last executing test programs: 9m37.75957064s ago: executing program 4 (id=192): setpriority(0x0, 0x0, 0x200002a14b56) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x100) socketpair$unix(0x1, 0x3, 0x0, 0x0) epoll_create1(0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) socket$pppl2tp(0x18, 0x1, 0x1) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000240)=0x1) ioctl$PPPIOCBRIDGECHAN(r2, 0x40047435, &(0x7f0000000200)=0x1) 9m37.142761258s ago: executing program 4 (id=193): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xfc778000) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) readv(r0, &(0x7f0000000880)=[{&(0x7f0000000180)=""/107, 0x6b}], 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xffffd000) 9m35.705794694s ago: executing program 4 (id=196): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080, {0x40000, 0x8000000, {}, 0x1, 0x1}}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66660f38810b0fa9f30f5a75000f01f0f0f6504a660f72d5fa2e670fc77a15653e660f3806bf02000f79080f0ffc9a"}], 0xaaaabc1, 0x48, 0x0, 0xfd6a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9m34.743108392s ago: executing program 4 (id=197): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0x9}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x109) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x18a42000) fremovexattr(r1, &(0x7f0000000000)=@known='system.posix_acl_default\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) 9m33.37798329s ago: executing program 4 (id=199): ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) read$ptp(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, 0x0}, 0x94) r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8) close(r1) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0xfffffffffffffe57, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$LINK_DETACH(0x22, 0x0, 0x0) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r2, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r2, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="8f92a4b0e7854a", 0x7}], 0x1}}], 0x1, 0x4400c800) sendto$inet6(r2, &(0x7f0000000300), 0x18, 0x3b00, 0x0, 0xfffffffffffffdfd) 9m32.58374989s ago: executing program 4 (id=201): sched_rr_get_interval(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x3) openat$zero(0xffffffffffffff9c, 0x0, 0x240000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='devpts\x00', 0x320081a, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') pread64(r5, &(0x7f0000002240)=""/237, 0xed, 0x4eb) 9m16.059974274s ago: executing program 32 (id=201): sched_rr_get_interval(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x3) openat$zero(0xffffffffffffff9c, 0x0, 0x240000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='devpts\x00', 0x320081a, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') pread64(r5, &(0x7f0000002240)=""/237, 0xed, 0x4eb) 21.4146334s ago: executing program 0 (id=1668): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fchdir(0xffffffffffffffff) mount(0x0, 