.559107][ T4987] device dummy0 entered promiscuous mode
[  110.565982][ T4985] Trying to free block not in datazone
[  110.573388][ T4985] Trying to free block not in datazone
[  110.580584][ T4987] device dummy0 left promiscuous mode
[  110.586031][ T4985] Trying to free block not in datazone
[  110.604077][ T4985] Trying to free block not in datazone
[  110.609576][ T4985] minix_free_block (loop0:6): bit already cleared
[  110.623633][ T4985] Trying to free block not in datazone
[  110.629295][ T4985] Trying to free block not in datazone
[  110.760221][ T4994] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  110.805696][ T4994] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  110.821378][ T4994] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  111.025567][ T5010] loop2: detected capacity change from 0 to 128
[  111.057093][ T5013] ebt_among: wrong size: 1048 against expected 1006634004, rounded to 1006634008
[  111.084879][ T5010] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  111.101454][ T5010] ext4 filesystem being mounted at /root/syzkaller-testdir687997658/syzkaller.gXyAbj/101/mnt supports timestamps until 2038 (0x7fffffff)
[  111.221534][ T5025] loop4: detected capacity change from 0 to 64
[  111.245527][ T3571] EXT4-fs (loop2): unmounting filesystem.
[  111.266405][ T5025] Trying to free block not in datazone
[  111.301014][ T5025] Trying to free block not in datazone
[  111.306540][ T5025] Trying to free block not in datazone
[  111.339355][ T5025] Trying to free block not in datazone
[  111.359309][ T5025] Trying to free block not in datazone
[  111.378431][ T5025] minix_free_block (loop4:6): bit already cleared
[  111.429894][ T5025] Trying to free block not in datazone
[  111.463003][ T5025] Trying to free block not in datazone
[  111.650089][ T5051] ebt_among: wrong size: 1048 against expected 1006634004, rounded to 1006634008
[  111.793860][ T5062] loop4: detected capacity change from 0 to 128
[  111.810953][ T5062] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  111.819735][ T5062] ext4 filesystem being mounted at /root/syzkaller-testdir3328961582/syzkaller.vLyaH2/36/mnt supports timestamps until 2038 (0x7fffffff)
[  111.882380][ T5070] UHID_CREATE from different security context by process 245 (syz-executor.2), this is not allowed.
[  111.901981][ T4235] EXT4-fs (loop4): unmounting filesystem.
[  111.962273][ T5073] device vlan2 entered promiscuous mode
[  111.968704][ T5073] device team0 entered promiscuous mode
[  111.989230][ T5073] device team_slave_0 entered promiscuous mode
[  112.018587][ T5073] device team_slave_1 entered promiscuous mode
[  112.027860][ T5073] team0: Device vlan2 is already an upper device of the team interface
[  112.052959][ T5085] loop2: detected capacity change from 0 to 128
[  112.080007][ T5073] device team0 left promiscuous mode
[  112.090169][ T5073] device team_slave_0 left promiscuous mode
[  112.104896][ T5073] device team_slave_1 left promiscuous mode
[  112.464917][ T5105] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.4'.
[  112.649533][ T5113] loop2: detected capacity change from 0 to 764
[  112.735800][ T5113] rock: directory entry would overflow storage
[  112.766185][ T5113] rock: sig=0x4f50, size=4, remaining=3
[  112.791519][ T5113] iso9660: Corrupted directory entry in block 4 of inode 1792
[  112.834849][ T5084] loop0: detected capacity change from 0 to 32768
[  112.870709][ T5084] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (5084)
[  112.906559][ T5115] loop4: detected capacity change from 0 to 4096
[  112.915374][ T5084] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  112.941007][ T5084] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  112.950274][ T5084] BTRFS info (device loop0): use zlib compression, level 3
[  112.970641][ T5084] BTRFS info (device loop0): using free space tree
[  113.060120][ T5115] ntfs3: loop4: ino=1b, "file0" The size of extended attributes must not exceed 64KiB
[  113.271570][ T5084] BTRFS info (device loop0): enabling ssd optimizations
[  113.323428][ T5157] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.4'.
[  113.408195][ T5159] device vlan2 entered promiscuous mode
[  113.420672][ T5159] device dummy0 entered promiscuous mode
[  113.441205][ T5159] device dummy0 left promiscuous mode
[  113.451273][   T26] kauditd_printk_skb: 25 callbacks suppressed
[  113.451287][   T26] audit: type=1804 audit(1718249671.004:113): pid=5160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="bus" dev="sda1" ino=1953 res=1 errno=0
[  113.532737][ T4179] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  113.649849][ T5168] loop4: detected capacity change from 0 to 1024
[  114.079393][ T5187] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  114.617257][ T5186] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  115.030422][ T5186] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  115.248955][ T5208] ebt_among: wrong size: 1048 against expected 1006634004, rounded to 1006634008
[  115.527573][ T5194] loop0: detected capacity change from 0 to 32768
[  115.578568][ T5194] find_entry called with index = 0
[  115.586234][ T5227] loop2: detected capacity change from 0 to 64
[  115.592520][ T5194] find_entry called with index = 0
[  115.628894][ T5227] BFS-fs: bfs_fill_super(): Inode 0x00000032 corrupted on loop2
[  115.983372][ T3571] syz-executor.2 (3571) used greatest stack depth: 18840 bytes left
[  116.050103][ T4076] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.302587][ T5249] loop4: detected capacity change from 0 to 512
[  116.315196][ T5249] EXT4-fs: Mount option(s) incompatible with ext3
[  116.334355][ T4076] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.672873][ T4076] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.214719][ T4076] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.283137][ T5261] loop0: detected capacity change from 0 to 1024
[  117.307734][ T5261] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  117.348528][ T5264] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  117.381473][ T5261] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e11d, mo2=0002]
[  117.389222][ T5264] overlayfs: failed to set xattr on upper
[  117.390291][ T5261] System zones: 0-1, 2-3, 4-36, 98-101, 102-102
[  117.427354][ T5261] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  117.451436][   T48] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  117.461664][ T5264] overlayfs: ...falling back to index=off,metacopy=off.
[  117.468816][   T48] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  117.477359][   T48] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  117.480841][ T5264] overlayfs: './file0' not a directory
[  117.494664][   T48] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  117.502402][   T48] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  117.509658][   T48] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  117.530893][ T3582] Bluetooth: hci0: command tx timeout
[  117.532415][ T4179] EXT4-fs (loop0): unmounting filesystem.
[  117.667182][ T5280] input: syz0 as /devices/virtual/input/input6
[  118.238144][ T5290] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  118.320932][   T48] Bluetooth: hci1: command tx timeout
[  118.729016][ T5294] bridge0: port 3(macvlan2) entered blocking state
[  118.754306][ T5294] bridge0: port 3(macvlan2) entered disabled state
[  118.768004][ T5294] device macvlan2 entered promiscuous mode
[  118.780810][ T5294] device veth3 entered promiscuous mode
[  118.799765][ T5295] device veth3 left promiscuous mode
[  118.822999][ T5295] bridge0: port 3(macvlan2) entered disabled state
[  118.842823][ T5295] device macvlan2 left promiscuous mode
[  118.849396][ T5295] bridge0: port 3(macvlan2) entered disabled state
[  118.891369][ T5301] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  118.899487][ T5301] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.3'.
