last executing test programs: 17.230602715s ago: executing program 3 (id=474): syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x200408, &(0x7f0000000ac0)=ANY=[@ANYBLOB='nodots,nodots,dots,dots,nodots,errors=continue,time_offset=0xfffffffffffffa93,dots,showexec,nodots,dots,gid=', @ANYRESHEX=0xee00, @ANYBLOB="2c646f74732c646f74732c6e66732c6e6f646f74732c646f74732c6e6f646f74732c646f74732c646f74732c6e6f646f74732c646f74732c646f74732c646f74732c636865636b3d72656c617865642c74696d655f6f66667365743d3078303030303030303030303030303437612c646f6e745f686173682c7365636c6162656c2c667373c322e2a50762a3d3fcae283b43ea02757569643d31643067586564382d353166312d62326634", @ANYRES64, @ANYRESDEC], 0x1, 0x1d3, &(0x7f00000007c0)="$eJzs3cFqE1EUBuAzsTapIHYniOCAG1dBfYKKRBAHRCULXSm0bhoRks3oxvoWPqAPIF11IyNmxsaWZGxjzJj0+zb5yTmTey+ESTY5eX3z3f7u+9Hbr9e/RKeTRGsnduIoie1oxS8HAQCsk6OiiG9FsdH0PgCA5ak+/8dmtHyvu94XBwBYPS9evnryIMt6z9O0E3F4kPfzfvlY1h89znp307HtyVWHed6/dFy/V9bTk/XLcSUitiLr3Z9a34w7t8fXf/5Ze/g0O1Vvx+6/Pz4AAAAAAAAAAAAAAAAAAAAAADSimx6bOt+n251VL9Nv84FOze/ZiBuGAwIAAAAAAAAAAAAAAAAAAMCZjD583H8zGOwNJ6EdESefmS8U12YuMS2kEfH3i543tGJ5a61aSP6PbZwzRDV1oqbn1mLe4c+u/qkn5nvlzYio79mqP+AiwuQe0W7m1gQAAAAAAAAAAAAAAAAAABdO9VvfZDhqeicAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Jzy//8He8N5wqeIOENztVTS8FEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYYz8CAAD//x8yIRo=") openat(0xffffffffffffff9c, 0x0, 0x42, 0x40) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x480c0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f00000005c0)=&(0x7f0000000580)) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) syz_clone(0xc30e3400, 0x0, 0x0, 0x0, 0x0, 0x0) truncate(0x0, 0x2fffffd) syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB='utf8,utf8,uid=', @ANYRESHEX=0xee01, @ANYBLOB=',iocharset=cp950,errors=remount-ro,utf8,errors=remount-ro,dmask=00000000000000000000003,time_offset=0x0000000000000006,gid=', @ANYRESHEX=0xee00, @ANYBLOB='- '], 0x1, 0x152b, &(0x7f0000002f80)="$eJzs3AmYjtXbAPD7Puc8Y0zS2yTLcM65H95kOSZJsiTJkiRJkmRLSJrkLwmJIVvSkIRkGZJlCMkyMWns+74kJEmTJCHZkvNdir/66r8vvuub+3ddzzXnfs9zn+c87/0+8yyzfNN5SI1GNas2ICL4l+AvX5IBIBYABgDANQAQAEDZ+LLxF/pzSkz+1zbC/r0eSrvSM2BXEtc/e+P6Z29c/+yN65+9cf2zN65/9sb1z964/oxlZ5umFbiWl+y78PP/7IzP//+PZJUa88WaUtd3AYj5e1O4/tkb1///reDvWYnrn71x/bOr2Cs9AfZ/AB//2UGOv9jD9c/euP6MZWdX+vnzf36Rf7UfItnhPfgr+88YY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjP0XnPaXKQC41L7S82KMMcYYY4wxxti/j89xpWfAGGOMMcYYY4yx/zwEARIUBBADOSAWckIcCAC4GnLDNRCBayEeroM8cD3khXyQHwpAAhSEQqDBgAWCEApDEYjCDVAUboRiUBxKQElwUAoS4SYoDTdDGbgFysKtUA5ug/JQASpCJbgdKsMdUAXuhKpwF1SD6lADasLdUAvugdpwL9SB+6Au3A/14AGoDw9CA3gIGsLD0AgegcbwKDSBptAMmkOLfyr/BegOL0IP6AnJ0At6w0vQB/pCP+gPA+BlGAivwCB4FVJgMAyB12AovA7D4A0YDiNgJLwJo+AtGA1jYCyMg1QYDxPgbZgI78AkmAxTYCqkwTSYDu/CDJgJs+A9mA3vwxyYC/NgPqTDB7AAFkIGfAiL4CPIhMWwBJbCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A474GPYCZ/ALtgNe/5cv38k/9Sv8j+FvdAFAQEFClSoMAZjMBZjMQ7jMBfmwtyYGyMYwXiMxzyYB/NiXsyP+TEBE7AQFkKDBgkJC2NhjGIUi2JRLIbFsASWQIcOEzERS+PNWAbLYFksi+WwHJbHClgBK2ElrIyVsQpWwapYFathNayBNfBuvBt7YW2sjXWwDtbFupceT2EDbIANsSE2wkbYGBtjE2yCzbAZtsAW2BJbYitshW2wDbbFttgO22ESJmF7bI8dsAN2xI7YCTthZ+yMXbArds16IQfgi/gi9sRqohf2xt7YB1Ny9MP+2B9fxoH4Cr6Cr2IKDsYh+Bq+hq/jMDyJw3EEjsSRWFm8haNxDJIYh6mYihNwAk7EiTgJJ+NknIppOA2n43ScgTNxJr6Hs/F9fB/n4lycj+mYjgtwIWZgBi7CU5iJi3EJLsVluByX4UpchStxDa7FNbge1+NG3IibcTNuxa24Hbfjx6gA8BPcjbsxBffiXtyH+3A/7scDeACzMAsP4kE8hIfwMB7GI3gEj+IxPI7H8ASewJN4Ck/jaTyLZ/EcPpfwVcOPi69OAXGBEkrEiBgRK2JFnIgTuUQukVvkFhEREfEiXuQReURekVfkF/lFgkgQhUQhYYQRJMIYABBRERVFRVFRTBQTJUQJ4YQTiSJRlBalRRlRRpQVt4py4jZRXlQQrV0lUUlUFm1cFXGnqCqqimqiuqghaoqaopaoJWqL2qKOqCPqirqinnhA1Be9sB8+JC5UppEYjI3FEGwimgp58QhoKYZhK9FatBFPiBE4HNuJli5JPC3ai9HYQfxJjMFnRScxDjuL50UX0VV0Ey+I7qKV6yF6iknYS/QWU7GP6Cv6if5iBlYX7+HsnDXEqyJFDBZDxGtiPr4uhok3xHAxQowUb4pR4i0xWowRY8U4kSrGiwnibTFRvCMmicliipgq0sQ0MV28K2aImWKWeE/MFu+LOWKumCfmi3TxgVggFooM8aFYJD4SmWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrvYIT4WO8UnYpfYLfaIT8Ve8ZnYJz4X+8UX4oD4UmSJr8RB8bU4JL4Rh8W34oj4ThwVx8Rx8b04IX4QJ8UpcVqcEWfFj+Kc+EmcF16ARCmklEoGMkbmkLEyp4yTV8lcMrj47l4r4+V1Mo+8XuaV+WR+WUAmyIKykNTSSCtJhrKwLCKj8gZZVN4oi8nisoQsKZ0sJRPlTbK0vFmWkbfIsvJWWU7eJsvLCrKirCRvl5XlHRIiv2yjmqwua8ia8m6ZDPfI2vJeWUfeJ+vK+2U9+YCsLx+UDeRDsqF8WDaSj8jG8lHZRDaVzWRz2UI+JlvKx2Ur2Vq2kU/ItvJJ2U4+JZPk07K99Bc/Is/KTvI52Vk+L7vIrrKb/Emel172kD0l9ALZW74k+8i+sp/sLwfIl+VA+YocJF+VKXKwHCJfk0Pl63KYfEMOlyPkSPmmHCXfkqPlGDlWjpOpcrycIN+WE+U7cpKcLKfIqTJNTpP9Lo40S8q/mf/2r/MvnHrlNDno561vlJvkZrlFbpXb5Ha5Q34sd8qdcpfcJffIPXKv3Cv3yX1yv9wvD8gDMktmyYPyoDwkD8nD8rA8Io/Io/KYPCO/lyfkD/KkPCVPyTPyrDwrz118D0ChEkoqpQIVo3KoWJVTxamrVC51tcqtrlERda2KV9epPOp6lVflU/lVAZWgCqpCSiujrCIVqsKqiIqqG/DiB0aVUCWVU6VUorrpH8lXRdWNqpgq/pv8S/NL/gvza6FaqJaqpWqlWqk2qo1qq9qqdqqdSlJJqr1qrzqoDqqj6qg6qU6qs+qsuqguqpvqprqr7qqH6qGSVbLqrV5SfVRf1U/1VwPUy2qgGqgGqUEqRaWoIWqIGqqGqmFqmBquhquRaqQapUap0Wq0GqvGqlSVqiaoCWqimqgmqUlqipqi0lSamq6mqxlqhpqlZqnZaraao+aoeWqeSlfpaoFaoDJUhlqkFqlMtVgtVkvVUrVcLVcr1Uq1Wq1Wa9VatV6tV5lqk9qktqgtapvapnaoHWqn2ql2qV1qj9qj9qq9ap/ap/ar/eqAOqCyVJY6qA6qQ+qQOqwOqyPqiDqqjqrj6rg6oU6ok+qkOq1Oq7PqrDqnzqnz6ryCQIAIRKACFcQEMUFsEBvEBXFBriBXkDvIHUSCSBAfxAd5guuDvEG+IH9QIEgICgaFAh2YwAbiYtGjwQ1B0eDGoFhQPCgRlAxcUCpIDG4KSgc3B2WCW4Kywa1BueC2oHxQIagYVApuDyoHdwRVgjuDqsFdQbWgelAjqBncHdQK7glqB/cGdYL7grrB/UG94IGgfvBg0CB4KGgYPBw0Ch4JGgePBk2CpkGzoHnQ4t86vvcn8z3ueuieOln30r31S7qP7qv76f56gH5ZD9Sv6EH6VZ2iB+sh+jU9VL+uh+k39HA9Qo/Ub+pR+i09Wo/RY/U4narH6wn6bT1Rv6Mn6cl6ip6q0/Q0PV2/q2fomXqWfk/P1u/rOXqunqfn63T9gV6gF+oM/aFepD/SmXqxXqKX6mV6uV6hV+pVerVeo9fqdXq93qA36k16s96it+pterveoT/WO/UnepferffoT/Ve/Znepz/X+/UX+oD+Umfpr/RB/bU+pL/Rh/W3+oj+Th/Vx/Rx/b0+oX/QJ/UpfVqf0Wf1j/qc/kmf1/7Cxf2F07tRRpkYE2NiTayJM3Eml8llcpvcJmIiJt7Emzwmj8lr8pr8Jr9JMAmmkClkLiBDprApbKImaoqaoqaYKWZKmBLGGWcSTaIpbUqbMqaMKWvKmnKmnClvypuKpqK53dxu7jB3mDvNneYuc5epbqqbmqamqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYZqaZaWFamJampWllWpk2po1pa9qadqadSTJJpr1pbzqYDqaj6Wg6mU6ms+lsupguppvpZrqb7qaH6WGSTbLpbXqbPqaP6Wf6mQFmgBloBppBZpBJMSlmiBlihpqhZpgZZoabEWbkhQtV85YZbcaYsWacSTWpZoKZYCaaiWaSmWSmmCkmzaSZ6Wa6mWFmmFlmlpltZps5Zo6ZZ+aZdJNuFpgFJsNkmEVmkck0mWaJWWKWmWVmhVlhVplVZo1ZY9bBOrPBbDCbzCazxWwx28w2s8PsMDvNTrPL7DJ7zB6z1+w1+8w+s9/sNwfMAZNlssxBc9AcMofMYXPYHDFHzFFz1Bw3x80Jc8KcNCfNaXPanDX5Lp4vvYm1OW2cvcrmslfb3PYa+7/j/LaATbAFbSGrbV6b7zexsdYWs8VtCVvSOlvKJtqbfheXtxVsRVvJ3m4r2ztsld/Ftew9tra919ax99ma9u7fxHXt/baefcTWRwSwTW1D29w2so/YxvZR28Q2tc1sc9vWPmnb2adskn3atrfP/C5eYBfaVXa1XWPX2l12tz1tz9hD9ht71v5oe9iedoB92Q60r9hB9lWbYgf/Lh5p37Sj7Ft2tB1jx9pxv4un2Kk2zU6z0+27doad+bs43X5gZ9sMO8fOtfPs/J/jC3PKsB/aRfYjm2kDWGKX2mV2uV1hV/55rkvtervBbrQ77Sd2i91qt9ntdselC2G72+6xn9q99jN70H5t99sv7AF72GbZr36OL+zfYfutPWK/s0ftMXvcfm9P2B/UpewL+/69/cmet94CIQFJUhRQDOWgWMpJcXQV5aKrKTddQxG6luLpOspD11Neykf5qQAlUEEqRJoMWSIKqTAVoSjdQJemV4JKkqNSlEg3UWm6mcrQLVSWbqVydBuVpwpUkSrR7VSZ7qAqdCdVpbuoGlWnGlST7qZadA/VpnupDt1Hdel+qkcPUH16kBrQQ9SQHqZG9Ag1pkepCTWlZtScWtBj1JIep1bUmtrQE9SWnqR29BQl0dPUnp6hDvQn6kjPUid6jjrT89SFulI3eoG604vUg3pSMvWi3vQS9aG+1I/60wB6mQbSKzSIXqUUGkxD6DUaSq/TMHqDhtMIGklv0ih6i0bTGBpL4yiVxtMEepsm0js0iSbTFJpKaTSNptO7NINm0ix6j2bT+zSH5tI8mk/p9AEtoIWUQR/SIvqIMmkxLaGltIyW0wpaSatoNa2htbSO1tMG2kibaDNtoa20jbbTDvqYdtIntIt20x76lPbSZ7SPPqf99AUdoC8pi76ig/Q1HaJv6DB963vSd3SUjtFx+p5O0A90kk7RaTpDZ+lHOkc/0XnyBCGGIpShCoMwJswRxoY5w7jwqjBXeHWYO7wmjITXhvHhdWGe8Powb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGwxvCouGNYbGweFgiLBm6sFSYGN4Ulg5vDsuEt4Rlw1vDcuFtYfmwQvjIfZXC28PK4R1hlfDOsGp4V1gtrB7WCGuGd4e1wnvC2uG9YZ3wvrBMeH9YL3wgrB8+GDYIHwobhg+HjcJHwsbho2GTsGnYLGwetggfC1uGj4etwtZhm/CJsG34ZNgufCpMCp8O24fP/Nx//8K/3J8c9gp7hy+FL4Xe3yvnRedH06MfRBdEF0Yzoh9GF0U/imZGF0eXRJdGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGva+ZAxw64aRTLnAxLoeLdTldnLvK5XJXu9zuGhdx17p4d53L4653eV0+l98VcAmuoCvktDPOOnKhK+yKuKi7wRV1N7pirrgr4Uo650q5RNfctXAtXEv3uGvlWrs27gn3hHvSPemeck+5p11794zr4P7kOrpnXSf3nHvOPe+6uK6um3vBdXfjc/9yTCa73q636+P6uH6unxvgBriBbqAb5Aa5FJfihrghbqgb6oa5YW64G+5GupFulBvlRrvRbqwb61JdqpvgJriJbqKb5Ca5KW6KS3Npbrqb7ma4Ga7yzF+2MsfNcfPcPJfu0t0Cd+GaMcMtcotcpst0S9wSt8wtcyvcCrfKrXJr3Bq3zq1zG9wGt8ltclvcFrfNbXM73A630+10u/w1vwzq9rp9bp/b7/a7A+5Ll+W+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZcaGR+ZEHk7MjHyTmRSZHJkSmRqJC0yLTI98m5kRmRmZFbkvcjsyPuROZG5kXmR+ZH0yAeRBZGFkYzIh5FFkY8imZHFkSWRpZFlkeUR7wtuCX1hX8RH/Q2+qL/RF/PFfQlf0jtfyif6m3xpf7Mv42/xZf2tvpy/zZf3FXxF/6hv4pv6Zr65b+Ef8y39476Vb+3b+Cd8W/+kb+ef8kn+ad/eP+M7+D/5jv5Z38k/5zv7530X39V38y/47v5F38P39Mm+l+/tX/J9fF/fz/f3A/zLfqB/xQ/yr/oUP9gP8a/5of51P8y/4Yf7EX5kzJt+1KVbZBjnU/14P8G/7Sf6d/wkP9lP8VN9mp/mp/t3/Qw/08/y7/nZ/n0/x8/18/x8n+4/8Av8Qp/hP/SL/Ec+0y++9FDSr/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3e/wH/ud/hO/y+/2e/ynfq//zO/zn/v9/gt/wH/ps/xX/qD/2h/y3/jD/lt/xH/nj/pj/rj/3p/wP/iT/pQ/7c/4s/5Hf87/5M/z36wxxhhjjP1dxl9uit/2/PI4v9cf5IhfrdwbAK7eWiDr1/0XrijX5f2l3VcktI0AwNM9Oz90aalWLTk5+eK6mRKCInMBLv0k6IIYuBwvhjbwJCRBayj9h/PvK7qepb8xfvRWgLhf5cTC5fjy+J8DYPIfjP/YEyMXlAtPx/+V8ecCFCtyOScnXI4XQ5ufn6+0hjJ/Yf75Wv6N+ef8IhWg1a9ycsHl+PL8E+FxeAaSfrMmY4wxxhhjjDH2i76iYsdL95+XfuPzj+7PE9TlnBxwOf5b9+eMMcYYY4wxxhi78p7t2u2px5KSWnf8xxtV/qmsv7vRGP5TI3PjDxveA1x6RQHAvzggwIWG/G/uxeb/yrZSLh46/7tr2RkfwP+NUv7zjbF/fuUKf2NijDHGGGOM/dtdvvr/7evqSk2IMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLhv4b/1fsSu8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9TwAAAP//HmP+kg==") 16.671229006s ago: executing program 2 (id=479): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'macvlan0\x00', 0x0}) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r4, &(0x7f00000000c0)="3f03fe7f37e9140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe955, 0x0, &(0x7f0000000540)={0xc9, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14) 15.215906536s ago: executing program 2 (id=480): syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000080)='./file0\x00', 0x115) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 14.660380148s ago: executing program 3 (id=481): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xbfffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1d1, 0x75}}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accb", 0x26}], 0x1}, 0x4) 14.636774553s ago: executing program 1 (id=482): r0 = socket$key(0xf, 0x3, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x39, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0xc6882) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0) 14.280209177s ago: executing program 0 (id=483): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e6400"], 0x3c}}, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000082180000140012800b00010062726964676500000400028008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x884) 9.558973373s ago: executing program 0 (id=484): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0xc0542, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r2, 0x0, &(0x7f0000001680)=""/227}, 0x20) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffd000/0x1000)=nil) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002, 0xff00000000000000}, 0x0, 0x0) r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x16) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, 0x0) 9.558771583s ago: executing program 1 (id=485): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$packet(0x11, 0x2, 0x300) r1 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x6) fchdir(r2) openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x121800, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108) r3 = gettid() timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) sched_getparam(r3, &(0x7f0000000080)) 9.558660553s ago: executing program 2 (id=486): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$packet(0x11, 0x2, 0x300) r1 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x6) 9.556706733s ago: executing program 3 (id=487): openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x46, 0x0, 0x0) ptrace(0x10, r1) ptrace$setregset(0x4205, r1, 0x1, &(0x7f0000000100)={0x0}) ptrace$setregset(0x4205, r1, 0x1, &(0x7f00000001c0)={0x0}) read$FUSE(r0, 0x0, 0x0) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800182, &(0x7f0000000680)=ANY=[], 0x1, 