0x0, &(0x7f0000000080)='proc\x00', 0x189, 0x0) capset(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000080)=@attr_riscv64=@attr_imsic={0x0, 0x1, 0x2, &(0x7f0000000040)=0x8}) 19.884865864s ago: executing program 0 (id=1676): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x4}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) preadv2(r1, &(0x7f0000000200)=[{&(0x7f0000000500)=""/61, 0x3d}], 0x1, 0x40, 0x4, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x300) recvmmsg(r2, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x3b00, 0x0, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, 0x0, 0xc094) 12.566553174s ago: executing program 0 (id=1699): syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000080)='./file2\x00', 0x0, &(0x7f0000000140)=ANY=[], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x42, 0x48) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) socket$tipc(0x1e, 0x2, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, 0x0) socket$nl_route(0x10, 0x3, 0x0) 10.292141197s ago: executing program 1 (id=1712): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) socket(0x15, 0x5, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2208086, &(0x7f00000007c0), 0xff, 0x4a9, &(0x7f0000000cc0)="$eJzs3MuLHEUcAODfzL7zXB9R81DXFwYf2WTzMAcPKgoeFAQ9RG/rZjes2RjJrmBCcKNIPErAu3gU/As86UXUk+BVT14kEGRBEo1gS/d073NmMrOZ3Ul2vg9mqaqu7a7q6uqpru6eADrWUPqnFLElIn5Nw+UsOi/JM6X5rs2dH/t77vxYKZLk9T9L2bKrc+fHirzF/23JI3vLEeVPSrG7ynanz547OTo1NX4mjw/PnHpvePrsuacnT42eGD8x/u7I0aOHDh545sjI4ZbUc2ta1l0fnt6z8+U3L706duzS2z9+3V2UdVk9WmUohpbsy8Uea/XG2mzronCpu40FoSldEZE2V0/W/7dHVyw03vZ46eO2Fg5YU0mSJNtqL76QABtYKdpdAqA9ii/6q3MD0b9G18G3sivPVy6A0npfyz+VJd1RzvP0LLu+baX+bKpkduDYhX++iGz/93XU/gcA1t+36fjnqcr4p/hUlgzGPYvyPZfNB6epEXdExJ0RcVdE3B0ROyKyvPdGxH1Nbn9oWXzl+LN8eVUVa1A6/ns2v7e1dPyXj/7+Swa78tjWGIjB6ClNTE6N74+IbRGxN3r6JianBupt47sXf/lsScLc1fmBd1r/dOxXfNLtF2PBvByXu/uWru/46MxoK+qeuvJRNgc4u7L+C3eu0tDOiNi1ivWn4+bJJ77aU2v5jetfRwvuMyVfRjxeaf8LUaf+y+9PFg1+ZOTwcH9Mje8fnujJLhSq+Onni6/V2v5N1b8F0vbfVPX4n6//YGnx/drpha7RqIu/fVrzmqaJ4/+tIiU9/ntLb2Th3jztg9GZmTMHInpLr6xMH1lYWxEv8l/ZsiPiker9Pz3HpcdYWv/dEZEexPdHxAMR8WBe9oci4uHIVlHN7LWI+OGFR99ZTf2b3M2rkrb/8SXtHzdo/+YDXSe//yZdUbWTZGPtfygL7c1TGjn/NVrAm91/AAAAcDsoZ8/Al8r75sPl8r59EZuzud1N5anT0zNPTpx+//rxyrPyg9FTLuY/K/PBlfnQA/nccBEfWRY/mM8bf941kMU35fe+gfbZvLj/ZxOOlf6f+qOrzYUD1p73taBzLfT/Wq+rrlD3gQfg9uH7HzpXE/3fqQI2mPlO3Vc/X7IOZQHWV7Uv9dk2lANYf901wsDGp89D59L/oXPp/9CRbua9/tUESg2/mb8BArPVd+/vtf+rP+qtsPcWqVcWiHIWSGbbWIx/88fQGsp8Pf/JyzUoT/HgXJ7yV+3MxU/E3AotWD/QvnMSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAK/0fAAD///gF41o=") prlimit64(0x0, 0x2, &(0x7f0000001e40)={0x0, 0x400}, 0x0) socket$xdp(0x2c, 0x3, 0x0) syz_genetlink_get_family_id$team(&(0x7f00000020c0), 0xffffffffffffffff) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x602000, 0x0) r3 = getpid() setpriority(0x3, r3, 0xa) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000100)={'wg1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', r5, 