[  119.044159][ T5271] chnl_net:caif_netlink_parms(): no params data found
[  119.259792][ T5271] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.282539][ T5271] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.316596][ T5271] device bridge_slave_0 entered promiscuous mode
[  119.326526][ T5318] overlayfs: failed to clone upperpath
[  119.360311][ T5271] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.369925][   T26] audit: type=1804 audit(1718249676.924:114): pid=5320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3328961582/syzkaller.vLyaH2/55/bus" dev="sda1" ino=1966 res=1 errno=0
[  119.370306][ T5271] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.411909][ T5320] Invalid ELF header magic: != ELF
[  119.421923][ T5271] device bridge_slave_1 entered promiscuous mode
[  119.519163][ T5271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.551520][ T5271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.600712][ T3582] Bluetooth: hci2: command tx timeout
[  119.650403][ T5271] team0: Port device team_slave_0 added
[  119.703978][   T26] audit: type=1804 audit(1718249677.264:115): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="bus" dev="sda1" ino=1961 res=1 errno=0
[  119.754052][ T5271] team0: Port device team_slave_1 added
[  119.858451][ T5271] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.865754][ T5271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.894515][ T5271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.919993][ T5335] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  119.967471][ T5271] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.979468][ T5271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.035132][ T5271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.054741][ T5333] bridge0: port 3(macvlan2) entered blocking state
[  120.100981][ T5333] bridge0: port 3(macvlan2) entered disabled state
[  120.117622][ T5333] device macvlan2 entered promiscuous mode
[  120.130787][ T5333] device veth3 entered promiscuous mode
[  120.160181][ T5335] device veth3 left promiscuous mode
[  120.196386][ T5335] bridge0: port 3(macvlan2) entered disabled state
[  120.223403][ T5335] device macvlan2 left promiscuous mode
[  120.229030][ T5335] bridge0: port 3(macvlan2) entered disabled state
[  120.392478][ T4076] device hsr_slave_0 left promiscuous mode
[  120.419024][ T4076] device hsr_slave_1 left promiscuous mode
[  120.451025][ T4076] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  120.458509][ T4076] batman_adv: batadv0: Removing interface: batadv_slave_0
[  120.488811][ T4076] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  120.521572][ T4076] batman_adv: batadv0: Removing interface: batadv_slave_1
[  120.549820][ T4076] device bridge_slave_1 left promiscuous mode
[  120.561085][ T4076] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.602120][ T4076] device bridge_slave_0 left promiscuous mode
[  120.608364][ T4076] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.646855][ T4076] device veth1_macvtap left promiscuous mode
[  120.671022][ T4076] device veth0_macvtap left promiscuous mode
[  120.677159][ T4076] device veth1_vlan left promiscuous mode
[  120.690866][ T4076] device veth0_vlan left promiscuous mode
[  121.079590][ T5343] loop4: detected capacity change from 0 to 64
[  121.125540][ T5343] MINIX-fs: bad superblock or unable to read bitmaps
[  121.289333][ T5345] fuse: Unknown parameter 'gid'
[  121.318317][ T4076] team0 (unregistering): Port device team_slave_1 removed
[  121.369009][ T4076] team0 (unregistering): Port device team_slave_0 removed
[  121.403823][ T4076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  121.442024][ T4076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  121.511224][   T26] audit: type=1804 audit(1718249679.074:116): pid=5349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3328961582/syzkaller.vLyaH2/62/bus" dev="sda1" ino=1961 res=1 errno=0
[  121.541901][ T5349] Invalid ELF header magic: != ELF
[  121.579767][ T4076] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  121.637609][ T4076] bond0 (unregistering): Released all slaves
[  121.680729][ T3582] Bluetooth: hci2: command tx timeout
[  121.692456][ T5356] loop4: detected capacity change from 0 to 64
[  121.857705][ T5271] device hsr_slave_0 entered promiscuous mode
[  121.889225][ T5271] device hsr_slave_1 entered promiscuous mode
[  122.428265][ T5381] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  122.555084][ T5384] bridge0: port 3(macvlan2) entered blocking state
[  122.570944][ T5384] bridge0: port 3(macvlan2) entered disabled state
[  122.579378][ T5384] device macvlan2 entered promiscuous mode
[  122.610653][ T5384] device veth3 entered promiscuous mode
[  122.635943][ T5389] device veth3 left promiscuous mode
[  122.668022][ T5389] bridge0: port 3(macvlan2) entered disabled state
[  122.708877][ T5389] device macvlan2 left promiscuous mode
[  122.756260][ T5389] bridge0: port 3(macvlan2) entered disabled state
[  123.155761][ T5271] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  123.193656][ T5271] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  123.224446][ T5271] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  123.261667][ T5271] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  123.391884][ T5400] loop0: detected capacity change from 0 to 64
[  123.473161][ T5271] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.523579][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  123.536764][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.564472][ T5271] 8021q: adding VLAN 0 to HW filter on device team0
[  123.564630][ T5383] loop4: detected capacity change from 0 to 40427
[  123.579991][   T26] audit: type=1800 audit(1718249681.134:117): pid=5404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1963 res=0 errno=0
[  123.580206][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  123.634596][ T5383] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  123.641759][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.671082][ T3896] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.678266][ T3896] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.681984][ T5383] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  123.728055][ T5383] F2FS-fs (loop4): invalid crc value
[  123.732135][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  123.753115][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.761388][ T3582] Bluetooth: hci2: command tx timeout
[  123.767316][ T5408] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  123.778700][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.787776][ T5383] F2FS-fs (loop4): Found nat_bits in checkpoint
[  123.789235][ T3983] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.801217][ T3983] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.809063][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.818309][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.837860][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.851251][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.860051][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.875081][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.897729][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  123.924260][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.961232][ T5383] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  123.968314][ T5383] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  124.025116][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  124.043811][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  124.065613][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  124.081969][ T5271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  124.589572][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  124.599307][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  124.625519][ T5271] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.703458][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  124.722949][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  124.776324][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  124.796068][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  124.817012][ T5271] device veth0_vlan entered promiscuous mode
[  124.837335][   T26] audit: type=1804 audit(1718249682.394:118): pid=5450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3328961582/syzkaller.vLyaH2/69/bus/bus" dev="loop4" ino=10 res=1 errno=0
[  124.839977][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  124.864782][ T5450] syz-executor.4: attempt to access beyond end of device
[  124.864782][ T5450] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  124.908519][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  124.936532][ T5271] device veth1_vlan entered promiscuous mode
[  125.013004][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  125.023780][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  125.048871][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  125.073851][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  125.099343][ T5271] device veth0_macvtap entered promiscuous mode
[  125.144409][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  125.159443][ T5271] device veth1_macvtap entered promiscuous mode
[  125.217923][ T5271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.238967][ T5271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.259221][ T5271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.276696][ T5271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.301457][ T5271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.331976][ T5271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.352440][ T5271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.363312][ T5271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.375350][ T5271] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.378850][ T4235] syz-executor.4: attempt to access beyond end of device
[  125.378850][ T4235] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  125.425173][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  125.452111][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  125.468674][ T5271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.487213][ T5271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.540630][ T5271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.595970][ T5271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.654807][ T5271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.726197][ T5271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.841888][ T3582] Bluetooth: hci2: command tx timeout
[  126.127778][ T5271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.265351][ T5271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.431561][ T5271] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.450296][  T152] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  126.468304][  T152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  126.493906][ T5271] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.513102][ T5271] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.530641][ T5271] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.550641][ T5271] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.574921][ T5476] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  126.587855][ T5478] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'.
[  126.613636][ T5478] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  126.788518][ T4120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.806332][ T4120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.839332][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  126.849654][ T5483] loop0: detected capacity change from 0 to 4096
[  126.862430][   T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.865949][ T5483] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff'
[  126.878741][   T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.895881][ T5485] loop4: detected capacity change from 0 to 256
[  126.903641][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  127.027424][ T5487] loop2: detected capacity change from 0 to 1024
[  127.183210][ T5494] loop2: detected capacity change from 0 to 512
[  127.196466][ T5494] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  127.232847][ T5494] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended
[  127.291898][ T5494] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz-executor.2: bg 0: block 18: invalid block bitmap
[  127.345553][ T5494] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6173: Corrupt filesystem
[  127.379788][ T5494] EXT4-fs (loop2): 1 truncate cleaned up
[  127.403702][ T5494] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  127.428305][ T5494] ext2 filesystem being mounted at /root/syzkaller-testdir2846177256/syzkaller.xFLNQn/1/file1 supports timestamps until 2038 (0x7fffffff)
[  127.543131][ T5507] Bluetooth: MGMT ver 1.22
[  127.727163][ T5271] EXT4-fs (loop2): unmounting filesystem.
[  127.820033][ T5511] loop2: detected capacity change from 0 to 64
[  127.936514][ T5515] netlink: 'syz-executor.2': attribute type 10 has an invalid length.
[  127.992507][ T5519] loop2: detected capacity change from 0 to 64
[  128.212998][ T5532] loop2: detected capacity change from 0 to 256
[  129.826161][ T5568] loop0: detected capacity change from 0 to 1024
[  129.891589][ T5568] hfsplus: bad catalog entry type
[  129.948183][ T4120] hfsplus: b-tree write err: -5, ino 4
[  130.253082][ T5581] loop0: detected capacity change from 0 to 4096
[  130.260388][ T5581] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff'
[  131.461291][ T5580] loop2: detected capacity change from 0 to 32768
[  131.475014][ T5594] loop4: detected capacity change from 0 to 512
[  131.483908][ T5594] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  131.500851][ T5594] EXT4-fs (loop4): filesystem is read-only
[  131.533182][ T5594] EXT4-fs (loop4): filesystem is read-only
[  131.535303][ T5580] XFS (loop2): Mounting V5 Filesystem
[  131.550494][ T5605] loop0: detected capacity change from 0 to 64
[  131.550715][ T5594] EXT4-fs (loop4): orphan cleanup on readonly fs
[  131.569902][ T5594] EXT4-fs error (device loop4): ext4_quota_enable:6964: comm syz-executor.4: Bad quota inum: 16777216, type: 0
[  131.592488][ T5594] EXT4-fs warning (device loop4): ext4_enable_quotas:7012: Failed to enable quota tracking (type=0, err=-117, ino=16777216). Please run e2fsck to fix.
[  131.673977][ T5594] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  131.711787][ T5594] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  131.739553][ T5580] XFS (loop2): Ending clean mount
[  131.762915][ T4235] EXT4-fs (loop4): unmounting filesystem.
[  131.783123][ T5580] XFS (loop2): Quotacheck needed: Please wait.
[  131.850175][ T5614] loop4: detected capacity change from 0 to 256
[  131.866797][ T5580] XFS (loop2): Quotacheck: Done.