0x191, &(0x7f0000000480)="$eJzs3c+qElEcB/Cff5qkletoMdCmlVRPYIWCNBAULmpVYG00gtxMrXyL3qBX6XXClTsv3hHlyly4F64O1/l8Nn7xq5xzZjFnNWc+P/k+nfyYf/v77090Oo1o96Mfq0Z0oxmtKCwCADgnq/U6/q8LN/j56xNMCQA4slvu/wDAGbD/A0D92P8BoH4+fPz09lWWDd6naSdiucjH+bj4LPrhKBs8Ty919/9a5vm4tetfFH16tX8Qj7b9y9I+iWdPi37TvXmXHfQPY1I24X7jzq8BAAAAAAAAAAAAAAAAAAAAAACcWi/dKT3fp9dLrumLNBwl2+8Oz/dpx+N2yYDJUZYBAAAAAAAAAAAAAAAAAAAA99r81+/pl9ns609BEIRdqPrOBAAAAAAAAAAAAAAAAAAA9bN/6LfqmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAdfbv/z9e2IzTrHqhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU2kUAAAD//1z+TP8=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20) recvmsg$unix(r4, 0x0, 0x2000) shutdown(r3, 0x2) 8.219242408s ago: executing program 0 (id=488): openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) mq_open(0x0, 0x40, 0x59, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 8.218913419s ago: executing program 3 (id=489): syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0) eventfd(0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x8, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0x81, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x88, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r3 = socket(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) sendmsg$nl_route_sched(r3, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4) 5.193067795s ago: executing program 2 (id=490): socket$nl_netfilter(0x10, 0x3, 0xc) openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x20804, 0x0) syz_open_dev$usbmon(&(0x7f0000000140), 0x9, 0x80000) socket$nl_netfilter(0x10, 0x3, 0xc) io_uring_setup(0x25b0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000001d00)=ANY=[], 0x1, 0x5e7, &(0x7f0000000680)="$eJzs3cFvHFcdB/DvbBxnHaTUcZM2oEpYRaoQFsl6LZGUC1AKslCFKnHgbBEnsbJJK3uL3B4gIA4Vp/4JRcj/AOJYpBxoDxzg1LNRj0jcfdtqZmfX62TrJrab3TSfjzT73ps38/b3fjM7mVkr2gDPrNWlzNxPkdWlN7bL9u7OSmd3Z+XOoJ7kTJJG0kxSlKv/nuSz5F76S7456BgpH/LpR82bn3zw8fv9VjlWs5jpb18ctt+jGcYy34+1Kk9qvPbxxzsww4Uki8ceD05Ab+C/Y7uP+bkEAKZZkZwat34+OVvfsJfPAf274v499lPt3qQDAAAAgCfgub3sZTvnJh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPE3q3/8v6qUxqC+mGPz+/2y9LnX9qXZ/0gEAAAAAAAAAwAn49l72sp1zg3avqP7m/3LVuFC9fiPvZCvr2czlbGct3XSzmeUk8yMDzW6vdbuby4+wZ3vsnu0nM18AAAAAAAAA+Jr6Y1b3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADToEhO9YtquTCoz6cxk6SZZLbc7l7yn0H9aXZ/0gEAAADAE/DcXvaynXODdq+onvlfqJ77m3knd9PNRrrpZD3Xq+8C+k/9jd2dlc7uzsqdcnl43J/8/7HCqEZM/7uH8e98qdpiLjeyUa25nN/krXRyPY1qz9KlQTzj4/pDGVPxo9ojRna9LsuZ/6Iup8N8lZHTw4y06tjKbJw/PBOPeXQefKflNIbf/Fz4CnJ+ti7L+bw+1Tlvj5x9LxyeiWTh13++eqtz9/atG1tL0zOlI3owEysjmXjxmcpEq8rExWF7NT/Pr7KUxbyZzWzkt1lLN+tZzOtVba0+n8vX+cMz9eMDrTe/LJLZ+rj0r6KPF9PL1b7nspFf5q1cr45oK1dzNe38IK+mdeAIXxwb9+97dfder9dL4/E+9d/5bl05neRndTkdyryeH8nr6DV3vuobXbOfpYWTvzbOfKuulGfPa1N3bTz/wL8Sg0w8f3gm/lKdOFudu7c3b629/Yjv90pdlhn46TATM/Xa3qkTmdSRlOfLwjCWg2dH2ff82L7lqu/CsK/xUN/FYd+XfVJn63u4h0dqV30vju3r73dppG/c/RYAU+/s987Ozv1v7t9zH879ae7W3BvN185cO/PSbE7/8/QPZ1qnXmm8VPwtH+Z3+8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0W29+97ttU5nffPIlcEvER13HBUVlempTPrKBHzVrnTvvH1l6933vr9xZ+3m+s31u6+2rl1bXl6+2rpyY6OzXr9OOkoA4CTt3/RPOhIAAAAAAAAAAAAAAOCLPIn/TjzpOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9vq0uZuZ8iy63LrbK9u7PSKZdBfX/LZpKirPwjyWfJvfSXzI8MV3zR+3z6UfPmJx98/P7+WM1q+3+1T2IWB2JpPBDTccdrj4z31yMNVwwzs5hkoS5h4j4PAAD//6e3Br8=") listxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)) socket$inet_sctp(0x2, 0x1, 0x84) openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) 5.188721964s ago: executing program 0 (id=491): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) execve(0x0, 0x0, 0x0) modify_ldt$write(0x1, 0x0, 0x0) r1 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r1, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4}) getpid() ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000380)={0x0, 0x5, 0x200d, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 5.12513815s ago: executing program 1 (id=492): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) openat$comedi(0xffffff9c, 0x0, 0x2000, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) ioctl$sock_SIOCSIFBR(r3, 0x8941, &(0x7f00000002c0)=@generic={0x1, 0xffffffffffffffff, 0x6}) 4.521812112s ago: executing program 1 (id=493): r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_PCM_IOCTL_STATUS64(0xffffffffffffffff, 0xc0884123, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x18) connect$inet6(r0, &(0x7f0000000240)={0xa, 0xffff, 0xffffffff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c) read(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000001840), 0x3b, 0x0) 4.521636672s ago: executing program 3 (id=494): read(0xffffffffffffffff, 0x0, 0x0) setpriority(0x2, 0xff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfffffd9d) r1 = socket(0x1e, 0x4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$tipc(r1, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendfile(r1, r0, 0x0, 0x8010002b) 3.421681378s ago: executing program 1 (id=495): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) symlinkat(&(0x7f0000002740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000880)='./file0\x00') r4 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0xdcb8, 0x10, 0x1, 0x89}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x77, 0x10000}) io_uring_enter(r4, 0x3518, 0xaddf, 0x2, 0x0, 0x0) 3.421526768s ago: executing program 2 (id=496): syz_open_dev$vim2m(0x0, 0x47b, 0x2) mknod$loop(0x0, 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) execve(0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x0) 1.214508149s ago: executing program 2 (id=497): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3M1rI2UYAPAn/djtfrgW8eBtBxahhU1o+rHoreoufmCXsurBk6ZJGrKbZEqTprUnDx7Fg/+JKHjy6N/gwbM38aB4E5TMTHXrBwhNm+3294PJM++bN888b1gWnpmSAC6s+eTXn0txI65ExHREXI/IzkvFkVnPwwsRcTMiph47SsX8nxOXIuJqRNwYJc9zloq3Pr89vLX201u/fPPd5ZlrX3z9/eR2DUzaixHR3cnP97t5TFt5fFjM14btLHZXh0XM3+g+KsZpHvebW1mG/drRuloWV1r5+nRnrz+K251afRRb7e1sfqeXX7A/bB3lyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsoSx+DwVHM55sHzXw/O4+yWO8Nivk8b9poHozisIjF5aKedhpZHVsn+aafbG+3e3sHybC522+nvWStUn2pUr1Tru6mjeaguVqudRt3VpOFVme0rDxo1rrrrTRtdZqVetpdTBZa9Xq5Wk0W7ja32rVeUq1WVipL5bXF4ux28vr995JOI1kYxVfbvb1Bu9NPttPdJP/EYrJcWXl5MblVTd7Z2Ew2H9y7t7H57gd337//ysabrxWL/lFWsrC8tLxcri6Vl6uLF2j/nxRFj3H/cCKlSRcAcP7o/4FJOL3+f/dBxOn3/6H/H4tz1f9e9P7/FPYPJ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sH6Y/fKN7GQ+H18r5p8ppp4rxqWImIqI3//FdFw6lnO6yDP7H+tn/1bDt6XIMoyucbk4rkbEenH89uxpfwsAAADw9Prq45uf5d16/jI/6YI4S/lNm6nrH44p31xEzM7/OKZsU6OX58eULPv3PRMHY8qW3cCaG1Oy/JbbzLiy/S/Tx8LcY6GUh6kzLQcAADgTxzuBs+1CAAAAOEufTroAJqMUR48yj54FZ395/9cDwSvHRgAAAMA5VJp0AQAAAMCpy/p/v/8HAAAAT7f89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3bu5zZxIIoD8LPBC/tPi1Z731b2BmVsCXvcY0QBaYICciAtpAFqILeUEEGExyEQcYjksa1E3yc5k7HMjzcIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KX7ar24vfp93TZnt28nz2gAAACAS7bVelH/M0v9r839782tn02/iIgyIi7N3Ufx6Sxz1ORUL8/fnD5fvarhLqJOOLzHpLm+RMSf5nr80fWnAAAAAB/XZrmap9l6+jMbuiD6lBZtym9/M+UVEVHNHjKllYe8X5nC6u/3OP5nSqsXsKaZwtKS2zhX2pvUP/fjqt30pClSU1582bHIbGMHAAB6NDpr+p2FAAAA0Kd/QxfAMIp43so8bgVOUtNs730+6wEAAADvUDF0AQAAAEDn6vl/T+f/7Z3/BwAAAMNI5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21XmyWq3nbnN2+nTyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5n9c4qjgA4G9mdra2Kq5R9hARBQ96sdttbe1NPCjBg3+CENJtjd36o83BliLm4k1y7kX0KCIo8db/IecEcom3HPYQwbMyszPZyQ9w/TWzST4fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBp9PYkTrJDZxzHxbnNvYdLWb91qM88Xtuez1oWR3UmfTK8WP0QdZtLBAAAgLMjKev7EMJOur6Q9XEnr//T8pqs5v/26XFc1vOH6/6yL2v/rP3y8+7z+wN1xuNkN725PBxcOppK6/+b5Wx75i+vaOVPPn/3kuRfSPze6nOjNH+e0dcbG++08/BcHdkCAP/ExbIvgvL3oazvN5kYAGdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6jFbDk2UchRDmW5M4s7X3cOm4/vHa9nzZrj16tBa+nNwzu0UaQri5PBxcqnU2s+3e/Qe3F4fDwd36g5dCCE2N/lYx/dsfTHFxCI08H8F/FMTFlz0r+ZyMoMEfSgAAnEpp0bK6fiddX8jORXMh/PHdwfr/1Uocpqz/dz+8tlkdq1r/92ub4ezrrdz5tHfv/oPXl+8s3hrcGnz8xuX+m/0r169evd7L35X0vDEBAADg32kXrVr/x3NH1/8vVOIwZf3/2Tf9L6pjJer/Y00W/ZrOBAAA4Gx79uXff4uOOR+12+HzxZWVu/3xcf/z5fGxgVT/tnNFq9b/yVzTWQEAAAB1GK1GB9b/b1TiMOX6/1Pfv/Bj9Z5JCOF8sf5/cemT4Y36pjPT6vhz4qbnCAAAQLPOF626/p/m+//j/S0PcQjhtVfGcfFvAKeq/5N3v/qhOlZ1//+V+qY4k+Lu+HnkfTeEVrfpjAAAADjNnihaVuz/mq4vfPTThffb9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O3PAAAA//9WwT6Z") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103242, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) pipe2$9p(&(0x7f0000000240), 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000012c0)=ANY=[@ANYRES8=r2], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 1.17292131s ago: executing program 1 (id=498): openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) mq_open(0x0, 0x40, 0x59, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.057726646s ago: executing program 0 (id=499): openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8) close_range(r2, 0xffffffffffffffff, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@func_proto={0x0, 0x0, 0x0, 0x5}]}, {0x0, [0x30]}}, 0x0, 0x27}, 0x28) 755.142741ms ago: executing program 3 (id=500): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0xc0542, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r2, 0x0, &(0x7f0000001680)=""/227}, 0x20) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffd000/0x1000)=nil) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002, 0xff00000000000000}, 0x0, 0x0) r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x16) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, 0x0) 0s ago: executing program 0 (id=501): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$packet(0x11, 0x2, 0x300) r1 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.113' (ED25519) to the list of known hosts. [ 64.216484][ T5756] cgroup: Unknown subsys name 'net' [ 64.351472][ T5756] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.884286][ T5756] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.378123][ T5776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.388085][ T5776] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.397865][ T5776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.407772][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.416640][ T5776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.422067][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.425750][ T5776] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.441692][ T5776] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.450053][ T5776] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.451515][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.461484][ T5776] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.474793][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.477706][ T5782] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.492934][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.496925][ T5782] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.501877][ T5783] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.509013][ T5782] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.528498][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.537651][ T5782] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.544464][ T5783] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.545929][ T5782] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.567606][ T5783] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.579248][ T5783] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.593345][ T5783] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.970490][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 68.066084][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 68.174107][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.181867][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.189459][ T5769] bridge_slave_0: entered allmulticast mode [ 68.196407][ T5769] bridge_slave_0: entered promiscuous mode [ 68.207439][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 