0x0, 0xe, 0x9, 0x0, 0x0, @remote, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}, 0x700, 0x8000, 0x3, 0x77f87505}}) 7.260514589s ago: executing program 2 (id=1717): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x11, r1, 0x1, 0xf, 0x6, @broadcast}, 0x14) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r3, 0x0, 0xffffff6a) splice(r2, 0x0, r0, 0x0, 0xa, 0xc) 6.544180886s ago: executing program 1 (id=1721): bpf$MAP_CREATE(0x0, 0x0, 0x50) syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e145"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x40102) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r2}]}, 0x20}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x4000080) 6.021661971s ago: executing program 2 (id=1725): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x48, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r3, &(0x7f0000002140)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}, {{&(0x7f0000000300)={0x2, 0x4e23, @empty}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x28}}], 0x2, 0x4000800) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x4000087, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000140)={0x4}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040), 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000100)={{0x100, 0x0, 0xbc22}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r4, 0x5501) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10, &(0x7f0000000340)={[{@rodir}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'cp874'}}, {@shortname_lower}, {@numtail}, {@utf8}, {@numtail}, {@utf8no}, {@fat=@nocase}, {@fat=@errors_continue}, {@fat=@check_strict}, {@iocharset={'iocharset', 0x3d, 'cp863'}}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@utf8no}, {@uni_xlate}, {@numtail}, {@fat=@nocase}, {@rodir}]}, 0x3, 0x27b, &(0x7f0000000640)="$eJzs3cFqK1UYAOB/mqRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE/gEPo8b8QV8AC93d7u43LmkM0nTyyQlvWlT7v2+TQ//+f85/5kZ2tWc/vBB//jw5Ozo4tf/otFIYm0nduIyiXasxdjvUerfJ+VxAOCRu8yyeJrl6nno/GZGbUZlde3emwMA7sX03/9V9wIAPIyvv/n2i939/b2v0rQR0f9j0Eki/5nP7x7FT9GLbmxFK55HZBP5+LPP9/eimo6046P+cNAZVfa//7u4/u7/EVf129GKdnn9dpqbqh8OOrV4p1h/pxfdL/+KVrxXXv9JSX101uPjD6f634xW/PNjnEQvDovexvW/bafpp9mfz375bhQd1SfDQac+ySuyKw/6YAAAAAAAAAAAAAAAAAAAAAAAeKNtphPtm+fvjA/+nzM/53yg4dT5PFtpmmZJnn9dX433q1Fd5d4BAAAAAAAAAAAAAAAAAADgsTg7//n4oNfrni51MP6sv2QqXtyM1CPi7mttLFoVlaK1XhKx2Fq1qF9V3p5cWXAXzVE/3dOkGst7BMkk0pye2oh8rVGkmQ+mIq+9eiOuBuO36/ggue3hNspekiUMspLXrzKzav3VSLPYQUlyc87q6+/eqeesNWMqiYja5GbOv05tuffw4X4HAQAAAAAAAAAAAAAAAAAAueuPfksmL1bQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACswPX//19gMCyKZ+VkldGgGkVkxVsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLfAyAAD//0MUZ+o=") syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xd280, 0x0, 0x1, 0x0, &(0x7f00000007c0)) 6.021449857s ago: executing program 0 (id=1726): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1, 