[  132.024644][ T5271] XFS (loop2): Unmounting Filesystem
[  132.643921][ T1254] ieee802154 phy0 wpan0: encryption failed: -22
[  132.654835][ T1254] ieee802154 phy1 wpan1: encryption failed: -22
[  133.441285][ T5639] sctp: failed to load transform for md5: -4
[  133.926445][ T5664] loop4: detected capacity change from 0 to 4096
[  133.954813][ T5664] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff'
[  135.133461][ T5685] loop4: detected capacity change from 0 to 1024
[  135.222515][ T5685] hfsplus: bad catalog entry type
[  135.316174][ T4120] hfsplus: b-tree write err: -5, ino 4
[  135.557167][ T5714] loop2: detected capacity change from 0 to 548
[  135.594594][ T5714] EXT4-fs (loop2): filesystem is read-only
[  135.633037][ T5714] EXT4-fs (loop2): filesystem is read-only
[  135.648847][ T5714] EXT4-fs (loop2): orphan cleanup on readonly fs
[  135.662072][ T5714] EXT4-fs error (device loop2): ext4_quota_enable:6964: comm syz-executor.2: Bad quota inum: 16777216, type: 0
[  135.696047][ T5718] loop4: detected capacity change from 0 to 512
[  135.706634][ T5714] EXT4-fs warning (device loop2): ext4_enable_quotas:7012: Failed to enable quota tracking (type=0, err=-117, ino=16777216). Please run e2fsck to fix.
[  135.738812][ T5718] EXT4-fs warning (device loop4): ext4_init_metadata_csum:4562: metadata_csum and uninit_bg are redundant flags; please run fsck.
[  135.776861][ T5714] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  135.789553][ T5718] EXT4-fs (loop4): VFS: Found ext4 filesystem with unknown checksum algorithm.
[  135.807433][ T5714] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  135.860910][ T5705] loop0: detected capacity change from 0 to 40427
[  135.911357][ T5705] F2FS-fs (loop0): Found nat_bits in checkpoint
[  135.939427][ T5271] EXT4-fs (loop2): unmounting filesystem.
[  135.992719][ T5705] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  136.061169][ T4179] syz-executor.0: attempt to access beyond end of device
[  136.061169][ T4179] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  136.158757][ T5729] loop2: detected capacity change from 0 to 1024
[  136.204208][ T5729] hfsplus: bad catalog entry type
[  136.243992][ T4120] hfsplus: b-tree write err: -5, ino 4
[  136.634359][ T5751] loop0: detected capacity change from 0 to 256
[  136.668673][ T5751] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  137.668157][ T5758] loop0: detected capacity change from 0 to 8192
[  137.739223][ T5768] loop4: detected capacity change from 0 to 1024
[  137.775537][ T5758] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  138.088561][ T5758] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  138.252587][ T5758] REISERFS (device loop0): using ordered data mode
[  138.370516][ T5758] reiserfs: using flush barriers
[  138.570754][ T5758] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  138.608847][ T5758] REISERFS (device loop0): checking transaction log (loop0)
[  138.673040][ T5758] REISERFS (device loop0): Using r5 hash to sort names
[  138.751685][ T5768] EXT4-fs: Ignoring removed nomblk_io_submit option
[  138.763644][ T5758] reiserfs: enabling write barrier flush mode
[  138.808112][ T5791] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  138.824454][ T5758] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  138.901162][ T5792] sch_tbf: burst 511 is lower than device vlan0 mtu (1514) !
[  138.958162][ T5797] netlink: 'syz-executor.4': attribute type 298 has an invalid length.
[  139.006430][   T26] audit: type=1800 audit(1718249696.564:119): pid=5799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1946 res=0 errno=0
[  139.135440][   T48] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  139.145456][   T26] audit: type=1326 audit(1718249696.704:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  139.168616][   T48] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  139.180401][   T48] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  139.188142][   T26] audit: type=1326 audit(1718249696.704:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  139.213393][   T26] audit: type=1326 audit(1718249696.714:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  139.237235][   T26] audit: type=1326 audit(1718249696.714:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  139.260400][   T26] audit: type=1326 audit(1718249696.724:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  139.285191][    C1] vkms_vblank_simulate: vblank timer overrun
[  139.367271][   T48] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  139.443630][   T48] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  139.454433][   T48] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  139.593552][   T26] audit: type=1326 audit(1718249697.154:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  139.616368][    C1] vkms_vblank_simulate: vblank timer overrun
[  139.864132][   T26] audit: type=1326 audit(1718249697.204:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  139.878911][ T4120] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.902118][   T26] audit: type=1326 audit(1718249697.204:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5804 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  140.127236][ T4120] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.400870][ T5823] ptrace attach of "/root/syz-executor.4 exec"[4235] was attempted by "/root/syz-executor.4 exec"[5823]
[  141.851250][   T48] Bluetooth: hci3: command tx timeout
[  142.309339][ T5828] loop4: detected capacity change from 0 to 1024
[  142.330049][ T4120] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.331713][ T5828] EXT4-fs: Ignoring removed nomblk_io_submit option
[  142.350092][ T5830] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  142.462334][ T4120] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.591759][ T5836] netlink: 'syz-executor.1': attribute type 298 has an invalid length.
[  143.508604][ T5803] chnl_net:caif_netlink_parms(): no params data found
[  143.646069][ T5856] loop2: detected capacity change from 0 to 4096
[  143.672812][ T5856] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512)
[  143.727652][ T5856] ntfs3: loop2: failed to convert "076c" to cp1250
[  143.836518][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.855830][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.878243][ T5803] device bridge_slave_0 entered promiscuous mode
[  143.918559][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.931141][   T48] Bluetooth: hci3: command tx timeout
[  143.938401][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.970089][ T5803] device bridge_slave_1 entered promiscuous mode
[  144.142647][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  144.187299][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  144.305717][ T5803] team0: Port device team_slave_0 added
[  144.358094][ T5803] team0: Port device team_slave_1 added
[  144.419683][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0
[  144.438168][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.487919][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  144.517570][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1
[  144.535315][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.583861][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  144.689190][ T5803] device hsr_slave_0 entered promiscuous mode
[  144.704074][ T5803] device hsr_slave_1 entered promiscuous mode
[  144.719244][ T5803] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  144.730695][ T5803] Cannot create hsr debugfs directory
[  144.915744][ T4120] device hsr_slave_0 left promiscuous mode
[  144.943883][ T4120] device hsr_slave_1 left promiscuous mode
[  144.967092][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  144.981372][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_0
[  145.002607][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  145.019643][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_1
[  145.040171][ T4120] device bridge_slave_1 left promiscuous mode
[  145.053475][ T4120] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.075366][ T4120] device bridge_slave_0 left promiscuous mode
[  145.087737][ T4120] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.128075][ T4120] device veth1_macvtap left promiscuous mode
[  145.138663][ T4120] device veth0_macvtap left promiscuous mode
[  145.153440][ T4120] device veth1_vlan left promiscuous mode
[  145.166265][ T4120] device veth0_vlan left promiscuous mode
[  145.735153][ T5900] loop2: detected capacity change from 0 to 40427
[  145.752954][ T5900] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  145.770246][ T5900] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  145.826258][ T4120] team0 (unregistering): Port device team_slave_1 removed
[  145.836259][ T5900] F2FS-fs (loop2): Found nat_bits in checkpoint
[  145.850904][ T4120] team0 (unregistering): Port device team_slave_0 removed
[  145.872785][ T4120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  145.910996][ T4120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  145.957631][ T5900] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  145.967358][ T5900] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  146.006150][ T5899] syz-executor.2: attempt to access beyond end of device
[  146.006150][ T5899] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  146.011604][   T48] Bluetooth: hci3: command tx timeout
[  146.055940][ T4120] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  146.097236][ T4120] bond0 (unregistering): Released all slaves
[  146.187507][ T4884] kworker/u4:13: attempt to access beyond end of device
[  146.187507][ T4884] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  146.314671][   T26] audit: type=1804 audit(1718249703.864:128): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1330814780/syzkaller.LUa3xV/84/file0" dev="sda1" ino=1966 res=1 errno=0
[  147.213315][ T5931] fuse: Bad value for 'fd'
[  147.616987][ T5803] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  147.684635][   T26] audit: type=1804 audit(1718249705.204:129): pid=5952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="file0" dev="sda1" ino=1954 res=1 errno=0
[  148.091357][   T48] Bluetooth: hci3: command tx timeout
[  148.149229][ T5803] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  148.347931][ T5803] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  148.406446][ T5803] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  148.451966][ T5953] loop2: detected capacity change from 0 to 4096
[  148.464261][ T5953] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512)
[  148.594715][ T5953] ntfs3: loop2: failed to convert "076c" to cp1250
[  148.661666][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.721882][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  148.730234][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  148.759851][ T5803] 8021q: adding VLAN 0 to HW filter on device team0
[  148.777213][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  148.796764][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  148.805419][ T3614] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.812669][ T3614] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.863940][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  148.891668][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  148.900413][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  148.941159][ T3614] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.948317][ T3614] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.990958][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  148.999803][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  149.041577][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  149.071494][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  149.113333][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  149.136253][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  149.171517][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  149.191714][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  149.221484][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  149.229879][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  149.252273][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  149.268212][ T5803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  149.414239][ T5987] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  149.564260][ T5986] loop2: detected capacity change from 0 to 4096
[  149.592307][ T5986] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512)
[  149.691298][ T5986] ntfs3: loop2: failed to convert "076c" to cp1250
[  149.763234][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  149.790970][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  149.804649][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.861459][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  149.870226][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  149.909692][   T26] audit: type=1326 audit(1718249707.464:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x0
[  149.948895][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  149.966883][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  150.003461][ T5803] device veth0_vlan entered promiscuous mode
[  150.012083][   T26] audit: type=1326 audit(1718249707.544:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6008 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83207cea9 code=0x7ffc0000