68.223151][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 68.249280][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.257273][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.265146][ T5769] bridge_slave_1: entered allmulticast mode [ 68.272020][ T5769] bridge_slave_1: entered promiscuous mode [ 68.364690][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.379000][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.388792][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.397972][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.406139][ T5770] bridge_slave_0: entered allmulticast mode [ 68.413929][ T5770] bridge_slave_0: entered promiscuous mode [ 68.449362][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.458100][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.466195][ T5770] bridge_slave_1: entered allmulticast mode [ 68.473577][ T5770] bridge_slave_1: entered promiscuous mode [ 68.544666][ T5769] team0: Port device team_slave_0 added [ 68.561236][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.569324][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.576959][ T5767] bridge_slave_0: entered allmulticast mode [ 68.586411][ T5767] bridge_slave_0: entered promiscuous mode [ 68.595134][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.603477][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.611275][ T5767] bridge_slave_1: entered allmulticast mode [ 68.619120][ T5767] bridge_slave_1: entered promiscuous mode [ 68.629118][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.643485][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.657411][ T5769] team0: Port device team_slave_1 added [ 68.664824][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.672242][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.680277][ T5768] bridge_slave_0: entered allmulticast mode [ 68.687793][ T5768] bridge_slave_0: entered promiscuous mode [ 68.733351][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.742104][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.750767][ T5768] bridge_slave_1: entered allmulticast mode [ 68.758352][ T5768] bridge_slave_1: entered promiscuous mode [ 68.803029][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.818033][ T5770] team0: Port device team_slave_0 added [ 68.828997][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.841187][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.855176][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.866673][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.875430][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.905347][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.920621][ T5770] team0: Port device team_slave_1 added [ 68.969220][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.976711][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.004012][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.046864][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.054567][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.081072][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.109939][ T5768] team0: Port device team_slave_0 added [ 69.127925][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.135709][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.161994][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.182259][ T5767] team0: Port device team_slave_0 added [ 69.190507][ T5768] team0: Port device team_slave_1 added [ 69.212152][ T5769] hsr_slave_0: entered promiscuous mode [ 69.219307][ T5769] hsr_slave_1: entered promiscuous mode [ 69.229457][ T5767] team0: Port device team_slave_1 added [ 69.296906][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.304259][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.331376][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.348782][ T5770] hsr_slave_0: entered promiscuous mode [ 69.357909][ T5770] hsr_slave_1: entered promiscuous mode [ 69.364481][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.372692][ T5770] Cannot create hsr debugfs directory [ 69.399532][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.407035][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.434997][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.448276][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.456251][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.484782][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.518727][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.526451][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.553432][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.565457][ T5774] Bluetooth: hci2: command tx timeout [ 69.573608][ T5783] Bluetooth: hci3: command tx timeout [ 69.615799][ T5768] hsr_slave_0: entered promiscuous mode [ 69.622346][ T5768] hsr_slave_1: entered promiscuous mode [ 69.629236][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.637186][ T5768] Cannot create hsr debugfs directory [ 69.643843][ T5783] Bluetooth: hci0: command tx timeout [ 69.649626][ T5783] Bluetooth: hci1: command tx timeout [ 69.700560][ T5767] hsr_slave_0: entered promiscuous mode [ 69.708402][ T5767] hsr_slave_1: entered promiscuous mode [ 69.715382][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.723510][ T5767] Cannot create hsr debugfs directory [ 70.048986][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.073934][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.095282][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.105349][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.166534][ T5769] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.189367][ T5769] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.200774][ T5769] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.225116][ T5769] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.319504][ T5768] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.332473][ T5768] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.346048][ T5768] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.360975][ T5768] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.462528][ T5767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.481656][ T5767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.492495][ T5767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.502797][ T5767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.521445][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.582031][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.628632][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.636273][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.663042][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.670355][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.690716][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.716385][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.781342][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.799612][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.829258][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.837060][ T3501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.865575][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.880514][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.887805][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.898171][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.905551][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.920043][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.927356][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.970383][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.066062][ T4315] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.073762][ T4315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.106356][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.113832][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.282776][ T5767] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.440256][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.552130][ T5770] veth0_vlan: entered promiscuous mode [ 71.610121][ T5770] veth1_vlan: entered promiscuous mode [ 71.644750][ T5783] Bluetooth: hci3: command tx timeout [ 71.651313][ T5783] Bluetooth: hci2: command tx timeout [ 71.673172][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.688807][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.724445][ T5774] Bluetooth: hci0: command tx timeout [ 71.730341][ T5783] Bluetooth: hci1: command tx timeout [ 71.734677][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.742565][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.762343][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.779184][ T5770] veth0_macvtap: entered promiscuous mode [ 71.799572][ T5770] veth1_macvtap: entered promiscuous mode [ 71.849846][ T5768] veth0_vlan: entered promiscuous mode [ 71.868513][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.895371][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.906058][ T5767] veth0_vlan: entered promiscuous mode [ 71.912603][ T5768] veth1_vlan: entered promiscuous mode [ 71.947623][ T5767] veth1_vlan: entered promiscuous mode [ 71.956468][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.971149][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.980817][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.990641][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.011838][ T5769] veth0_vlan: entered promiscuous mode [ 72.070348][ T5768] veth0_macvtap: entered promiscuous mode [ 72.081481][ T5769] veth1_vlan: entered promiscuous mode [ 72.110509][ T5768] veth1_macvtap: entered promiscuous mode [ 72.171217][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.182318][ T5767] veth0_macvtap: entered promiscuous mode [ 72.187315][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.250432][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.263585][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.277655][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.293489][ T5767] veth1_macvtap: entered promiscuous mode [ 72.307432][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.312125][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.320496][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.328987][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.347040][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.366012][ T5769] veth0_macvtap: entered promiscuous mode [ 72.374920][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.386569][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.396956][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.407815][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.421911][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.430848][ T5768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.441063][ T5768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.451388][ T5768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.460512][ T5768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.488430][ T5769] veth1_macvtap: entered promiscuous mode [ 72.516340][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.528416][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.544471][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.560926][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.591111][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.598360][ T5827] syz.3.4[5827]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.619099][ T5767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.629671][ T5767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.643499][ T5827] loop3: detected capacity change from 0 to 512 [ 72.650348][ T5767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.650418][ T5767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.697627][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.716804][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.727703][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.739775][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.750832][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.756819][ T5827] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.763821][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.778420][ T5827] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 72.793217][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.865792][ T5827] Quota error (device loop3): do_check_range: Getting dqdh_next_free 256 out of range 0-6 [ 72.888670][ T5827] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 72.908925][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.921930][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.923213][ T5827] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.4: Failed to acquire dquot type 0 [ 72.934366][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.961836][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.972418][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.990551][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.002999][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.019972][ T5769] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.031795][ T5769] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.042092][ T5769] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.051590][ T5769] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.109285][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.200501][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.210519][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.353219][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.373843][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.413945][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.437145][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.485732][ T3495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.499120][ T3495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.613013][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.629694][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.700833][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.727046][ T5774] Bluetooth: hci3: command tx timeout [ 73.734525][ T5783] Bluetooth: hci2: command tx timeout [ 73.804965][ T5783] Bluetooth: hci1: command tx timeout [ 73.811984][ T5774] Bluetooth: hci0: command tx timeout [ 73.854012][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.716333][ T5842] netlink: 'syz.1.6': attribute type 4 has an invalid length. [ 74.872079][ T5846] loop0: detected capacity change from 0 to 512 [ 74.913437][ T5846] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 74.973898][ T5846] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 75.073514][ T5846] EXT4-fs (loop0): 1 truncate cleaned up [ 75.091405][ T5846] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.193344][ T787] IPVS: starting estimator thread 0... [ 75.303893][ T5852] IPVS: using max 24 ests per chain, 57600 per kthread [ 75.307218][ T5854] netlink: 52 bytes leftover after parsing attributes in process `syz.2.8'. [ 75.313519][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.824192][ T5783] Bluetooth: hci3: command tx timeout [ 75.830777][ T5774] Bluetooth: hci2: command tx timeout [ 75.918390][ T5783] Bluetooth: hci1: command tx timeout [ 75.925466][ T5774] Bluetooth: hci0: command tx timeout [ 76.171756][ T5865] gfs2: not a GFS2 filesystem [ 76.730024][ T5870] loop2: detected capacity change from 0 to 2048 [ 76.754236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.763534][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.825775][ T28] audit: type=1804 audit(1772742847.676:2): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.14" name="bus" dev="ramfs" ino=7604 res=1 errno=0 [ 76.913158][ T28] audit: type=1804 audit(1772742847.686:3): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.14" name="bus" dev="ramfs" ino=7604 res=1 errno=0 [ 76.942222][ T5877] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 77.031894][ T5880] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 77.283013][ T5870] debugfs: Directory 'netdev:nicvf0' with parent 'phy8' already present! [ 79.324038][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 79.756656][ T5898] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.733036][ T5917] syz.1.25 uses obsolete (PF_INET,SOCK_PACKET) [ 81.981810][ T27] cfg80211: failed to load regulatory.db [ 82.024476][ T5919] Zero length message leads to an empty skb [ 82.045021][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 82.162719][ T5922] loop2: detected capacity change from 0 to 256 [ 82.174425][ T5922] ======================================================= [ 82.174425][ T5922] WARNING: The mand mount option has been deprecated and [ 82.174425][ T5922] and is ignored by this kernel. Remove the mand [ 82.174425][ T5922] option from the mount to silence this warning. [ 82.174425][ T5922] ======================================================= [ 82.351233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 82.399895][ T5922] FAT-fs (loop2): Directory bread(block 64) failed [ 82.418347][ T5922] FAT-fs (loop2): Directory bread(block 65) failed [ 82.452861][ T5922] FAT-fs (loop2): Directory bread(block 66) failed [ 82.478434][ T5922] FAT-fs (loop2): Directory bread(block 67) failed [ 82.502139][ T5922] FAT-fs (loop2): Directory bread(block 68) failed [ 82.533392][ T5922] FAT-fs (loop2): Directory bread(block 69) failed [ 82.572582][ T5922] FAT-fs (loop2): Directory bread(block 70) failed [ 82.594229][ T5922] FAT-fs (loop2): Directory bread(block 71) failed [ 82.627972][ T5922] FAT-fs (loop2): Directory bread(block 72) failed [ 82.648823][ T5922] FAT-fs (loop2): Directory bread(block 73) failed [ 83.170793][ T5932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30'. [ 83.474239][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 83.615270][ T5938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.33'. [ 83.714249][ T23] usb 3-1: Using ep0 maxpacket: 16 [ 83.747310][ T23] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 83.766943][ T23] usb 3-1: config 0 has no interface number 0 [ 83.799983][ T23] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 83.835006][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.863455][ T23] usb 3-1: Product: syz [ 83.875968][ T23] usb 3-1: Manufacturer: syz [ 83.905462][ T23] usb 3-1: SerialNumber: syz [ 85.286669][ T23] usb 3-1: config 0 descriptor?? [ 85.384925][ T23] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 85.454698][ T5950] netlink: 'syz.1.36': attribute type 13 has an invalid length. [ 87.918631][ T23] gspca_spca1528: reg_r err -110 [ 88.091364][ T23] spca1528: probe of 3-1:0.1 failed with error -110 [ 88.294934][ T8] usb 3-1: USB disconnect, device number 2 [ 88.410155][ T5979] loop0: detected capacity change from 0 to 256 [ 88.965820][ T5979] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 89.104808][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.113841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 89.213076][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 89.221995][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.285692][ T6008] process 'syz.2.53' launched './file1' with NULL argv: empty string added [ 91.028170][ T6010] loop1: detected capacity change from 0 to 256 [ 91.126784][ T6010] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 91.144199][ T6012] loop2: detected capacity change from 0 to 128 [ 91.209378][ T6014] syzkaller0: entered promiscuous mode [ 91.224613][ T6014] syzkaller0: entered allmulticast mode [ 91.354384][ T6012] loop2: detected capacity change from 0 to 2048 [ 91.379904][ T6014] tipc: Started in network mode [ 91.386950][ T6014] tipc: Node identity fe24ec7dbc65, cluster identity 4711 [ 91.400191][ T6014] tipc: Enabled bearer , priority 0 [ 91.405088][ T6012] loop2: p1 < > p2 p3 < p5 p6 > p4 [ 91.413512][ T6012] loop2: partition table partially beyond EOD, truncated [ 91.423838][ T6013] tipc: Resetting bearer [ 91.432394][ T6012] loop2: p1 start 4278190080 is beyond EOD, truncated [ 91.439495][ T6012] loop2: p2 start 16908800 is beyond EOD, truncated [ 91.464747][ T6012] loop2: p4 start 11326 is beyond EOD, truncated [ 91.478735][ T6012] loop2: p5 start 16908800 is beyond EOD, truncated [ 91.489491][ T6012] loop2: p6 start 11326 is beyond EOD, truncated [ 91.527231][ T6013] tipc: Disabling bearer [ 91.537790][ T5137] loop2: p1 < > p2 p3 < p5 p6 > p4 [ 91.543184][ T5137] loop2: partition table partially beyond EOD, truncated [ 91.557659][ T5137] loop2: p1 start 4278190080 is beyond EOD, truncated [ 91.572492][ T5137] loop2: p2 start 16908800 is beyond EOD, truncated [ 91.621353][ T5137] loop2: p4 start 11326 is beyond EOD, truncated [ 91.631451][ T5137] loop2: p5 start 16908800 is beyond EOD, truncated [ 91.673637][ T5137] loop2: p6 start 11326 is beyond EOD, truncated [ 92.066695][ T6024] loop1: detected capacity change from 0 to 32768 [ 92.089039][ T6024] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.60 (6024) [ 92.112743][ T6024] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 92.123321][ T6024] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 92.132359][ T6024] BTRFS info (device loop1): using free space tree [ 92.323369][ T6016] udevd[6016]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 92.944172][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.957299][ T6024] BTRFS info (device loop1): enabling ssd optimizations [ 92.964522][ T6024] BTRFS info (device loop1): auto enabling async discard [ 93.013576][ T6016] udevd[6016]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 93.627642][ T5768] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 93.662130][ T6050] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.669576][ T5774] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 95.680010][ T5774] Bluetooth: hci3: Injecting HCI hardware error event [ 95.689322][ T5774] Bluetooth: hci3: hardware error 0x00 [ 98.262131][ T6073] syzkaller0: entered promiscuous mode [ 98.278088][ T6073] syzkaller0: entered allmulticast mode [ 98.606647][ T5774] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 98.620700][ T6073] tipc: Enabled bearer , priority 0 [ 98.677212][ T6071] tipc: Resetting bearer [ 98.740626][ T6071] tipc: Disabling bearer [ 100.616244][ T6091] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.625549][ T6091] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.634407][ T6091] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.644012][ T6091] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.689583][ T6091] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 101.112985][ T6102] loop2: detected capacity change from 0 to 2048 [ 101.253209][ T6102] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 102.188438][ T6106] syzkaller0: entered promiscuous mode [ 102.200682][ T6106] syzkaller0: entered allmulticast mode [ 105.798261][ T6132] loop3: detected capacity change from 0 to 128 [ 105.814022][ T6130] Illegal XDP return value 4294967294 on prog (id 20) dev syz_tun, expect packet loss! [ 105.836302][ T6132] FAT-fs (loop3): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 105.942453][ T6016] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 106.114668][ T6139] syzkaller0: entered promiscuous mode [ 106.120472][ T6139] syzkaller0: entered allmulticast mode [ 107.654827][ T6160] syzkaller0: entered promiscuous mode [ 107.672547][ T6160] syzkaller0: entered allmulticast mode [ 112.191072][ T6193] team_slave_0: entered promiscuous mode [ 112.197263][ T6193] team_slave_1: entered promiscuous mode [ 112.915438][ T6193] vlan2: entered promiscuous mode [ 112.932204][ T6193] team0: entered promiscuous mode [ 113.057823][ T6199] tipc: Started in network mode [ 113.062771][ T6199] tipc: Node identity 129fb9248b5a, cluster identity 4711 [ 113.155303][ T6199] tipc: Enabled bearer , priority 0 [ 113.204488][ T6201] syzkaller0: entered promiscuous mode [ 113.210123][ T6201] syzkaller0: entered allmulticast mode [ 113.335731][ T6199] tipc: Resetting bearer [ 113.357165][ T6196] tipc: Resetting bearer [ 114.201097][ T6196] tipc: Disabling bearer [ 114.258053][ T8] tipc: Node number set to 2579872036 [ 114.272948][ T6213] warning: `syz.2.110' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 114.450997][ T6213] netlink: 'syz.2.110': attribute type 10 has an invalid length. [ 115.214179][ T6213] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 115.312220][ T6227] syzkaller0: entered promiscuous mode [ 115.318377][ T6227] syzkaller0: entered allmulticast mode [ 117.304196][ T6245] netlink: 16 bytes leftover after parsing attributes in process `syz.3.118'. [ 117.517986][ T6248] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 117.517986][ T6248] The task syz.1.117 (6248) triggered the difference, watch for misbehavior. [ 117.852630][ T6253] loop3: detected capacity change from 0 to 256 [ 119.561788][ T6268] syzkaller0: entered promiscuous mode [ 119.614436][ T6268] syzkaller0: entered allmulticast mode [ 120.103142][ T6275] syzkaller0: entered promiscuous mode [ 120.124601][ T6275] syzkaller0: entered allmulticast mode [ 122.777558][ T23] IPVS: starting estimator thread 0... [ 123.553902][ T6292] IPVS: using max 22 ests per chain, 52800 per kthread [ 126.978316][ T6321] binder: 6319:6321 ioctl 4018620d 0 returned -22 [ 128.971158][ T6343] syzkaller0: entered promiscuous mode [ 129.678273][ T6343] syzkaller0: entered allmulticast mode [ 133.266019][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.272435][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.747470][ T5774] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 135.242833][ T6401] syzkaller0: entered promiscuous mode [ 135.263330][ T6401] syzkaller0: entered allmulticast mode [ 135.282274][ T6401] 0: reclassify loop, rule prio 0, protocol 800 [ 135.483980][ T5808] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 135.685076][ T5808] usb 2-1: device descriptor read/64, error -71 [ 136.003972][ T5808] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 136.228126][ T5808] usb 2-1: device descriptor read/64, error -71 [ 136.354619][ T5808] usb usb2-port1: attempt power cycle [ 137.244170][ T6424] netlink: 'syz.2.165': attribute type 4 has an invalid length. [ 137.252091][ T5808] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 137.315544][ T5808] usb 2-1: device descriptor read/8, error -71 [ 137.584390][ T5808] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 137.624746][ T5808] usb 2-1: device descriptor read/8, error -71 [ 137.898941][ T5808] usb usb2-port1: unable to enumerate USB device [ 139.202173][ T6437] netlink: 'syz.1.171': attribute type 1 has an invalid length. [ 139.293830][ T6437] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 139.305285][ T6437] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 140.904471][ T6456] tipc: Started in network mode [ 140.929631][ T6456] tipc: Node identity cee83778af3c, cluster identity 4711 [ 140.958934][ T6456] tipc: Enabled bearer , priority 0 [ 140.975807][ T6458] syzkaller0: entered promiscuous mode [ 140.990253][ T6458] syzkaller0: entered allmulticast mode [ 141.078110][ T6456] tipc: Resetting bearer [ 141.094390][ T6455] tipc: Resetting bearer [ 141.374521][ T6455] tipc: Disabling bearer [ 142.493774][ T6467] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.502903][ T6467] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.608108][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x495a [ 142.619791][ T6471] kvm_intel: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x100b [ 142.655346][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x5956 [ 142.692191][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x9c5 [ 142.737344][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x61ea [ 142.778376][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x4939 [ 142.820246][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 142.841058][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x4a56 [ 142.877522][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x10c8 [ 142.927017][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x2262 [ 142.940644][ T6471] kvm: kvm [6470]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 143.065228][ T6471] kvm_intel: kvm [6470]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x19c2 [ 144.702063][ T5808] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 144.937683][ T5808] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 144.955064][ T6487] loop1: detected capacity change from 0 to 64 [ 144.959552][ T5808] usb 1-1: config 0 has no interfaces? [ 144.986267][ T5808] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 145.004282][ T5808] usb 1-1: New USB device strings: Mfr=6, Product=0, SerialNumber=0 [ 145.014272][ T5808] usb 1-1: Manufacturer: syz [ 145.031735][ T5808] usb 1-1: config 0 descriptor?? [ 145.054288][ T6467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.110754][ T6467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.047739][ T6467] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.056979][ T6467] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.068735][ T6467] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.080696][ T6467] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.123822][ T23] usb 1-1: USB disconnect, device number 2 [ 149.486008][ T6467] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 149.495045][ T6467] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 149.504114][ T6467] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 149.513077][ T6467] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 150.185164][ T6489] netlink: 8 bytes leftover after parsing attributes in process `syz.1.185'. [ 150.262191][ T6467] syz.2.179 (6467) used greatest stack depth: 19784 bytes left [ 150.398311][ T28] audit: type=1326 audit(2000000063.300:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 150.582470][ T28] audit: type=1326 audit(2000000063.300:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 150.611027][ T6506] tipc: Enabled bearer , priority 0 [ 150.627084][ T6506] syzkaller0: entered promiscuous mode [ 150.632929][ T6506] syzkaller0: entered allmulticast mode [ 150.653733][ T28] audit: type=1326 audit(2000000063.300:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 150.693728][ T28] audit: type=1326 audit(2000000063.300:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 150.738757][ T6507] tipc: Failed to remove unknown binding: 66,0,0/0:801003475/801003476 [ 150.748751][ T28] audit: type=1326 audit(2000000063.300:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 150.799296][ T6511] tipc: Failed to remove unknown binding: 66,0,0/0:801003475/801003476 [ 150.809185][ T28] audit: type=1326 audit(2000000063.300:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 150.812151][ T6506] tipc: Resetting bearer [ 150.835450][ T28] audit: type=1326 audit(2000000063.300:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 150.884521][ T28] audit: type=1326 audit(2000000063.300:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 151.070663][ T28] audit: type=1326 audit(2000000063.300:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 151.774506][ T6505] tipc: Resetting bearer [ 151.862214][ T28] audit: type=1326 audit(2000000063.300:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff45079c799 code=0x7ffc0000 [ 151.966255][ T6505] tipc: Disabling bearer [ 152.013712][ T23] tipc: Node number set to 1111616637 [ 153.904110][ T5771] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 154.105082][ T5771] usb 4-1: Using ep0 maxpacket: 16 [ 154.125274][ T5771] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 154.157994][ T5771] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 154.170310][ T5771] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 154.208813][ T5771] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 154.233117][ T5771] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 154.263984][ T5771] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 154.288104][ T5771] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 154.383867][ T5771] usb 4-1: Manufacturer: syz [ 154.398432][ T5771] usb 4-1: config 0 descriptor?? [ 154.477946][ T6538] tipc: Started in network mode [ 154.483185][ T6538] tipc: Node identity 3e4e68492647, cluster identity 4711 [ 154.497668][ T6538] tipc: Enabled bearer , priority 0 [ 154.507950][ T6538] syzkaller0: entered promiscuous mode [ 154.528953][ T6538] syzkaller0: entered allmulticast mode [ 154.592250][ T6538] tipc: Resetting bearer [ 154.605685][ T6537] tipc: Resetting bearer [ 154.686811][ T6537] tipc: Disabling bearer [ 154.793819][ T5771] rc_core: IR keymap rc-hauppauge not found [ 154.806579][ T5771] Registered IR keymap rc-empty [ 154.816558][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.861636][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 154.913023][ T5771] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 154.938058][ T5771] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input5 [ 155.010202][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.053861][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.137148][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.227162][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.294629][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.405044][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.496358][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.564966][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.615360][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.680124][ T6549] netlink: 12 bytes leftover after parsing attributes in process `syz.2.199'. [ 155.701499][ T5771] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 155.765820][ T5771] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 155.788537][ T5771] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 155.810685][ T5771] usb 4-1: USB disconnect, device number 2 [ 155.847738][ T6551] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 156.016403][ T6549] macvlan2: entered promiscuous mode [ 156.030509][ T6549] macvlan2: entered allmulticast mode [ 156.041364][ T6549] bond1: entered promiscuous mode [ 156.067334][ T6549] bridge1: entered promiscuous mode [ 156.096956][ T6549] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 156.128833][ T6549] bond1: left promiscuous mode [ 156.138061][ T6549] bridge1: left promiscuous mode [ 158.011156][ T6579] syzkaller0: entered promiscuous mode [ 158.020708][ T6579] syzkaller0: entered allmulticast mode [ 158.240223][ T6584] loop1: detected capacity change from 0 to 256 [ 162.772923][ T6613] mmap: syz.3.217 (6613) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 164.460657][ T6619] loop0: detected capacity change from 0 to 1024 [ 165.366079][ T6619] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 165.375363][ T6619] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 165.384275][ T6619] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 165.392994][ T6619] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 165.469905][ T6619] team0: Port device vxlan0 added [ 169.140292][ T6650] loop0: detected capacity change from 0 to 40427 [ 169.264156][ T6650] F2FS-fs (loop0): invalid crc value [ 169.959923][ T6650] F2FS-fs (loop0): Found nat_bits in checkpoint [ 170.066240][ T6650] F2FS-fs (loop0): Start checkpoint disabled! [ 170.090186][ T6650] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 171.579298][ T6676] tipc: Enabled bearer , priority 0 [ 171.620554][ T6676] syzkaller0: entered promiscuous mode [ 171.636707][ T6676] syzkaller0: entered allmulticast mode [ 171.794112][ T3495] kworker/u4:7: attempt to access beyond end of