0x4, 0x4, 0x2, 0x0, 0x1, 0x1000000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.623916792s ago: executing program 0 (id=1732): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000340)={[{@noload}, {@stripe={'stripe', 0x3d, 0x30c}}, {@jqfmt_vfsv1}, {@nojournal_checksum}, {@jqfmt_vfsv1}, {@usrjquota}]}, 0xff, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = epoll_create1(0x80000) syz_clone3(&(0x7f0000000540)={0x901400, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x8000200f}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, &(0x7f0000000400)={0x80000014}) 3.316325259s ago: executing program 2 (id=1735): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000100)=0x5) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008280)="03680f2a20da68ab7a58c28b635d19c32b6efabb6ae3b5eee5a74d8943c613539e166c8baef50500824343a2f05093a5c21f746caefe9f9bccd83cca0fc28da20e2706308c61398dfce5f54ea9f266791ba29a4c7da158637def8b816aa296815ff13c06d632df45feaec1fd272ec1b510eaf58fe6b26cc36df3ecc0f5b1f258a190304e2519dd39ba9f5bc1788926ced5202e3b1e3afa16ae0b5d66dc05b36d3a00f72e5f318f8bdfc7eddc94238c50031d0657a22445ad0b3b90a86b086eed837a00bf0a3888bf61b4db57d6d8d6b286bbb13ba3b246def60ac34241eb843f89fe77d7e3e52573e90d791f21d4a8dfcc24ba95db60e2135634c02bd4b14535285df4fbe381ec036d876c4c8057c79371fa9717414590890e182a7b9e0ab927812083acf0d04e04c20c0555c8ceedc5bcf9b0e814be6eca98ce7b2f9f17d098bea541b75a1617c09fa99902ad746811f89a1fc5e6a80d77528247d6c104395715d2c9f9102f070a295f20c4307b9e848d3928b50985bfa2486893139761925b8fab96d26291243db23c4fd4d96864f4db860731a4e3e10b52d8d0487f5a8536cb4507dbdc111570ad0321b918edbc52807c2e0676d3257553702d9c1bd6741e9cd5cdeb3b8f636b6eb02a3b0066d7f677d586de5018850000f000ab3960f6656fb98039ceb6400d0299c356fc22b7298ed157c667bed5563fac2192a8ff7706a9e58d9d2f92632d6b25d8b090642e3f323bf7ff4d8264617a43a97099dd7347fbe3b1c439737913f17eff57f3e1ff4fdac374fb554e9a6a1ff32daa69507698d660d8d5f591801d8e4a9309342c3dc84966dbfcd2652800200bcb0dde9d456b7a07c5409f4f5387d0150daa34dbc865c6108d34dcc51eedb277e9638b43ce3c9afac5d7aa0f8542e58b0a84632a07557b041845d0012cf016ef065f97660b731ce1b79493de71def047277a3ae6d4a0d86591847d3475926039848c5baf6e1b43bc83053855182423156e54cadc8c85089265b49da853d15e5a701fedf2bf7986a723abf72e513fa05cb178345f2fcc859df49e74c8ccef196000a05cb090f22986ffb6f8f74ab41d2d88b6b535507a23b03d2fc2743f6f69fbcd43b8ff52b1ba32fa0137d542c515569b7f486f8ffa02ad1f54767f51701eb4c141437720884d529a57e17bc2837799124f7f112f42bd90f5b435d7a5d7524f7667bb7a6266263e62bf7ebf6896888d584c65a530b766111f078630d8629ffa91acb5ed02498549bd7e042acae0fab7ccb23278088a364be3da9619d91e1061bbaa9b33c3c5fbbcbc725ce8c2cc9ab0f2b4d30078040d3ca79d3ca056c360381ee87e743dea73a25ea2b4843f9ef280feb507f933fb556c718d8bf8f8618db72805b65d381b319f65c745c1e5060dae2f498852e79aff8dd9c88fd939a31871a430d3ba96fb118c79d1b08a397af23b1a188d1802106f588c768a1e6c9d244ac9a38d2a54ed50f19b78bf25e0ae1f9337ceaa8ff5ca8640104b19bcd643b51501d4e03ed5ffb383e7ed0ab78d540ae10bbd64fba1af59a4