[  150.036614][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  150.047442][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  150.071386][ T5803] device veth1_vlan entered promiscuous mode
[  150.104067][   T26] audit: type=1326 audit(1718249707.544:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6008 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83207cea9 code=0x7ffc0000
[  150.153757][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  150.181361][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  150.210716][   T26] audit: type=1326 audit(1718249707.544:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6008 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe83207baa0 code=0x7ffc0000
[  150.234474][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  150.243727][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  150.275410][ T5803] device veth0_macvtap entered promiscuous mode
[  150.290874][   T26] audit: type=1326 audit(1718249707.544:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6008 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83207cea9 code=0x7ffc0000
[  150.333156][ T5803] device veth1_macvtap entered promiscuous mode
[  150.378211][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.394375][   T26] audit: type=1326 audit(1718249707.544:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6008 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fe83207cea9 code=0x7ffc0000
[  150.424989][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.446102][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.471636][   T26] audit: type=1326 audit(1718249707.544:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6008 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83207cea9 code=0x7ffc0000
[  150.504129][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.534128][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.550734][   T26] audit: type=1326 audit(1718249707.544:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6008 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fe83207cea9 code=0x7ffc0000
[  150.580616][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.601030][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.621157][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.641988][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.662896][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  150.673590][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  150.691353][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  150.720670][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  150.732810][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.746112][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.776340][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.810666][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.837224][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.953950][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.018463][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.029380][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.040931][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.050991][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  151.059779][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  151.072878][ T5803] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.116497][ T5803] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.156676][ T6036] ptrace attach of "/root/syz-executor.4 exec"[4235] was attempted by "/root/syz-executor.4 exec"[6036]
[  151.226030][ T5803] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.459403][ T5803] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.884428][ T6040] x_tables: unsorted underflow at hook 4
[  152.018562][ T3635] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.046156][ T3635] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.078529][ T3896] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  152.149424][ T3635] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.194521][ T3635] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.220474][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  152.261344][   T26] kauditd_printk_skb: 22 callbacks suppressed
[  152.261358][   T26] audit: type=1326 audit(1718249709.824:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6054 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0caea7cea9 code=0x0
[  152.313591][ T6025] loop2: detected capacity change from 0 to 40427
[  152.340254][ T6025] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  152.366492][ T6025] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  152.413731][ T6025] F2FS-fs (loop2): Found nat_bits in checkpoint
[  152.627071][ T6025] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  152.629323][ T6060] loop3: detected capacity change from 0 to 8192
[  152.636477][ T6071] device batadv_slave_1 entered promiscuous mode
[  152.650391][ T6025] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  152.659206][ T6068] device batadv_slave_1 left promiscuous mode
[  152.660402][ T6060] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  152.782515][ T6060] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  152.879987][ T6060] REISERFS (device loop3): using ordered data mode
[  152.897075][ T6024] syz-executor.2: attempt to access beyond end of device
[  152.897075][ T6024] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  152.942002][ T6060] reiserfs: using flush barriers
[  153.005999][ T6060] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  153.278870][ T6060] REISERFS (device loop3): checking transaction log (loop3)
[  153.452285][ T6060] REISERFS (device loop3): Using tea hash to sort names
[  153.630052][ T6060] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  153.922311][ T3635] kworker/u4:6: attempt to access beyond end of device
[  153.922311][ T3635] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  154.577858][ T6100] device batadv_slave_1 entered promiscuous mode
[  154.611095][ T6099] device batadv_slave_1 left promiscuous mode
[  155.728978][   T26] audit: type=1804 audit(1718249713.281:161): pid=6118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2846177256/syzkaller.xFLNQn/43/file0" dev="sda1" ino=1974 res=1 errno=0
[  155.866710][ T6123] netlink: 1038 bytes leftover after parsing attributes in process `syz-executor.4'.
[  156.015558][ T6106] loop3: detected capacity change from 0 to 32768
[  156.337821][ T6139] device batadv_slave_1 entered promiscuous mode
[  156.346868][ T6136] device batadv_slave_1 left promiscuous mode
[  156.472702][ T3983] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  156.491941][ T6151] tmpfs: Bad value for 'mpol'
[  157.396201][ T3983] usb 5-1: Using ep0 maxpacket: 8
[  157.453450][ T6166] loop2: detected capacity change from 0 to 512
[  157.463448][ T6169] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  157.551376][ T3983] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  157.559500][ T3983] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.578132][ T6166] EXT4-fs (loop2): 1 orphan inode deleted
[  157.619529][ T3983] usb 5-1: config 0 has no interface number 0
[  157.625820][ T6166] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  157.648415][ T3983] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  157.685060][ T6174] device batadv_slave_1 entered promiscuous mode
[  157.693771][ T6166] ext4 filesystem being mounted at /root/syzkaller-testdir2846177256/syzkaller.xFLNQn/45/file1 supports timestamps until 2038 (0x7fffffff)
[  157.720756][ T3983] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  157.741206][ T6173] device batadv_slave_1 left promiscuous mode
[  157.750441][ T3983] usb 5-1: config 0 interface 52 has no altsetting 0
[  157.762971][ T3983] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  157.775908][ T3983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.807784][ T3983] usb 5-1: config 0 descriptor??
[  157.857203][ T6166] EXT4-fs error (device loop2): ext4_ext_remove_space:2842: inode #16: comm syz-executor.2: path[1].p_hdr == NULL
[  157.882730][ T6166] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5868: Corrupt filesystem
[  157.900789][ T6166] EXT4-fs error (device loop2): ext4_punch_hole:4140: inode #16: comm syz-executor.2: mark_inode_dirty error
[  157.919581][ T6165] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0
[  157.946123][ T6165] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0
[  157.964115][ T6165] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0
[  157.988270][ T6166] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0
[  158.011686][ T6166] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0
[  158.058765][ T5271] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.2: lblock 0 mapped to illegal pblock 3 (length 1)
[  158.093269][ T3983] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input8
[  158.105925][ T5271] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5868: Corrupt filesystem
[  158.130183][ T5271] EXT4-fs (loop2): unmounting filesystem.
[  158.237747][ T6195] loop3: detected capacity change from 0 to 512
[  158.315525][   T26] audit: type=1804 audit(1718249715.861:162): pid=6198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="file0" dev="sda1" ino=1953 res=1 errno=0
[  158.685559][ T6199] Cannot find map_set index 0 as target
[  158.809862][ T6195] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  158.896414][ T6195] ext4 filesystem being mounted at /root/syzkaller-testdir3342384663/syzkaller.X4nmBL/10/bus supports timestamps until 2038 (0x7fffffff)
[  159.009083][ T4645] usb 5-1: USB disconnect, device number 4
[  159.039361][ T6195] EXT4-fs error (device loop3): ext4_get_first_dir_block:3540: inode #12: comm syz-executor.3: Directory hole found for htree leaf block
[  159.152511][ T5803] EXT4-fs (loop3): unmounting filesystem.
[  159.271585][ T4078] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.366934][   T26] audit: type=1804 audit(1718249716.921:163): pid=6216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir1330814780/syzkaller.LUa3xV/116/file0" dev="sda1" ino=1953 res=1 errno=0
[  159.439261][ T4078] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.968948][ T4078] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.059171][ T4078] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.251155][   T26] audit: type=1804 audit(1718249717.711:164): pid=6232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3342384663/syzkaller.X4nmBL/13/file0" dev="sda1" ino=1969 res=1 errno=0
[  160.965257][ T6239] loop3: detected capacity change from 0 to 128
[  161.936426][ T3582] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  161.946480][ T3582] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  161.956037][ T3582] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  161.965334][ T3582] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  161.977527][ T3582] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  161.987112][ T3582] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  162.028450][   T26] audit: type=1326 audit(1718249719.581:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6253 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x0
[  162.333685][ T6273] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  162.379068][ T6249] chnl_net:caif_netlink_parms(): no params data found
[  162.510673][ T4645] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  162.596325][ T6249] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.608810][ T6249] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.634596][ T6249] device bridge_slave_0 entered promiscuous mode
[  162.679258][ T4078] device hsr_slave_0 left promiscuous mode
[  162.696871][ T4078] device hsr_slave_1 left promiscuous mode
[  162.712455][ T4078] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  162.732667][ T4078] batman_adv: batadv0: Removing interface: batadv_slave_0
[  162.749542][ T4078] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  162.750796][ T4645] usb 4-1: Using ep0 maxpacket: 8
[  162.757953][ T4078] batman_adv: batadv0: Removing interface: batadv_slave_1
[  162.778565][ T4078] device bridge_slave_1 left promiscuous mode
[  162.785055][ T4078] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.812474][ T4078] device bridge_slave_0 left promiscuous mode
[  162.818928][ T4078] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.843310][ T4078] device veth1_macvtap left promiscuous mode
[  162.861415][ T4078] device veth0_macvtap left promiscuous mode
[  162.874203][ T4078] device veth1_vlan left promiscuous mode
[  162.889530][ T4078] device veth0_vlan left promiscuous mode
[  162.895639][ T4645] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  162.907291][ T4645] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  162.926796][ T4645] usb 4-1: config 0 has no interface number 0
[  162.933515][ T4645] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  162.951755][ T4645] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  162.974248][ T4645] usb 4-1: config 0 interface 52 has no altsetting 0
[  162.983119][ T6295] loop4: detected capacity change from 0 to 2048
[  162.989581][ T4645] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  162.998911][ T4645] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.010264][ T6295] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  163.022180][ T4645] usb 4-1: config 0 descriptor??