device [ 171.794112][ T3495] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 171.799173][ T6683] tipc: Resetting bearer [ 171.820714][ T3495] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 172.172197][ T3495] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 172.624975][ T6685] syzkaller0: entered promiscuous mode [ 172.630898][ T6685] syzkaller0: entered allmulticast mode [ 172.649614][ T6675] tipc: Resetting bearer [ 173.303791][ T6675] tipc: Disabling bearer [ 177.193034][ T787] tipc: Node number set to 403269705 [ 177.200828][ T6702] wg0: Caught tx_queue_len zero misconfig [ 177.307020][ T6695] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 177.313435][ T6695] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 178.559252][ T6695] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 178.637666][ T6695] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 178.644279][ T6695] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 178.761953][ T6695] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 178.770770][ T6695] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 178.776806][ T6695] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 178.784949][ T6695] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 179.350188][ T5774] Bluetooth: hci2: command 0x0c1a tx timeout [ 180.983739][ T5774] Bluetooth: hci1: command 0x0c1a tx timeout [ 180.983753][ T5783] Bluetooth: hci0: command 0x0c1a tx timeout [ 181.483801][ T5783] Bluetooth: hci2: command 0x0c1a tx timeout [ 184.615244][ T8] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 184.615950][ T5783] Bluetooth: hci1: command 0x0c1a tx timeout [ 184.630501][ T5783] Bluetooth: hci0: command 0x0c1a tx timeout [ 184.633745][ T5774] Bluetooth: hci2: command 0x0c1a tx timeout [ 185.170073][ T6743] (null): rxe_set_mtu: Set mtu to 1024 [ 185.804837][ T6743] infiniband : set active [ 185.809454][ T6743] infiniband : added veth0_vlan [ 185.933630][ T6743] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 185.937161][ T6743] infiniband : Couldn't open port 1 [ 186.078379][ T6743] RDS/IB: : added [ 186.082683][ T6743] smc: adding ib device  with port count 1 [ 186.089234][ T6743] smc: ib device  port 1 has pnetid [ 186.683752][ T5782] Bluetooth: hci0: command 0x0c1a tx timeout [ 186.689885][ T5774] Bluetooth: hci1: command 0x0c1a tx timeout [ 186.794255][ T8] usb 4-1: device not accepting address 3, error -71 [ 188.443493][ T6760] loop1: detected capacity change from 0 to 512 [ 188.458951][ T6760] EXT4-fs: Ignoring removed orlov option [ 188.493804][ T6760] ext4: Unknown parameter 'nouser_xattr' [ 188.611956][ T6494] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 190.200784][ T6767] loop2: detected capacity change from 0 to 512 [ 190.235407][ T6771] netlink: 16 bytes leftover after parsing attributes in process `syz.1.256'. [ 190.276386][ T5774] Bluetooth: hci1: unexpected event for opcode 0x0c03 [ 190.284076][ T5774] Bluetooth: hci1: unexpected event for opcode 0x0c03 [ 190.345334][ T6767] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.372088][ T6767] ext4 filesystem being mounted at /51/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.461785][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.197210][ T6796] syzkaller0: entered promiscuous mode [ 192.202731][ T6796] syzkaller0: entered allmulticast mode [ 192.218983][ T6769] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 195.141703][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.157143][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.209090][ T5774] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 197.425450][ T6830] netlink: 'syz.0.268': attribute type 1 has an invalid length. [ 197.477672][ T6830] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 197.489607][ T6830] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 197.574436][ T6826] syzkaller0: entered promiscuous mode [ 197.582338][ T6826] syzkaller0: entered allmulticast mode [ 198.417930][ T6833] bond1: (slave gretap1): making interface the new active one [ 198.441618][ T6833] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 198.475452][ T6840] macvlan2: entered promiscuous mode [ 198.480808][ T6840] macvlan2: entered allmulticast mode [ 198.487066][ T6840] bond1: entered promiscuous mode [ 198.492130][ T6840] gretap1: entered promiscuous mode [ 198.498268][ T6840] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 198.516666][ T6840] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 198.534487][ T6840] bond1: left promiscuous mode [ 198.539525][ T6840] gretap1: left promiscuous mode [ 199.910530][ T6840] syz.0.268 (6840) used greatest stack depth: 19664 bytes left [ 201.678727][ T6864] loop2: detected capacity change from 0 to 128 [ 202.115251][ T6494] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 202.399794][ T6868] loop1: detected capacity change from 0 to 2048 [ 202.795121][ T6868] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.876660][ T6868] Bluetooth: MGMT ver 1.22 [ 202.884354][ T6868] Bluetooth: hci0: invalid length 0, exp 2 for type 13 [ 203.071483][ T5774] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 203.261739][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.810507][ T6892] netlink: 32 bytes leftover after parsing attributes in process `syz.1.285'. [ 205.138606][ T6897] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 207.042981][ T6912] loop1: detected capacity change from 0 to 32768 [ 207.219495][ T6912] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 207.889542][ T6912] JBD2: Ignoring recovery information on journal [ 208.018584][ T6912] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 211.104770][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 212.126935][ T6941] Bluetooth: hci0: unsupported parameter 255 [ 212.133107][ T6941] Bluetooth: hci0: unsupported parameter 255 [ 212.144688][ T5774] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 212.404514][ T6950] netlink: 36 bytes leftover after parsing attributes in process `syz.2.301'. [ 216.195509][ T6966] kvm_pr_unimpl_wrmsr: 3 callbacks suppressed [ 216.195526][ T6966] kvm: kvm [6963]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 217.274592][ T5782] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 218.924164][ T5782] Bluetooth: hci1: command 0x0c1a tx timeout [ 222.400086][ T7014] loop3: detected capacity change from 0 to 512 [ 222.450601][ T7014] EXT4-fs: Ignoring removed oldalloc option [ 222.485746][ T7014] ext4: Unknown parameter 'seclabel' [ 224.773057][ T7023] ./file0: Can't open blockdev [ 224.855830][ T7031] ./file0: Can't open blockdev [ 224.919804][ T5782] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 225.180552][ T7043] virtio-fs: tag not found [ 227.289562][ T27] libceph: connect (1)[c::]:6789 error -101 [ 227.299050][ T27] libceph: mon0 (1)[c::]:6789 connect error [ 227.518968][ T7046] ceph: No mds server is up or the cluster is laggy [ 227.561985][ T7059] syzkaller0: entered promiscuous mode [ 227.568390][ T7059] syzkaller0: entered allmulticast mode [ 228.872481][ T7066] syzkaller0: entered promiscuous mode [ 228.891843][ T7066] syzkaller0: entered allmulticast mode [ 231.065044][ T7080] loop1: detected capacity change from 0 to 512 [ 231.469164][ T7080] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 231.482410][ T7080] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 231.755914][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 232.261434][ T7087] loop3: detected capacity change from 0 to 40427 [ 232.297375][ T7087] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 232.368342][ T7087] F2FS-fs (loop3): invalid crc value [ 233.183554][ C1] sched: RT throttling activated [ 233.882177][ T7087] F2FS-fs (loop3): Found nat_bits in checkpoint [ 235.496612][ T7094] syz_tun: entered allmulticast mode [ 236.081092][ T7094] tipc: Enabled bearer , priority 10 [ 236.130298][ T7093] syz_tun: left allmulticast mode [ 237.051480][ T7101] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 237.058498][ T7101] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 237.068499][ T7101] vhci_hcd vhci_hcd.0: Device attached [ 237.643714][ T9] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 238.682605][ T7102] vhci_hcd: connection reset by peer [ 238.725806][ T4315] vhci_hcd: stop threads [ 238.741751][ T4315] vhci_hcd: release socket [ 238.773340][ T4315] vhci_hcd: disconnect device [ 238.853673][ T27] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 239.154011][ T27] usb 2-1: Using ep0 maxpacket: 16 [ 240.118717][ T27] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 240.167727][ T27] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 240.194268][ T27] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 240.234355][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.263816][ T27] usb 2-1: Product: syz [ 240.268475][ T27] usb 2-1: Manufacturer: syz [ 240.280076][ T27] usb 2-1: SerialNumber: syz [ 240.654059][ T27] usb 2-1: 0:2 : does not exist [ 240.793960][ T27] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 242.096828][ T27] usb 2-1: USB disconnect, device number 6 [ 242.234912][ T7132] syzkaller0: entered promiscuous mode [ 242.278224][ T7132] syzkaller0: entered allmulticast mode [ 242.290434][ T6494] udevd[6494]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 242.853736][ T9] vhci_hcd: vhci_device speed not set [ 242.862789][ T7147] loop1: detected capacity change from 0 to 512 [ 242.869645][ T7147] EXT4-fs: Ignoring removed nobh option [ 242.978637][ T7147] EXT4-fs (loop1): orphan cleanup on readonly fs [ 242.988389][ T7147] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.349: casefold flag without casefold feature [ 243.008721][ T7147] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.349: error while reading EA inode 11 err=-117 [ 243.022019][ T7147] EXT4-fs (loop1): 1 orphan inode deleted [ 243.029388][ T7147] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 244.079599][ T5782] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 244.135182][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.167128][ T7156] loop2: detected capacity change from 0 to 512 [ 244.325283][ T7156] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 244.347730][ T7156] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 244.623386][ T7161] syzkaller0: entered promiscuous mode [ 244.650309][ T7161] syzkaller0: entered allmulticast mode [ 245.219955][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.557842][ T7192] xt_CT: No such helper "pptp" [ 253.118267][ T7207] syzkaller0: entered promiscuous mode [ 253.123982][ T7207] syzkaller0: entered allmulticast mode [ 257.751516][ T7236] netlink: 84 bytes leftover after parsing attributes in process `syz.2.369'. [ 258.165223][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 258.171610][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.855302][ T7246] loop2: detected capacity change from 0 to 40427 [ 260.759812][ T7247] loop3: detected capacity change from 0 to 16 [ 260.819601][ T7247] erofs: (device loop3): mounted with root inode @ nid 36. [ 260.837341][ T7247] syz.3.371: attempt to access beyond end of device [ 260.837341][ T7247] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 260.888673][ T7247] syz.3.371: attempt to access beyond end of device [ 260.888673][ T7247] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 260.907921][ T7247] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 260.931638][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 260.931656][ T28] audit: type=1800 audit(2000000173.820:30): pid=7247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.371" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 260.971686][ T7246] F2FS-fs (loop2): invalid crc value [ 261.025899][ T7246] F2FS-fs (loop2): Found nat_bits in checkpoint [ 261.107867][ T7246] F2FS-fs (loop2): Start checkpoint disabled! [ 261.133693][ T7246] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 263.475376][ T7272] loop1: detected capacity change from 0 to 1024 [ 263.485561][ T7272] EXT4-fs: inline encryption not supported [ 263.505121][ T7272] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 263.809735][ T7272] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 264.280226][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.623345][ T69] kworker/u4:5: attempt to access beyond end of device [ 265.623345][ T69] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 265.637660][ T69] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 265.666543][ T69] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 265.673484][ T69] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 266.138029][ T7286] loop1: detected capacity change from 0 to 32768 [ 266.164655][ T7286] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.381 (7286) [ 266.181569][ T7286] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 266.192036][ T7286] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 266.201411][ T7286] BTRFS info (device loop1): force zlib compression, level 3 [ 266.208948][ T7286] BTRFS info (device loop1): force clearing of disk cache [ 266.216188][ T7286] BTRFS info (device loop1): setting nodatasum [ 266.222476][ T7286] BTRFS info (device loop1): use zlib compression, level 3 [ 266.229834][ T7286] BTRFS info (device loop1): enabling disk space caching [ 266.236962][ T7286] BTRFS info (device loop1): disk space caching is enabled [ 266.461411][ T7286] BTRFS info (device loop1): enabling ssd optimizations [ 266.469213][ T7286] BTRFS info (device loop1): auto enabling async discard [ 266.492065][ T7286] BTRFS info (device loop1): rebuilding free space tree [ 266.533231][ T7286] BTRFS info (device loop1): disabling free space tree [ 266.540405][ T7286] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 266.550674][ T7286] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 266.696603][ T7306] loop3: detected capacity change from 0 to 512 [ 266.879644][ T7306] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 266.892949][ T7306] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 267.347829][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 267.926916][ T5768] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 268.022229][ T7312] loop2: detected capacity change from 0 to 256 [ 268.679231][ T7317] overlayfs: failed to clone upperpath [ 269.606042][ T6494] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 11 /dev/loop1 scanned by udevd (6494) [ 275.687293][ T7370] loop2: detected capacity change from 0 to 512 [ 277.047361][ T7368] syzkaller0: entered promiscuous mode [ 277.076189][ T7370] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 277.088901][ T7370] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 277.134184][ T7368] syzkaller0: entered allmulticast mode [ 277.167395][ T7368] TC_ACT_REPEAT abuse ? [ 277.326595][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 278.871686][ T7391] netlink: 16 bytes leftover after parsing attributes in process `syz.1.399'. [ 279.566387][ T7394] syzkaller0: entered promiscuous mode [ 279.571906][ T7394] syzkaller0: entered allmulticast mode [ 282.206737][ T7410] syzkaller0: entered promiscuous mode [ 282.212266][ T7410] syzkaller0: entered allmulticast mode [ 282.447743][ T7415] loop3: detected capacity change from 0 to 32768 [ 282.465318][ T7415] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.405 (7415) [ 282.484767][ T7415] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 282.494992][ T7415] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 282.503648][ T7415] BTRFS info (device loop3): using free space tree [ 282.688239][ T7415] BTRFS info (device loop3): enabling ssd optimizations [ 282.695276][ T7415] BTRFS info (device loop3): auto enabling async discard [ 283.614296][ T7441] loop1: detected capacity change from 0 to 2048 [ 283.747946][ T7441] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 284.762031][ T5770] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 286.182448][ T7456] netlink: 'syz.0.407': attribute type 10 has an invalid length. [ 286.736480][ T7456] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 287.493060][ T7462] bpq0: entered allmulticast mode [ 287.575115][ T7464] team_slave_0: entered promiscuous mode [ 287.580926][ T7464] team_slave_1: entered promiscuous mode [ 287.846215][ T7464] vlan2: entered promiscuous mode [ 288.102842][ T7464] team0: entered promiscuous mode [ 289.700612][ T7469] netlink: 16 bytes leftover after parsing attributes in process `syz.1.425'. [ 290.973606][ T7480] loop0: detected capacity change from 0 to 32768 [ 290.997532][ T7480] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.420 (7480) [ 291.019089][ T7480] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 291.029335][ T7480] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 291.038104][ T7480] BTRFS info (device loop0): using free space tree [ 291.194084][ T7480] BTRFS info (device loop0): enabling ssd optimizations [ 291.201070][ T7480] BTRFS info (device loop0): auto enabling async discard [ 292.027727][ T5767] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 292.461845][ T6494] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 9 /dev/loop0 scanned by udevd (6494) [ 294.220093][ T7523] syzkaller0: entered promiscuous mode [ 294.230712][ T7523] syzkaller0: entered allmulticast mode [ 299.320420][ T7554] syzkaller0: entered promiscuous mode [ 299.326270][ T7554] syzkaller0: entered allmulticast mode [ 299.471862][ T7556] netlink: 20 bytes leftover after parsing attributes in process `syz.2.438'. [ 299.503868][ T7556] netlink: 20 bytes leftover after parsing attributes in process `syz.2.438'. [ 299.836234][ T7561] loop2: detected capacity change from 0 to 4096 [ 299.934825][ T7558] loop1: detected capacity change from 0 to 32768 [ 299.948904][ T7558] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz.1.439 (7558) [ 299.973688][ T7558] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 299.983916][ T7558] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 299.992670][ T7558] BTRFS info (device loop1): enabling disk space caching [ 299.999909][ T7558] BTRFS info (device loop1): force clearing of disk cache [ 300.007137][ T7558] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 300.017069][ T7558] BTRFS info (device loop1): use zstd compression, level 3 [ 300.024399][ T7558] BTRFS info (device loop1): disk space caching is enabled [ 300.066760][ T7558] BTRFS info (device loop1): enabling ssd optimizations [ 300.073936][ T7558] BTRFS info (device loop1): auto enabling async discard [ 300.087779][ T7558] BTRFS info (device loop1): rebuilding free space tree [ 300.135589][ T7558] BTRFS info (device loop1): disabling free space tree [ 300.142642][ T7558] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 300.152542][ T7558] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 300.562223][ T23] IPVS: starting estimator thread 0... [ 300.969807][ T5768] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 301.034312][ T7583] IPVS: using max 21 ests per chain, 50400 per kthread [ 301.292190][ T7591] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 301.321194][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.469754][ T7591] CIFS: Unable to determine destination address [ 301.568683][ T7596] team_slave_0: entered promiscuous mode [ 301.574502][ T7596] team_slave_1: entered promiscuous mode [ 301.580237][ T7596] vxlan0: entered promiscuous mode [ 301.623306][ T7596] vlan2: entered promiscuous mode [ 301.641275][ T7596] team0: entered promiscuous mode [ 301.848688][ T7604] loop3: detected capacity change from 0 to 2048 [ 301.881669][ T7604] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 305.737886][ T7621] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 305.780381][ T7620] overlayfs: failed to clone upperpath [ 307.553675][ T7634] netlink: 'syz.2.453': attribute type 1 has an invalid length. [ 308.409267][ T7637] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 308.465078][ T7637] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 308.578903][ T7639] bond2: (slave gretap1): making interface the new active one [ 308.589992][ T7639] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 310.145009][ T5808] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 310.169286][ T7654] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.177408][ T7654] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.333801][ T5808] usb 1-1: Using ep0 maxpacket: 16 [ 310.350265][ T5808] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 310.376151][ T5808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 310.404882][ T5808] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 310.417555][ T5808] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 310.427954][ T5808] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 310.443074][ T5808] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 310.453357][ T5808] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 310.461960][ T5808] usb 1-1: Manufacturer: syz [ 310.478711][ T5808] usb 1-1: config 0 descriptor?? [ 310.834788][ T5808] rc_core: IR keymap rc-hauppauge not found [ 310.855902][ T5808] Registered IR keymap rc-empty [ 310.877682][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 310.933969][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 310.970164][ T7654] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 310.991356][ T5808] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 310.993462][ T7654] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 311.041736][ T5808] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 311.116636][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 311.194024][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 311.278019][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 311.338808][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 311.340713][ T7654] infiniband : set down [ 311.374800][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 311.423880][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 312.669903][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 312.747976][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 312.784200][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 312.823456][ T7654] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.833794][ T7654] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.833845][ T5808] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 312.842681][ T7654] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.863640][ T7654] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.879549][ T5808] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 312.900578][ T5808] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 312.943800][ T5808] usb 1-1: USB disconnect, device number 3 [ 313.008873][ T7657] vlan2: entered promiscuous mode [ 313.038204][ T7657] team0: entered promiscuous mode [ 313.067536][ T7657] team_slave_0: entered promiscuous mode [ 313.083929][ T7657] team_slave_1: entered promiscuous mode [ 314.697712][ T7679] loop0: detected capacity change from 0 to 256 [ 317.499308][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.505758][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.814765][ T5808] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 318.033705][ T5808] usb 1-1: device descriptor read/64, error -71 [ 318.303678][ T5808] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 318.453681][ T5808] usb 1-1: device descriptor read/64, error -71 [ 318.574042][ T5808] usb usb1-port1: attempt power cycle [ 318.993659][ T5808] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 319.055623][ T5808] usb 1-1: device descriptor read/8, error -71 [ 319.344257][ T5808] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 319.385537][ T5808] usb 1-1: device descriptor