190215b7d10230992bbb4ff618d8284a2e2446990511fc2bff07cce9ba94a11d3db041e220e3d931fdf129d8ec2c9b17d6587a0044c9e09f52848db43ddc0df94513cc9e94e9d427623502a910deea0f21d86b16366769a46bf0d6d9fc0d2cd6b98ed885e9e2d765bdd051196bf20bd27c46ec902726d96de352c346d904fa00d63b67d272f116dce489f9d636cef61b441b9c113addec983b8b2fbdb2b32049e436c972b2fcf5140dc7b094c5047cb6226da700b72aeb3febdf16a75b6f61a311f606251c99b377c775c8fb3446ccf25dc4cca24290b3939f948019b05c80b5a6382112f63e0990b324c16a087c72aaec08796afc769f678e3634100a5a9da8215cb5d7a6a6b50a81676ef4edca35595b11f9606bef2fb84fe1f0a0703c886579f09986086f0dca6eb8061f9a74c79c1f758684a7363974b14561b9d2efdaba6c4cd8cb70627da1e195fcae3d8b2fa751278e8f220c83e677e14731eccd6fe0c357b011ed88b6df0c266b383f224b8e95384e401b717030b1227582d0d1042bd90377c4f2c7206a19983fc5905e4eb87edb6532b26ca9e28e160202606d19d9f5da34762f4b3fa842d7bff382ad70dcbc411f8b3e4cace8c8e0c72898d24023545e0dfdc4176209276a535491ce11c045c57b45c40f19b12dcf6ffbb78ab23e7fe9bdc404cf47db9855f2b835e1fce57debfa071803ec38da3c77a904080a4c737ce2b20e14e8449762f1ca0b1ce71779d2e6ee5299e1cf230e8070045c23c1d0e52f66fe9039f95cdc0b448dc12d24de39157934270345991948fce921b5d8e739315cc75d4b3b49928437b88672c1a7770365207b43895f45909d5d972f48aa66de609152a5afa2c7d75f0a14189d0409f0b623eab3b6e7d81025cde140893ed71b6f24f5a36d21dafb62af6be9da845403bc8ed36672efa74d7da19d5794cb4b79fa1c86940b1890c012e14b7c3bb261f16bdd99efaa9819b0bc00af842a6b94c6086d15b16ab81af9331ba3a5bd6941ef35239e85455ceab02c598ccee8fbad97ed37daebfe3b26a5a6c9eda5f65a1cfaf7a1f1688267c812a56c552ae11b465dac030e18f9008ad03cad80bf2cb91a7d99dcfa54d323ae0a4c3a6dc0f80d7ff703870610a945eb0ab5b6d14e81869c8872f6b123d98edcf6bba10d76d35cff4b0bb73db8b6695a8351785bcba1e160a42ed367c4da727da38f91562e941e5c4fa90cd585c5f1cd3a7d6892f18a5aa3c74a4fc00bf5909267489b937a928d9d8ff92530b5226eedf8ab9a957e5ffec45bc3a55e6955b38393ce52892655265d1f741e0b744808eb568a08d155a8bc5ada9b079f6d0bec5fc2ace0502b3f926372dff49478fbd10451f0de4b3d1a63b9d4e17ade45628d2e9dca041fcf7fc1e105e1fc44089fde9caf418ba8454dc361df4a59e1bd79143d280613e3c79ad18e922a43e199aa5927bb9553dd31e6223ad19bf8aff6e1dac8b3680feea3138bc61742b03f047b3d77039c1a4c2d05bd89c4bc12a1b83d78b4e7023f690fce6a44608c423d8cbc2e80942b9d9df2f4bf5606640fa47692f3e003885983a73e1dc313b243bbab5c3c6348afab796da766044ba142eda5a9d3713e3eda8c54c1708909c5da89ba67d29cd7f409c9b759cba316c42028754e3cb6eae2cc4f6d66982f212320f199b2e837bb4c54c54bcdcd2ac240ef6295d38e9889b4213819ef0f9aba6ceead4e0fd2c4becdc1f8ee3049831996c9a74a5fd4e12a1fd21ed47cf27e29f9d61e4b673d88914c36eefa53d3c49d94b463b7f8462c1951dfe33c10993d5cfcd0ededd50ad55009528f1e79fbc2fa70c3338b32c40ae3bb45d7079c7ae8433fb1aa19affbd3fbce0cb5ab0d557afb3be036856066eea45c28e93528b35477fc97fe9ff3641e5bb0f0e46069eb653c027daabff38541250081c77e0e3a1d030a73289e771cc41db10819af60599b5df0ad978fcf0b46af821c6b717b265e07d3a85397ea94de26f510290ddb5df8fcff76fe624843c8577802809c145916afce01d9dfdfa8bf07633e98f14fc73d5ef58ae5cb0c308bc74ca38259692a1cd4cf16752786a1c816f24612c27