[  163.047243][ T6295] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  163.090298][ T6295] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  163.234157][ T6299] loop4: detected capacity change from 0 to 64
[  163.284894][ T4645] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input9
[  163.390503][ T4078] team0 (unregistering): Port device team_slave_1 removed
[  163.391564][ T6303] loop4: detected capacity change from 0 to 2048
[  163.405399][ T4078] team0 (unregistering): Port device team_slave_0 removed
[  163.422799][ T4078] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  163.438888][ T4078] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  163.532673][ T4078] bond0 (unregistering): Released all slaves
[  163.559132][ T3983] usb 4-1: USB disconnect, device number 2
[  163.565066][    C1] synaptics_usb 4-1:0.52: synusb_irq - usb_submit_urb failed with result: -19
[  163.596219][ T6249] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.610747][ T6249] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.618554][ T6249] device bridge_slave_1 entered promiscuous mode
[  163.651974][ T6293] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  163.661908][ T6301] device batadv_slave_0 entered promiscuous mode
[  163.669258][ T6300] device batadv_slave_0 left promiscuous mode
[  163.698718][ T6249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  163.746558][ T6249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  163.828176][ T6249] team0: Port device team_slave_0 added
[  163.849429][ T6249] team0: Port device team_slave_1 added
[  163.952464][ T6249] batman_adv: batadv0: Adding interface: batadv_slave_0
[  163.971708][ T6249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.001459][ T3582] Bluetooth: hci2: command tx timeout
[  164.065822][ T6249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.108355][ T6307] loop4: detected capacity change from 0 to 40427
[  164.109763][ T6249] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.146256][ T6307] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  164.156472][ T6249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.168592][ T6307] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  164.207469][ T6249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  164.260710][ T6307] F2FS-fs (loop4): invalid crc value
[  164.316349][ T6307] F2FS-fs (loop4): Found nat_bits in checkpoint
[  164.329548][ T6249] device hsr_slave_0 entered promiscuous mode
[  164.366126][ T6249] device hsr_slave_1 entered promiscuous mode
[  164.463780][ T6307] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  164.486369][ T6307] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  164.503580][ T6336] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[  164.558544][ T6307] syz-executor.4: attempt to access beyond end of device
[  164.558544][ T6307] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  164.726589][ T4235] syz-executor.4: attempt to access beyond end of device
[  164.726589][ T4235] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  165.151442][   T26] audit: type=1800 audit(1718249722.711:166): pid=6354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="sda1" ino=1962 res=0 errno=0
[  165.227858][   T26] audit: type=1804 audit(1718249722.711:167): pid=6354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="file1" dev="sda1" ino=1962 res=1 errno=0
[  165.283974][ T6249] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  165.315284][ T6249] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  165.324760][   T26] audit: type=1804 audit(1718249722.851:168): pid=6357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="file0" dev="sda1" ino=1962 res=1 errno=0
[  165.372436][ T6249] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  165.398151][ T6249] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  165.656622][ T6249] 8021q: adding VLAN 0 to HW filter on device bond0
[  165.818784][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  165.825725][ T6325] loop3: detected capacity change from 0 to 65536
[  165.834192][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  166.151975][ T3582] Bluetooth: hci2: command tx timeout
[  166.192792][ T6249] 8021q: adding VLAN 0 to HW filter on device team0
[  166.594396][ T6325] XFS (loop3): Mounting V5 Filesystem
[  166.643545][ T6249] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  166.733757][ T6325] XFS (loop3): Ending clean mount
[  166.752334][ T6249] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  166.787398][ T6325] XFS (loop3): Quotacheck needed: Please wait.
[  166.828773][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  166.838056][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  166.847946][ T2536] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.855093][ T2536] bridge0: port 1(bridge_slave_0) entered forwarding state
[  166.863464][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  166.872536][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  166.881245][ T2536] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.888328][ T2536] bridge0: port 2(bridge_slave_1) entered forwarding state
[  166.920922][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  166.929825][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  166.961522][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  166.980890][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  167.011345][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  167.020102][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  167.051385][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  167.060076][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  167.089079][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  167.114638][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  167.137814][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  167.168569][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  167.202451][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  167.239194][ T6325] XFS (loop3): Quotacheck: Done.
[  167.292035][ T6397] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[  167.311411][ T5803] XFS (loop3): Unmounting Filesystem
[  167.374981][ T6399] device batadv_slave_0 entered promiscuous mode
[  167.433563][ T6398] device batadv_slave_0 left promiscuous mode
[  167.555039][ T6368] loop4: detected capacity change from 0 to 40427
[  167.577525][ T6368] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  167.608878][ T6368] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  167.633076][ T6368] F2FS-fs (loop4): invalid crc value
[  167.688364][ T6368] F2FS-fs (loop4): Found nat_bits in checkpoint
[  167.706098][ T6249] 8021q: adding VLAN 0 to HW filter on device batadv0
[  167.727619][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  167.745606][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  167.794366][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  167.815558][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  167.859881][ T6368] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  167.872948][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  167.884941][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  167.896196][ T6368] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  167.909022][ T6249] device veth0_vlan entered promiscuous mode
[  171.890604][ T3582] Bluetooth: hci2: command tx timeout
[  171.957192][ T6249] device veth1_vlan entered promiscuous mode
[  172.212876][ T6249] device veth0_macvtap entered promiscuous mode
[  172.254072][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  172.271370][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  172.310794][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  172.344527][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  172.377704][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  172.549644][ T6249] device veth1_macvtap entered promiscuous mode
[  172.647088][ T6249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.667803][ T6249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.680161][ T6431] loop3: detected capacity change from 0 to 2048
[  172.686830][ T6249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.707515][ T6249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.758869][ T6249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.774260][ T6249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.784777][ T6249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  172.796236][ T6249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.807587][ T6249] batman_adv: batadv0: Interface activated: batadv_slave_0
[  172.845372][ T6438] overlayfs: failed to clone upperpath
[  172.860757][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  172.870051][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  172.893869][ T6249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.917303][ T6249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.940792][ T6249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.964477][ T6249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  172.980344][ T6249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  172.998412][ T6249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  173.009506][ T6249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  173.020298][ T6249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  173.036640][ T6249] batman_adv: batadv0: Interface activated: batadv_slave_1
[  173.051007][ T6444] device batadv_slave_0 entered promiscuous mode
[  173.086268][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  173.109428][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  173.129397][ T6441] device batadv_slave_0 left promiscuous mode
[  173.143041][ T6249] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  173.160640][ T6249] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  173.183756][ T6249] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  173.196658][ T6452] loop4: detected capacity change from 0 to 2048
[  173.208962][ T6249] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  173.399925][ T2449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.411875][   T26] audit: type=1326 audit(1718249731.975:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6451 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  173.451272][ T2449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.499277][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  173.526785][ T6471] Driver unsupported XDP return value 0 on prog  (id 187) dev N/A, expect packet loss!
[  173.567264][   T26] audit: type=1326 audit(1718249731.975:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6451 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  173.606371][ T2449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.634005][ T2449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.691353][   T26] audit: type=1326 audit(1718249732.245:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6451 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  173.726361][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  173.789437][   T26] audit: type=1326 audit(1718249732.275:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6451 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30c447cea9 code=0x7ffc0000
[  173.825345][ T6486] device batadv_slave_0 entered promiscuous mode
[  173.833520][ T6484] device batadv_slave_0 left promiscuous mode
[  174.240694][   T48] Bluetooth: hci2: command tx timeout
[  174.776414][ T6520] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  174.809476][ T6520] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  174.957785][ T6525] loop2: detected capacity change from 0 to 512
[  174.985997][ T6525] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  175.088013][ T6525] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  175.126643][ T6525] ext4 filesystem being mounted at /root/syzkaller-testdir4019888620/syzkaller.MdtzbT/6/file0 supports timestamps until 2038 (0x7fffffff)
[  175.177352][ T6538] loop3: detected capacity change from 0 to 256
[  175.284486][ T6525] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  175.300081][ T6538] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  175.322571][ T6525] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  175.348766][ T6525] EXT4-fs error (device loop2): ext4_acquire_dquot:6777: comm syz-executor.2: Failed to acquire dquot type 0
[  175.538059][ T6546] loop3: detected capacity change from 0 to 256
[  175.594634][ T6249] EXT4-fs (loop2): unmounting filesystem.