read/8, error -71 [ 319.503825][ T5808] usb usb1-port1: unable to enumerate USB device [ 319.641778][ T7715] loop3: detected capacity change from 0 to 256 [ 324.348077][ T7737] syzkaller0: entered promiscuous mode [ 324.384572][ T7737] syzkaller0: entered allmulticast mode [ 324.568198][ T7739] netlink: 12 bytes leftover after parsing attributes in process `syz.0.483'. [ 326.233437][ T7740] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 326.288118][ T7739] macvlan2: entered promiscuous mode [ 326.293458][ T7739] macvlan2: entered allmulticast mode [ 326.349601][ T7739] bond2: entered promiscuous mode [ 326.356193][ T7739] bridge1: entered promiscuous mode [ 326.370631][ T7739] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 326.395098][ T7739] bond2: left promiscuous mode [ 326.433636][ T7739] bridge1: left promiscuous mode [ 327.406845][ T7750] loop3: detected capacity change from 0 to 256 [ 328.295753][ T7757] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 328.903123][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.3.489'. [ 330.644991][ T7768] binder: 7760:7768 ioctl 4018620d 0 returned -22 [ 330.889393][ T7766] nbd: socks must be embedded in a SOCK_ITEM attr [ 332.150624][ T7776] loop2: detected capacity change from 0 to 1024 [ 336.849371][ T7804] ================================================================== [ 336.857483][ T7804] BUG: KASAN: slab-use-after-free in dvb_device_open+0xca/0x370 [ 336.865157][ T7804] Read of size 8 at addr ffff888026c9a218 by task syz.3.500/7804 [ 336.872882][ T7804] [ 336.875241][ T7804] CPU: 1 PID: 7804 Comm: syz.3.500 Not tainted syzkaller #0 [ 336.882542][ T7804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 336.892624][ T7804] Call Trace: [ 336.895921][ T7804] [ 336.898859][ T7804] dump_stack_lvl+0x18c/0x250 [ 336.903556][ T7804] ? __lock_acquire+0x7d40/0x7d40 [ 336.908675][ T7804] ? show_regs_print_info+0x20/0x20 [ 336.913884][ T7804] ? load_image+0x400/0x400 [ 336.918396][ T7804] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 336.923873][ T7804] ? __virt_addr_valid+0x18c/0x540 [ 336.928995][ T7804] ? __virt_addr_valid+0x469/0x540 [ 336.934116][ T7804] print_report+0xa8/0x210 [ 336.938546][ T7804] ? dvb_device_open+0xca/0x370 [ 336.943409][ T7804] kasan_report+0x117/0x150 [ 336.947950][ T7804] ? chrdev_open+0x3e3/0x6a0 [ 336.952557][ T7804] ? dvb_device_open+0xca/0x370 [ 336.957435][ T7804] dvb_device_open+0xca/0x370 [ 336.962136][ T7804] ? do_raw_spin_unlock+0x121/0x230 [ 336.967354][ T7804] chrdev_open+0x5cc/0x6a0 [ 336.971788][ T7804] ? cd_forget+0x160/0x160 [ 336.976230][ T7804] ? fsnotify_perm+0x3ed/0x5e0 [ 336.981009][ T7804] ? cd_forget+0x160/0x160 [ 336.985444][ T7804] do_dentry_open+0x8c6/0x1500 [ 336.990255][ T7804] path_openat+0x27f1/0x3230 [ 336.994872][ T7804] ? do_sys_openat2+0xda/0x1d0 [ 336.999644][ T7804] ? verify_lock_unused+0x140/0x140 [ 337.004946][ T7804] ? do_filp_open+0x430/0x430 [ 337.009636][ T7804] ? __virt_addr_valid+0x18c/0x540 [ 337.014759][ T7804] do_filp_open+0x1f5/0x430 [ 337.019274][ T7804] ? vfs_tmpfile+0x490/0x490 [ 337.023878][ T7804] ? _raw_spin_unlock+0x28/0x40 [ 337.028746][ T7804] ? alloc_fd+0x58f/0x630 [ 337.033104][ T7804] do_sys_openat2+0x134/0x1d0 [ 337.037800][ T7804] ? do_sys_open+0xe0/0xe0 [ 337.042232][ T7804] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 337.048226][ T7804] ? lock_chain_count+0x20/0x20 [ 337.053348][ T7804] __x64_sys_openat+0x139/0x160 [ 337.058212][ T7804] do_syscall_64+0x55/0xa0 [ 337.062643][ T7804] ? clear_bhb_loop+0x40/0x90 [ 337.067338][ T7804] ? clear_bhb_loop+0x40/0x90 [ 337.072026][ T7804] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 337.077935][ T7804] RIP: 0033:0x7fa0fe55cfce [ 337.082373][ T7804] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 337.101996][ T7804] RSP: 002b:00007fa0ff498b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 337.110443][ T7804] RAX: ffffffffffffffda RBX: 00007fa0ff4996c0 RCX: 00007fa0fe55cfce [ 337.118432][ T7804] RDX: 0000000000000e82 RSI: 00007fa0ff498c00 RDI: ffffffffffffff9c [ 337.126423][ T7804] RBP: 00007fa0ff498c00 R08: 0000000000000000 R09: 0000000000000000 [ 337.134409][ T7804] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 337.142474][ T7804] R13: 00007fa0fe816128 R14: 00007fa0fe816090 R15: 00007ffd4fb52e08 [ 337.150553][ T7804] [ 337.153575][ T7804] [ 337.155896][ T7804] Allocated by task 1: [ 337.159965][ T7804] kasan_set_track+0x4e/0x70 [ 337.164566][ T7804] __kasan_kmalloc+0x8f/0xa0 [ 337.169163][ T7804] dvb_register_device+0x2fd/0x2210 [ 337.174369][ T7804] dvb_register_frontend+0x649/0x930 [ 337.179673][ T7804] vidtv_bridge_probe+0x9ab/0xf80 [ 337.184710][ T7804] platform_probe+0x13b/0x1c0 [ 337.189397][ T7804] really_probe+0x25b/0xb20 [ 337.193919][ T7804] __driver_probe_device+0x18c/0x330 [ 337.199206][ T7804] driver_probe_device+0x4f/0x420 [ 337.204235][ T7804] __driver_attach+0x44e/0x6e0 [ 337.209003][ T7804] bus_for_each_dev+0x235/0x2b0 [ 337.213863][ T7804] bus_add_driver+0x340/0x630 [ 337.218546][ T7804] driver_register+0x23a/0x310 [ 337.223314][ T7804] vidtv_bridge_init+0x3d/0x70 [ 337.228100][ T7804] do_one_initcall+0x242/0x790 [ 337.232872][ T7804] do_initcall_level+0x137/0x1f0 [ 337.237826][ T7804] do_initcalls+0x69/0xd0 [ 337.242164][ T7804] kernel_init_freeable+0x3ed/0x580 [ 337.247372][ T7804] kernel_init+0x1d/0x1c0 [ 337.251727][ T7804] ret_from_fork+0x48/0x80 [ 337.256152][ T7804] ret_from_fork_asm+0x11/0x20 [ 337.260922][ T7804] [ 337.263245][ T7804] Freed by task 7757: [ 337.267219][ T7804] kasan_set_track+0x4e/0x70 [ 337.271810][ T7804] kasan_save_free_info+0x2e/0x50 [ 337.276842][ T7804] ____kasan_slab_free+0x126/0x1e0 [ 337.281956][ T7804] slab_free_freelist_hook+0x130/0x1a0 [ 337.287425][ T7804] __kmem_cache_free+0xba/0x1e0 [ 337.292282][ T7804] dvb_device_open+0x2ee/0x370 [ 337.297051][ T7804] chrdev_open+0x5cc/0x6a0 [ 337.301475][ T7804] do_dentry_open+0x8c6/0x1500 [ 337.306262][ T7804] path_openat+0x27f1/0x3230 [ 337.310854][ T7804] do_filp_open+0x1f5/0x430 [ 337.315358][ T7804] do_sys_openat2+0x134/0x1d0 [ 337.320054][ T7804] __x64_sys_openat+0x139/0x160 [ 337.324914][ T7804] do_syscall_64+0x55/0xa0 [ 337.329342][ T7804] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 337.335245][ T7804] [ 337.337568][ T7804] The buggy address belongs to the object at ffff888026c9a200 [ 337.337568][ T7804] which belongs to the cache kmalloc-256 of size 256 [ 337.351629][ T7804] The buggy address is located 24 bytes inside of [ 337.351629][ T7804] freed 256-byte region [ffff888026c9a200, ffff888026c9a300) [ 337.365347][ T7804] [ 337.367672][ T7804] The buggy address belongs to the physical page: [ 337.374093][ T7804] page:ffffea00009b2680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26c9a [ 337.384257][ T7804] head:ffffea00009b2680 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 337.393206][ T7804] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 337.401203][ T7804] page_type: 0xffffffff() [ 337.405540][ T7804] raw: 00fff00000000840 ffff888017c41b40 dead000000000122 0000000000000000 [ 337.414133][ T7804] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 337.422750][ T7804] page dumped because: kasan: bad access detected [ 337.429181][ T7804] page_owner tracks the page as allocated [ 337.434895][ T7804] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 10624452756, free_ts 0 [ 337.454616][ T7804] post_alloc_hook+0x1c1/0x200 [ 337.459421][ T7804] get_page_from_freelist+0x1951/0x19e0 [ 337.464969][ T7804] __alloc_pages+0x1f0/0x460 [ 337.469565][ T7804] alloc_page_interleave+0x24/0x1e0 [ 337.474772][ T7804] alloc_slab_page+0x5d/0x160 [ 337.479450][ T7804] new_slab+0x87/0x2d0 [ 337.483527][ T7804] ___slab_alloc+0xc5d/0x12f0 [ 337.488212][ T7804] __kmem_cache_alloc_node+0x19e/0x250 [ 337.493674][ T7804] kmalloc_trace+0x2a/0xe0 [ 337.498096][ T7804] bus_add_driver+0x162/0x630 [ 337.502789][ T7804] driver_register+0x23a/0x310 [ 337.507554][ T7804] vidtv_bridge_init+0x3d/0x70 [ 337.512320][ T7804] do_one_initcall+0x242/0x790 [ 337.517089][ T7804] do_initcall_level+0x137/0x1f0 [ 337.522047][ T7804] do_initcalls+0x69/0xd0 [ 337.526393][ T7804] kernel_init_freeable+0x3ed/0x580 [ 337.531599][ T7804] page_owner free stack trace missing [ 337.536966][ T7804] [ 337.539286][ T7804] Memory state around the buggy address: [ 337.544910][ T7804] ffff888026c9a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 337.553017][ T7804] ffff888026c9a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 337.561085][ T7804] >ffff888026c9a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 337.569154][ T7804] ^ [ 337.574004][ T7804] ffff888026c9a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 337.582071][ T7804] ffff888026c9a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 337.590129][ T7804] ================================================================== [ 337.605079][ T7804] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 337.612323][ T7804] CPU: 1 PID: 7804 Comm: syz.3.500 Not tainted syzkaller #0 [ 337.619627][ T7804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 337.629699][ T7804] Call Trace: [ 337.632985][ T7804] [ 337.635925][ T7804] dump_stack_lvl+0x18c/0x250 [ 337.640639][ T7804] ? show_regs_print_info+0x20/0x20 [ 337.645858][ T7804] ? load_image+0x400/0x400 [ 337.650378][ T7804] panic+0x2dc/0x730 [ 337.654282][ T7804] ? bpf_jit_dump+0xd0/0xd0 [ 337.658789][ T7804] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 337.664428][ T7804] ? dvb_device_open+0xca/0x370 [ 337.669385][ T7804] ? check_panic_on_warn+0x70/0xa0 [ 337.674505][ T7804] ? dvb_device_open+0xca/0x370 [ 337.679365][ T7804] check_panic_on_warn+0x84/0xa0 [ 337.684309][ T7804] ? dvb_device_open+0xca/0x370 [ 337.689168][ T7804] end_report+0x6f/0x130 [ 337.693415][ T7804] kasan_report+0x128/0x150 [ 337.697924][ T7804] ? chrdev_open+0x3e3/0x6a0 [ 337.702527][ T7804] ? dvb_device_open+0xca/0x370 [ 337.707388][ T7804] dvb_device_open+0xca/0x370 [ 337.712070][ T7804] ? do_raw_spin_unlock+0x121/0x230 [ 337.717285][ T7804] chrdev_open+0x5cc/0x6a0 [ 337.721711][ T7804] ? cd_forget+0x160/0x160 [ 337.726131][ T7804] ? fsnotify_perm+0x3ed/0x5e0 [ 337.730910][ T7804] ? cd_forget+0x160/0x160 [ 337.735330][ T7804] do_dentry_open+0x8c6/0x1500 [ 337.740112][ T7804] path_openat+0x27f1/0x3230 [ 337.744720][ T7804] ? do_sys_openat2+0xda/0x1d0 [ 337.749493][ T7804] ? verify_lock_unused+0x140/0x140 [ 337.754703][ T7804] ? do_filp_open+0x430/0x430 [ 337.759390][ T7804] ? __virt_addr_valid+0x18c/0x540 [ 337.764511][ T7804] do_filp_open+0x1f5/0x430 [ 337.769032][ T7804] ? vfs_tmpfile+0x490/0x490 [ 337.773631][ T7804] ? _raw_spin_unlock+0x28/0x40 [ 337.778586][ T7804] ? alloc_fd+0x58f/0x630 [ 337.782937][ T7804] do_sys_openat2+0x134/0x1d0 [ 337.787631][ T7804] ? do_sys_open+0xe0/0xe0 [ 337.792074][ T7804] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 337.798069][ T7804] ? lock_chain_count+0x20/0x20 [ 337.802928][ T7804] __x64_sys_openat+0x139/0x160 [ 337.807792][ T7804] do_syscall_64+0x55/0xa0 [ 337.812315][ T7804] ? clear_bhb_loop+0x40/0x90 [ 337.817003][ T7804] ? clear_bhb_loop+0x40/0x90 [ 337.821687][ T7804] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 337.827590][ T7804] RIP: 0033:0x7fa0fe55cfce [ 337.832008][ T7804] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 337.851628][ T7804] RSP: 002b:00007fa0ff498b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 337.860058][ T7804] RAX: ffffffffffffffda RBX: 00007fa0ff4996c0 RCX: 00007fa0fe55cfce [ 337.868047][ T7804] RDX: 0000000000000e82 RSI: 00007fa0ff498c00 RDI: ffffffffffffff9c [ 337.876022][ T7804] RBP: 00007fa0ff498c00 R08: 0000000000000000 R09: 0000000000000000 [ 337.883999][ T7804] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 337.891969][ T7804] R13: 00007fa0fe816128 R14: 00007fa0fe816090 R15: 00007ffd4fb52e08 [ 337.899957][ T7804] [ 337.903375][ T7804] Kernel Offset: disabled [ 337.907688][ T7804] Rebooting in 86400 seconds..