393d7e40a2df9a3dfa23a0c59613c8a7ccdd97c3fc67ecab94dcd8cc4b4517ed2414d41ce574074ffebd156e3d65c4421b0f339bc9f29abbfe49db62122248cf96b74d9639b3ef9d935cd81315a7ecfb0dc6ea1ee053c2e5c3315fbc10782f16a564fcabe1df70da7de989e00eedc346cef5b5cf880e9d563fc15302f056d37f98a939fd1dd5478b4318c256e93b77e31f87d8f7fe31755191b40d778ddb2ada1480bb9fcb96a09783f13cd460ee2c9cf4a712f04eb1b1a746091109f7ce0655e1ff7781fbe853e3d03bb91c9d8f4f416f5745c6b607bbf72786bd3c0ac4761e6e6d70f12dbefa1b13542086f793b72c6102ac06e75be17bdbb1efbf7e007f07f9bd433fd9d9cbf93e760757b792f15231895561fe49d9d683ccc066f38af581422b71702627162c0f0f35c36a61eaaa92129114b7334281e35fd39576e51d8593c149c9326e0c710ea4dcc9ef39a432a48ae1834f5046b954f9c033d6035cde0dbffe3e97f48a1dc695f4b2f6fe5d4eee83008318def105c37e11c9015670f13417ed036e68f6fbfca2a8289829677feb23079f3f2ee53b26e491924fefc1c50e54f288a8c4b6ba6d319054c3a9e39e14bba81b423acbd44b51279bbea6b0bb2047325837ce8b2191454f52ffa2cd04abe89e3de5bc102e9fdf740d3efd975bc9503af796e6aeee711ef8797de5d507a964730aa70cb9d3840054d4e1ffc57de378b511f7649666a54a6b3d91ed517198d76322bf99d13bef530a43ed3f13196bf2def6dcfb39f76471c75c5779bedf105717e546057fb478bfd24e8fdf3c12d028b542d1f424a9d45bb9e026e6098eb1cb0a77378300ec1b4c9f006aa4dfb7fb5c57cf1b035cbe96009ead1ca25ea1e5fae40312a4e9fe250684a1c8653bb303209e0fc6a498f3a08f6c5b946378a349f3aea45104a2badb8a45f500bb4f0f6cd620ce794e0f390e1cb7f2f1fc0039f4250a577544a6862b47bf89eea3a8c1516b7a9dd111c2ca719190e8feb1a7079e9fdfdb8224dc50791c986825469c087c8f081616edaa4193e161281aa68b7286a364cbb336b2459f0892e57c40afcfda7d16ea1877efb4e4b0d4b5c31e8cba15066903d3a91bdc7fb64452fb9843436110596f0b038da167a86f97d32c807270a1c994fe88e2517e11bdd210dd982d3c8158459440108308a936c9d2370b9d157c3f9caec36ff05bc40b37f095edf33bf4fad440f38c3f52129456936c07014140be5618f4e9d07b66679238023390cd676b1a3a28d0e90d5ad9ef13a31fcdc5a435454309367c437424e340a1f91c6483bce1026d85a16fb854252ea4ede39a4e69702ecff76432de508e064eda0df9f263a25c0f626d1c1ffaa6783be2975451ee936cc2178648935a924f6fb2db2f8ba34e348920d903114520918cc6872b842e3744fc18d1363583a107ec7b89c7792c0d8069e12f873f6d668f6fdeb47b72986914e45c2b061c5c936c73c9bcf1475ea0d25edaad21cf193405c8acef3bff4e4f1b2b321d70dba59e856a8849c2bba9508bad775370669b2bb7f5e53181af8bff525e13a4935d7e28b997b4ff15da9e36f1353a154ab701ad15420786daaf27ba7e122f7b825c668185b685630420378b4142ec4e4242c2cf0bf6e143f7e55cb12fb9dd59a8df9959ce4fc5fff68ae7174977a31ad7fd644bc94a20bae76f0af474034990fdfec8ceca0e6cd93fe21d84837b7e9d74c17b6d3054f0c008ee05764745fd8773a0c1c31bb3eef5b7e261b54805b5c805a4eeef05c812fcdede200442e7340c63490645ebd09c235d5c52a785542526edfe3875ad08267faed1d0a15236f00c6736b94c1a3821302ff610697ad7becdbc96f54b55138b585cd122e0d5aeaf43c9ba373e8aa1c1297e3415552cc57cd60ee1f3c04500ed0eed37775c873de3066c034c176c67c5bfbe9899a47732030855781341374641da058eee61d01d11b9db8f19fd4558957897340e32cdfbc39713f1f439be0638f614cdb5361433a45a6ff024e39c94141dc5403af101404ce5f2efa97b90d9ecdb7c361785dab977feded32554d1a74d5cbfe2435be7f0329ba382455c2ac11