[  175.680962][   T48] Bluetooth: hci0: command 0x0406 tx timeout
[  175.820840][ T6557] loop3: detected capacity change from 0 to 512
[  175.874785][ T6557] EXT4-fs: Ignoring removed mblk_io_submit option
[  175.890940][ T6557] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  175.936963][ T6557] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b016c118, mo2=0002]
[  175.955305][ T6557] System zones: 1-12
[  175.972946][ T6557] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr
[  175.992422][ T6557] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117)
[  176.013301][ T6557] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  176.091391][ T6557] loop3: detected capacity change from 512 to 64
[  176.278882][ T6557] syz-executor.3: attempt to access beyond end of device
[  176.278882][ T6557] loop3: rw=2049, sector=72, nr_sectors = 20 limit=64
[  176.319559][ T6557] EXT4-fs warning (device loop3): ext4_end_bio:347: I/O error 10 writing to inode 13 starting block 36)
[  176.371204][ T6557] Buffer I/O error on device loop3, logical block 36
[  176.378383][ T6557] Buffer I/O error on device loop3, logical block 37
[  176.404049][ T6557] Buffer I/O error on device loop3, logical block 38
[  176.410755][ T6557] Buffer I/O error on device loop3, logical block 39
[  176.417442][ T6557] Buffer I/O error on device loop3, logical block 40
[  176.424135][ T6557] Buffer I/O error on device loop3, logical block 41
[  176.474146][ T6557] Buffer I/O error on device loop3, logical block 42
[  176.480857][ T6557] Buffer I/O error on device loop3, logical block 43
[  176.487517][ T6557] Buffer I/O error on device loop3, logical block 44
[  176.494171][ T6557] Buffer I/O error on device loop3, logical block 45
[  176.567337][ T6571] loop2: detected capacity change from 0 to 32768
[  176.679941][ T5803] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 18: comm syz-executor.3: path /root/syzkaller-testdir3342384663/syzkaller.X4nmBL/33/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0
[  176.795908][ T5803] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 18: comm syz-executor.3: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0
[  176.861042][ T5803] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 18: comm syz-executor.3: path /root/syzkaller-testdir3342384663/syzkaller.X4nmBL/33/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0
[  176.907839][ T5803] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 18: comm syz-executor.3: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0
[  176.928628][ T5803] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 18: comm syz-executor.3: path /root/syzkaller-testdir3342384663/syzkaller.X4nmBL/33/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0
[  177.002819][ T5803] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 18: comm syz-executor.3: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0
[  177.031526][ T5803] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 18: comm syz-executor.3: path /root/syzkaller-testdir3342384663/syzkaller.X4nmBL/33/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0
[  177.044520][ T6582] loop2: detected capacity change from 0 to 256
[  177.065040][ T5803] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 18: comm syz-executor.3: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0
[  177.111411][ T5803] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 18: comm syz-executor.3: path /root/syzkaller-testdir3342384663/syzkaller.X4nmBL/33/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0
[  177.148970][ T5803] EXT4-fs error (device loop3): ext4_empty_dir:3131: inode #11: block 18: comm syz-executor.3: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0
[  177.563987][ T6590] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  177.591236][   T26] audit: type=1326 audit(1718249736.155:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6591 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  177.691055][   T26] audit: type=1326 audit(1718249736.195:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6591 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  177.750765][   T26] audit: type=1326 audit(1718249736.195:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6591 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  177.787963][ T5803] EXT4-fs (loop3): unmounting filesystem.
[  177.795994][ T6598] netlink: 4096 bytes leftover after parsing attributes in process `syz-executor.2'.
[  177.880999][   T26] audit: type=1326 audit(1718249736.195:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6591 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  177.912934][ T2449] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.013024][ T2449] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.202054][ T2449] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.288533][ T2449] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.366937][ T6609] loop2: detected capacity change from 0 to 2048
[  178.414151][ T6609]  loop2: p2 < >
[  178.457813][    C1] operation not supported error, dev loop2, sector 0 op 0x9:(WRITE_ZEROES) flags 0x8000800 phys_seg 0 prio class 2
[  178.958871][ T6622] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  179.110943][ T3582] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  179.126034][ T3582] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  179.135046][ T3582] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  179.147288][ T3582] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  179.155385][ T3582] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  179.162831][ T3582] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  179.524233][ T6618] loop2: detected capacity change from 0 to 32768
[  179.649992][ T2449] device hsr_slave_0 left promiscuous mode
[  179.671570][ T2449] device hsr_slave_1 left promiscuous mode
[  179.678926][ T2449] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.700085][ T2449] batman_adv: batadv0: Removing interface: batadv_slave_0
[  179.709613][ T2449] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.724883][ T2449] batman_adv: batadv0: Removing interface: batadv_slave_1
[  179.737394][ T2449] device bridge_slave_1 left promiscuous mode
[  179.745916][ T2449] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.758775][ T2449] device bridge_slave_0 left promiscuous mode
[  179.769540][ T2449] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.082706][ T2449] device veth1_macvtap left promiscuous mode
[  180.089292][ T2449] device veth0_macvtap left promiscuous mode
[  180.097659][ T2449] device veth1_vlan left promiscuous mode
[  180.103857][ T2449] device veth0_vlan left promiscuous mode
[  180.114750][ T6618] XFS (loop2): Mounting V5 Filesystem
[  180.238162][ T6618] XFS (loop2): Ending clean mount
[  180.399573][ T6249] XFS (loop2): Unmounting Filesystem
[  180.599822][ T2449] team0 (unregistering): Port device team_slave_1 removed
[  180.629002][ T2449] team0 (unregistering): Port device team_slave_0 removed
[  180.669208][ T2449] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  180.726116][ T2449] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  180.842481][ T2449] bond0 (unregistering): Released all slaves
[  180.935823][ T6647] netlink: 4096 bytes leftover after parsing attributes in process `syz-executor.0'.
[  180.950121][ T6660] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  181.133834][ T6666] loop2: detected capacity change from 0 to 2048
[  181.149805][ T6625] chnl_net:caif_netlink_parms(): no params data found
[  181.180140][ T6666] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  181.214032][   T48] Bluetooth: hci3: command tx timeout
[  181.281343][ T6666] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  181.408281][ T6625] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.536344][ T6625] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.544575][ T6625] device bridge_slave_0 entered promiscuous mode
[  181.553908][ T6625] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.565545][ T6625] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.579210][ T6625] device bridge_slave_1 entered promiscuous mode
[  181.579232][   T26] kauditd_printk_skb: 9 callbacks suppressed
[  181.579243][   T26] audit: type=1804 audit(1718249740.135:186): pid=6672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1330814780/syzkaller.LUa3xV/184/bus" dev="sda1" ino=1967 res=1 errno=0
[  182.426314][   T26] audit: type=1804 audit(1718249740.985:187): pid=6691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1330814780/syzkaller.LUa3xV/185/bus" dev="sda1" ino=1967 res=1 errno=0
[  182.490519][ T6625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.553382][ T6695] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  182.565378][ T6625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  182.621864][ T6697] netlink: 4096 bytes leftover after parsing attributes in process `syz-executor.4'.
[  182.727945][ T6625] team0: Port device team_slave_0 added
[  182.758639][ T6625] team0: Port device team_slave_1 added
[  182.826532][ T6704] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  182.854863][ T6625] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.864624][ T6625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  183.005918][ T6625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  183.084163][ T6625] batman_adv: batadv0: Adding interface: batadv_slave_1
[  183.107981][ T6625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  183.281120][   T48] Bluetooth: hci3: command tx timeout
[  183.618091][ T6625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  183.917207][   T26] audit: type=1326 audit(1718249743.475:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  184.147629][   T26] audit: type=1326 audit(1718249743.515:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  184.179759][ T6625] device hsr_slave_0 entered promiscuous mode
[  184.221023][ T6625] device hsr_slave_1 entered promiscuous mode
[  184.230753][   T26] audit: type=1326 audit(1718249743.515:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  184.300599][   T26] audit: type=1326 audit(1718249743.525:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  184.412719][ T6625] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  184.420329][ T6625] Cannot create hsr debugfs directory
[  184.435999][   T26] audit: type=1326 audit(1718249743.525:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0caea7cea9 code=0x7ffc0000
[  184.467917][   T26] audit: type=1800 audit(1718249743.665:193): pid=6729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1951 res=0 errno=0
[  185.036868][   T26] audit: type=1804 audit(1718249743.665:194): pid=6729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3328961582/syzkaller.vLyaH2/148/bus" dev="sda1" ino=1951 res=1 errno=0
[  185.361176][   T48] Bluetooth: hci3: command tx timeout
[  185.404038][   T26] audit: type=1804 audit(1718249744.935:195): pid=6740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1330814780/syzkaller.LUa3xV/190/bus" dev="sda1" ino=1943 res=1 errno=0
[  185.466509][ T6742] netlink: 4096 bytes leftover after parsing attributes in process `syz-executor.2'.