fbe29fe3826796d4bea03dc53a37f63f5be2773f83faf282f0ae24d9fe5762b71b499fd37b4ce7e71f93c3a983f80fed477708bbf2261c89893c4b76e34fac9b42671b6cc81678cc867f53e8c3ec47716206212743ca0c4941c2c61ed3177fccf85921e998d2b826df751173944bb07eeaae4001f677a0687a2550eeac8bb5128ecad9c7b6a514596a30b8292fbacc09ab488193507b6785d7a35c979db774b2c413246f1ae88d35d1914b000000001034321642fb0b0baba3378e4c31fb5e247c177e573295df0194462b99079a436400ba1be2e30d39b8714c0fb2bdcd981d5a5cd514f8d4f14e4e0437108630355d8f2b60a6d18cb14ceb2b5d0704aa6e93e180bd79cb17e176bc4f81a03db12a03413de6189896955bb9e3cc69b6f9a50a7eda3742527f98c71d7ea8ba75e253c2b783f7104813c619949e6a0765179b1b9cbe68b703335ab5986928d86384357a2f4189f4b4ffcd61a3d29709bbc93b5371f0e7798cb72ae4c17bcee24f8e566f2777803c3d182d15a63ac40063f0ccdf4bd790404524eae02eafb6b54c699578486490033f0be866c74a134083003d330498658ba973ea674c4a0ff158403987b4c4752b07c8637a119b019fd5093406960144445056f6ffe73eda0235dc1871bb6058d4a9feecac628265689d58a81453d33290ab56eb691f3180d0288449f41844e56f5c6cf522d4a5866b24fb9552fde71946c4d25dcceaa41cfddb5a33c51c54c0a0a5abd31be8fb6ec53c1d14ba648e183979dbd0db01b9e51ba3803be7e7d3dee752668367264c783f74838121797ae5706ef3aa460682d1bf55808c70e69ae29d7683368470d08e7e9a1095305dce250b5b4bd48c02e098d241b1089736e8306a737e3a1a93e554cc3ab24672b8c74bfb8825004ca869e347f873de14575493836662ad741d79269904f905d7df64d0581ab8d76ee51a32d72ccb719f3a25c0a856b5bd2b2a1269e208d70c32e1d5ad0dfdc0ef43f0230e95eb85871eb4d6033abbf0be7025382d878eeaeea73c94270e79bd5757dc1bac95236a62545cd467830b12dcc30d7cc81e889d360d073db40058e9a1c7b41fc53e67740bc984132a1452cf7d000378f14ef93a7eb0dc9bacf23584ad6761139576607f8214757f71fc47b2944127116ca3e83b9d9643bce8d7bb44b4d16b5d5cff70a9e1114cd920b6fc1f409672648ad56ac3136ef0a314adb458faf3d3f171cb2fc513d76e43e6bda2f1a68e6fcf4a4ecbe6bc87716e2a82ea0c4657983ca0caaf8d75fdf5b0d7930e4f3e95eb1271485f938e7ad2bf0c97b7c11745de45518a1e3a74341968588558e7197b407d24eda0671ee28f219e4c5f809a7ea6f9f5b9705f4634a96112eb262bd5967db5237285b865d3f64516495ea6d1ec20dbed7af02362370bcc98671a61241fa1ef5b3095609d66ecc16010f6f67a280d1c6d215ec224ead17d68bbc9bc64b363b5be9b479b7aa2cbc8587a6b48cf653fde7a262a11ab3a10356f55f122310feac77c32ce0994d6e8a70f1c53331cb473a8e29427322fb6da292c4443b1678877f1c981fa05fbdef96520e5895aeb2a3a8e62652f9d8830c3b144b9598873e2ef41b7ade943807766877d609972cca74855eaedce07cda35b50557de96e736ca3107c154d31aeee78db234687b9964517bcd2c6c9ec047514b45c831aee4588166dc3ec9ab36bd1033e74b3d02d731c5bd84f659fa9fe55cac08c12cb999a2e64fac52f6cb7d1fffbf45d9a1126787d0060fd1be563ccbc278ac97dab0c1bee664675f273f5fa429bdc24b21ff1cf0a3ad3c687fb07ffd88bad6ab6c6b422a43b77ff76f96bf405c07f8a667bb8ff54d6714aaa21ceba2e78ce03146b2ab9f49e6d65081119b8e7cf3843e91349790d2b975c9f9c305df0ab4f2b1b2f30f629313cc66a325e4037f38f29842ee5781ba73d2f30f506cf7ff2237a72b4075aefa32cdd5ba0ae4e65cb6fa47a3e06f0d5f684b7172d6b58f5f7d783c4122db4f4b8b4f9d3296c9d115f432710c29d40dfca0010ecbe2f42fac899911d65c84f08aaa1923c8add5af518286211db14e1187a8839f3b2ae