[  186.034052][ T6729] loop4: detected capacity change from 0 to 40427
[  186.062567][ T6729] F2FS-fs (loop4): invalid crc value
[  186.096121][ T6625] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  186.127911][ T6625] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  186.135119][ T6729] F2FS-fs (loop4): Found nat_bits in checkpoint
[  186.168700][ T6625] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  186.198607][ T6625] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  186.274491][ T6729] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  186.396914][ T4235] syz-executor.4: attempt to access beyond end of device
[  186.396914][ T4235] loop4: rw=2051, sector=36912, nr_sectors = 8144 limit=40427
[  186.450905][ T4235] syz-executor.4: attempt to access beyond end of device
[  186.450905][ T4235] loop4: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[  186.467260][ T6625] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.471522][ T4235] F2FS-fs (loop4): Issue discard(4614, 4614, 1018) failed, ret: -5
[  186.473894][ T4235] F2FS-fs (loop4): Issue discard(5637, 5637, 10747) failed, ret: -5
[  186.498647][ T6773] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  186.608696][ T6625] 8021q: adding VLAN 0 to HW filter on device team0
[  186.632950][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  186.641270][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  186.702398][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  186.726601][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  186.750296][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.757429][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.774455][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  186.783468][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  186.792151][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.799249][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.813471][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  186.855747][ T6787] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  186.875307][ T6789] Bluetooth: MGMT ver 1.22
[  186.880120][ T6789] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  186.890274][ T6787] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  186.913994][ T6787] device gretap0 entered promiscuous mode
[  186.928969][ T6787] device gretap0 left promiscuous mode
[  186.947252][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  187.000821][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  187.017420][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  187.032547][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  187.042300][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  187.055016][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  187.076272][ T6625] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  187.441991][   T48] Bluetooth: hci3: command tx timeout
[  187.485917][ T6625] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  187.703433][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  187.722016][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  187.739275][   T26] audit: type=1800 audit(1718249747.295:196): pid=6802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1965 res=0 errno=0
[  187.762042][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  187.784594][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  187.808798][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  187.823533][   T26] audit: type=1804 audit(1718249747.335:197): pid=6802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1330814780/syzkaller.LUa3xV/199/bus" dev="sda1" ino=1965 res=1 errno=0
[  187.872589][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  188.417149][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  188.440810][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  188.463570][ T6625] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.523813][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  188.543298][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  188.598554][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  188.624954][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  188.642312][   T48] ==================================================================
[  188.650491][   T48] BUG: KASAN: use-after-free in __lock_acquire+0x77/0x1f80
[  188.657730][   T48] Read of size 8 at addr ffff888057f690b0 by task kworker/u5:0/48
[  188.665538][   T48] 
[  188.667856][   T48] CPU: 1 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.93-syzkaller #0
[  188.675823][   T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  188.685870][   T48] Workqueue: hci1 hci_rx_work
[  188.690634][   T48] Call Trace:
[  188.693897][   T48]  <TASK>
[  188.696815][   T48]  dump_stack_lvl+0x1e3/0x2cb
[  188.701491][   T48]  ? nf_tcp_handle_invalid+0x642/0x642
[  188.706944][   T48]  ? panic+0x764/0x764
[  188.711003][   T48]  ? _printk+0xd1/0x111
[  188.715144][   T48]  ? __virt_addr_valid+0x17f/0x520
[  188.720245][   T48]  ? __virt_addr_valid+0x17f/0x520
[  188.725348][   T48]  print_report+0x15f/0x4f0
[  188.729926][   T48]  ? __virt_addr_valid+0x17f/0x520
[  188.735025][   T48]  ? __virt_addr_valid+0x17f/0x520
[  188.740123][   T48]  ? __virt_addr_valid+0x44a/0x520
[  188.745220][   T48]  ? __phys_addr+0xb6/0x170
[  188.749711][   T48]  ? __lock_acquire+0x77/0x1f80
[  188.754552][   T48]  kasan_report+0x136/0x160
[  188.759044][   T48]  ? __lock_acquire+0x77/0x1f80
[  188.763894][   T48]  __lock_acquire+0x77/0x1f80
[  188.768570][   T48]  ? __lock_acquire+0x125b/0x1f80
[  188.773602][   T48]  lock_acquire+0x1f8/0x5a0
[  188.778106][   T48]  ? lock_sock_nested+0x66/0x100
[  188.783039][   T48]  ? lockdep_softirqs_on+0x590/0x590
[  188.788318][   T48]  ? read_lock_is_recursive+0x10/0x10
[  188.793683][   T48]  ? __local_bh_disable_ip+0x183/0x210
[  188.799137][   T48]  ? __might_sleep+0xb0/0xb0
[  188.803711][   T48]  ? lock_sock_nested+0x66/0x100
[  188.808640][   T48]  ? __bpf_trace_softirq+0x10/0x10
[  188.813745][   T48]  ? do_raw_read_unlock+0x38/0x70
[  188.818760][   T48]  ? _raw_read_unlock+0x24/0x40
[  188.823601][   T48]  ? l2cap_global_chan_by_psm+0x459/0x4c0
[  188.829314][   T48]  ? lock_sock_nested+0x66/0x100
[  188.834246][   T48]  _raw_spin_lock_bh+0x31/0x40
[  188.838999][   T48]  ? lock_sock_nested+0x66/0x100
[  188.843927][   T48]  lock_sock_nested+0x66/0x100
[  188.848682][   T48]  l2cap_sock_recv_cb+0x51/0x4e0
[  188.853611][   T48]  ? l2cap_recv_frame+0x1242/0x8bd0
[  188.858801][   T48]  l2cap_recv_frame+0x12ba/0x8bd0
[  188.863824][   T48]  ? l2cap_conn_unreliable+0x1a0/0x1a0
[  188.869271][   T48]  ? __mutex_unlock_slowpath+0x218/0x750
[  188.874890][   T48]  ? __lock_acquire+0x1f80/0x1f80
[  188.879908][   T48]  ? mutex_unlock+0x10/0x10
[  188.884400][   T48]  ? hci_conn_enter_active_mode+0x25c/0x360
[  188.890282][   T48]  ? l2cap_recv_acldata+0x2ed/0x1570
[  188.895559][   T48]  ? hci_conn_hash_lookup_handle+0x226/0x240
[  188.901528][   T48]  hci_rx_work+0x363/0xce0
[  188.905931][   T48]  ? process_one_work+0x7a9/0x11d0
[  188.911035][   T48]  process_one_work+0x8a9/0x11d0
[  188.915965][   T48]  ? worker_detach_from_pool+0x260/0x260
[  188.921585][   T48]  ? _raw_spin_lock_irqsave+0x120/0x120
[  188.927118][   T48]  ? kthread_data+0x4e/0xc0
[  188.931611][   T48]  ? wq_worker_running+0x97/0x190
[  188.936628][   T48]  worker_thread+0xa47/0x1200
[  188.941294][   T48]  ? __sched_text_start+0x8/0x8
[  188.946154][   T48]  kthread+0x28d/0x320
[  188.950206][   T48]  ? worker_clr_flags+0x190/0x190
[  188.955215][   T48]  ? kthread_blkcg+0xd0/0xd0
[  188.959787][   T48]  ret_from_fork+0x1f/0x30
[  188.964198][   T48]  </TASK>
[  188.967206][   T48] 
[  188.969507][   T48] Allocated by task 6821:
[  188.973811][   T48]  kasan_set_track+0x4b/0x70
[  188.978393][   T48]  __kasan_kmalloc+0x97/0xb0
[  188.982966][   T48]  __kmalloc+0xb2/0x230
[  188.987191][   T48]  sk_prot_alloc+0xe0/0x200
[  188.991682][   T48]  sk_alloc+0x36/0x350
[  188.995733][   T48]  bt_sock_alloc+0x37/0x130
[  189.000227][   T48]  l2cap_sock_create+0x11e/0x2b0
[  189.005152][   T48]  bt_sock_create+0x159/0x220
[  189.009813][   T48]  __sock_create+0x488/0x910
[  189.014394][   T48]  __sys_socket+0x136/0x3a0
[  189.018883][   T48]  __x64_sys_socket+0x76/0x80
[  189.023550][   T48]  do_syscall_64+0x3b/0xb0
[  189.027956][   T48]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  189.033835][   T48] 
[  189.036139][   T48] Freed by task 6820:
[  189.040103][   T48]  kasan_set_track+0x4b/0x70
[  189.044769][   T48]  kasan_save_free_info+0x27/0x40
[  189.049785][   T48]  ____kasan_slab_free+0xd6/0x120
[  189.054799][   T48]  __kmem_cache_free+0x25c/0x3c0
[  189.059723][   T48]  __sk_destruct+0x473/0x5f0
[  189.064299][   T48]  l2cap_sock_release+0x157/0x1d0
[  189.069311][   T48]  sock_close+0xcd/0x230
[  189.073539][   T48]  __fput+0x3b7/0x890
[  189.077511][   T48]  task_work_run+0x246/0x300
[  189.082089][   T48]  exit_to_user_mode_loop+0xde/0x100
[  189.087373][   T48]  exit_to_user_mode_prepare+0xb1/0x140
[  189.092907][   T48]  syscall_exit_to_user_mode+0x60/0x270
[  189.098440][   T48]  do_syscall_64+0x47/0xb0
[  189.102849][   T48]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  189.108732][   T48] 
[  189.111039][   T48] The buggy address belongs to the object at ffff888057f69000
[  189.111039][   T48]  which belongs to the cache kmalloc-2k of size 2048
[  189.125072][   T48] The buggy address is located 176 bytes inside of
[  189.125072][   T48]  2048-byte region [ffff888057f69000, ffff888057f69800)
[  189.138413][   T48] 
[  189.140717][   T48] The buggy address belongs to the physical page:
[  189.147116][   T48] page:ffffea00015fda00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57f68
[  189.157254][   T48] head:ffffea00015fda00 order:3 compound_mapcount:0 compound_pincount:0
[  189.165558][   T48] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  189.173538][   T48] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888012442000
[  189.182102][   T48] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  189.190662][   T48] page dumped because: kasan: bad access detected
[  189.197056][   T48] page_owner tracks the page as allocated
[  189.202747][   T48] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3621, tgid 3621 (kworker/1:7), ts 58501070181, free_ts 11057516845
[  189.224017][   T48]  post_alloc_hook+0x18d/0x1b0
[  189.228779][   T48]  get_page_from_freelist+0x31a1/0x3320
[  189.234317][   T48]  __alloc_pages+0x28d/0x770
[  189.238895][   T48]  alloc_slab_page+0x6a/0x150
[  189.243562][   T48]  new_slab+0x84/0x2d0
[  189.247624][   T48]  ___slab_alloc+0xc20/0x1270
[  189.252286][   T48]  __kmem_cache_alloc_node+0x19f/0x260
[  189.257730][   T48]  __kmalloc_node_track_caller+0xa0/0x220
[  189.263438][   T48]  __alloc_skb+0x135/0x670
[  189.267843][   T48]  alloc_skb_with_frags+0xa4/0x740
[  189.272945][   T48]  sock_alloc_send_pskb+0x915/0xa50
[  189.278304][   T48]  mld_newpack+0x1c0/0xa90
[  189.282706][   T48]  add_grec+0x1492/0x19a0
[  189.287017][   T48]  mld_ifc_work+0x68f/0xc90
[  189.291514][   T48]  process_one_work+0x8a9/0x11d0
[  189.296614][   T48]  worker_thread+0xa47/0x1200
[  189.301274][   T48] page last free stack trace:
[  189.305936][   T48]  free_unref_page_prepare+0xf63/0x1120
[  189.311465][   T48]  free_unref_page+0x33/0x3e0
[  189.316122][   T48]  free_contig_range+0x9a/0x150
[  189.320957][   T48]  destroy_args+0xfe/0x997
[  189.325360][   T48]  debug_vm_pgtable+0x416/0x46b
[  189.330198][   T48]  do_one_initcall+0x265/0x8f0
[  189.334947][   T48]  do_initcall_level+0x157/0x207
[  189.339868][   T48]  do_initcalls+0x49/0x86
[  189.344180][   T48]  kernel_init_freeable+0x45c/0x60f
[  189.349378][   T48]  kernel_init+0x19/0x290
[  189.353697][   T48]  ret_from_fork+0x1f/0x30
[  189.358102][   T48] 
[  189.360405][   T48] Memory state around the buggy address:
[  189.366014][   T48]  ffff888057f68f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  189.374058][   T48]  ffff888057f69000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  189.382103][   T48] >ffff888057f69080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  189.390142][   T48]                                      ^
[  189.395752][   T48]  ffff888057f69100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  189.403792][   T48]  ffff888057f69180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  189.411842][   T48] ==================================================================
[  189.419891][   T48] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  189.427072][   T48] CPU: 1 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.93-syzkaller #0
[  189.435131][   T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  189.445176][   T48] Workqueue: hci1 hci_rx_work
[  189.449850][   T48] Call Trace:
[  189.453117][   T48]  <TASK>
[  189.456046][   T48]  dump_stack_lvl+0x1e3/0x2cb
[  189.460722][   T48]  ? nf_tcp_handle_invalid+0x642/0x642
[  189.466173][   T48]  ? panic+0x764/0x764
[  189.470243][   T48]  ? lock_release+0xd6/0xa20
[  189.474827][   T48]  ? vscnprintf+0x59/0x80
[  189.479144][   T48]  panic+0x318/0x764
[  189.483028][   T48]  ? check_panic_on_warn+0x1d/0xa0
[  189.488128][   T48]  ? memcpy_page_flushcache+0xfc/0xfc
[  189.493489][   T48]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  189.499371][   T48]  ? _raw_spin_unlock+0x40/0x40
[  189.504209][   T48]  ? print_report+0x4a3/0x4f0
[  189.508872][   T48]  check_panic_on_warn+0x7e/0xa0
[  189.513795][   T48]  ? __lock_acquire+0x77/0x1f80
[  189.518637][   T48]  end_report+0x66/0x110
[  189.522882][   T48]  kasan_report+0x143/0x160
[  189.527372][   T48]  ? __lock_acquire+0x77/0x1f80
[  189.532302][   T48]  __lock_acquire+0x77/0x1f80
[  189.536971][   T48]  ? __lock_acquire+0x125b/0x1f80
[  189.542000][   T48]  lock_acquire+0x1f8/0x5a0
[  189.546495][   T48]  ? lock_sock_nested+0x66/0x100
[  189.551422][   T48]  ? lockdep_softirqs_on+0x590/0x590
[  189.556697][   T48]  ? read_lock_is_recursive+0x10/0x10
[  189.562151][   T48]  ? __local_bh_disable_ip+0x183/0x210
[  189.567693][   T48]  ? __might_sleep+0xb0/0xb0
[  189.572265][   T48]  ? lock_sock_nested+0x66/0x100
[  189.577189][   T48]  ? __bpf_trace_softirq+0x10/0x10
[  189.582297][   T48]  ? do_raw_read_unlock+0x38/0x70
[  189.587309][   T48]  ? _raw_read_unlock+0x24/0x40
[  189.592148][   T48]  ? l2cap_global_chan_by_psm+0x459/0x4c0
[  189.597856][   T48]  ? lock_sock_nested+0x66/0x100
[  189.602782][   T48]  _raw_spin_lock_bh+0x31/0x40
[  189.607537][   T48]  ? lock_sock_nested+0x66/0x100
[  189.612467][   T48]  lock_sock_nested+0x66/0x100
[  189.617308][   T48]  l2cap_sock_recv_cb+0x51/0x4e0
[  189.622326][   T48]  ? l2cap_recv_frame+0x1242/0x8bd0
[  189.627514][   T48]  l2cap_recv_frame+0x12ba/0x8bd0
[  189.632532][   T48]  ? l2cap_conn_unreliable+0x1a0/0x1a0
[  189.637979][   T48]  ? __mutex_unlock_slowpath+0x218/0x750
[  189.643599][   T48]  ? __lock_acquire+0x1f80/0x1f80
[  189.648614][   T48]  ? mutex_unlock+0x10/0x10
[  189.653098][   T48]  ? hci_conn_enter_active_mode+0x25c/0x360
[  189.659013][   T48]  ? l2cap_recv_acldata+0x2ed/0x1570
[  189.664286][   T48]  ? hci_conn_hash_lookup_handle+0x226/0x240
[  189.670261][   T48]  hci_rx_work+0x363/0xce0
[  189.674671][   T48]  ? process_one_work+0x7a9/0x11d0
[  189.679768][   T48]  process_one_work+0x8a9/0x11d0
[  189.684700][   T48]  ? worker_detach_from_pool+0x260/0x260
[  189.690324][   T48]  ? _raw_spin_lock_irqsave+0x120/0x120
[  189.695855][   T48]  ? kthread_data+0x4e/0xc0
[  189.700349][   T48]  ? wq_worker_running+0x97/0x190
[  189.705368][   T48]  worker_thread+0xa47/0x1200
[  189.710030][   T48]  ? __sched_text_start+0x8/0x8
[  189.714879][   T48]  kthread+0x28d/0x320
[  189.718931][   T48]  ? worker_clr_flags+0x190/0x190
[  189.723938][   T48]  ? kthread_blkcg+0xd0/0xd0
[  189.728510][   T48]  ret_from_fork+0x1f/0x30
[  189.732920][   T48]  </TASK>
[  189.736188][   T48] Kernel Offset: disabled
[  189.740493][   T48] Rebooting in 86400 seconds..