8bd914eafc16a576bbe3eba6271a4c5b3170c3f543761f11f1326a05c575bde1b5c6afd3876bea4fbb649071a95caf74de9f7b3421803ec351f934b8d0932ce72a13abf3627d9a396c10875fc167ef1ae98ff92af9ca366033c99d30306fd540a09d67d26ab192504e7c09f9e4d06287a2b1748f1761ba3c16d9d08be7562b7351c4b4679f5d4b38681bfd86c7f2003a9749b20b602112a95803469f5d252c564912b55c4bf3409298dbd066d877cc70a89b484b9ee6bb836c9acd1e53086c4be85e9a3bc5969c7016db9c72b68620c241409d06f4d7f72fe2289c9b4921055922783b8b886bc22926b7d194820af2b90e3c60e87e1a7851f38a970c07c1da120d1da75de2bb994ff7d05a313522373326f160914a9589711e0439d694f5221afe8cc118722ce4927e9543e61a12a76bcf2da1d01a0f258095d32063387349b4e9f253d8b73c6e834b6866f8a56b4797b92d521fa732aa0d55c8e9d6c56011ee6fb450853dc564d18e97c463609c27a63f9c91c46d7bd80ace4edc0615ca342f43ca3b3d0cc36ed52b7d1f457e5b4b26b5eca0d91abe4f1a42a2eec40ec2faff1222f71dc226d6344e947b45155691205c09913fc3c6ab3fe76f4d1b11fa45869e20694b5f0a1074780a07332764212533b797dd24d8df157d4172f91253b77eb2ec90c8222307ed59136463057b7f469116086410b7503b44cef401c47811c1390060da5b3321d34096b67468a7702978d98d4bd721c18a25ed541249638e90281dc8e3565dc33e66d7b832a9bd62c02c5ed0e92935c92472499653d2d842ea6697c733ee80d775884074b3a0c250a4aa021bb6ea93514f9cc5f09feb5719d270cd184e364ca966f1416e10f111bc425f32a993fc5cd75503f99d89d91d7ddc6dee70193057cb946e5fbf8663c53e12cebffe5dbd4a86bfcf5f35f0d8aa43763a60e00356b4f8bc2bca01b02cfddde38f0c4df1e7f98709fdebc5abb5eb9631bdc3dbfcf15517fabcf16931eb7381e83713b081ad1947274d4896ee8953d772e9e71f363b6f1147317bc739ec128e4ec865f8f0ea34cd5ff19fb2c28931d2c85846735358504ae9161535cd7890e8b95c814cfec116b78e6d0eb5097cd4f35888121452e27391d865c15f0b986925d0d0c623bcbb4d8ca66603720253af17853967ea5954eb5ef0dc43de185ec4925026c680464e66d1caff1f4c7c757bd55ec2515ffe7183e3481ff6f626c2228a3fc3d15f63e4bfbec76a2a170206142cbbcf204a1cbfe0ee56eb47dfb79c80894c0a0fbf8a2955d861678fc2f8f9ad7a28052197b5992bced1273658da5b1f42fca48c80883600c24d8515a0c7113deb4c97df918ab64bca16a0c14f2547dc91d5ce4f884978c95fe54899f77ffc20a2c4b27350bc451bef72a46d8e144ad57a8d5f8ac039f58b8a53ea1f3fd5fce612a171bf82ba17c0681cf46ce5c8181a522ed2e986361903903159643046c7be1787dac6ccab09d18a30997541dc6e9efa260f1ff0392bc1890f19d8bb725f4fe7d8bc618f46e0c23be6b9ca67777dd3f5a89b41ccfb11a526a3bed045a2906f86cc5186a1db7a70391261b694b423e5a44d374f9d3720330e083574083f8950b2b35c8bb5b6c0a7fe259f235dc1c069d4581a9f0a7451890561a0829bb290de6aefe4d243ae0b00ca61a1dc4262bb4951242b21d88148eb7b6a9718d6433274f2b3c9bcdbb6d5df67b48ff42692d8cd7f4b7f41728de68ea1ce0f3e4a2843c5b9ffc43f69b8a0445dce44081f5b443a327084b0d00d07cbdbbfd2da5d67bf8d4bb4ee408d17eeee48b61decd06bd3dac9a1adbeb069b49ec96608b9179bb3af4c10f2ade6778b31fd4c22c2961cb949a64e9a8a4879c550f8d8783064cb304511e40e2e562ba83c08ba8ae011a784ed9db03db5527a5aae222c856c8df0a94f9c4def0f94244c5b8e3db9f39dbd337928e24d9d8562f231fea72116c01089163d2c5f4ca17faab20b73c9957fa1a9af20837a804870034d4e64281125b070d8ee0dbf05f95e5fb079e2a57e9af977222e90b664189114dccbca81ee58b7de90a813768a2049052b339a608d3e9966bdb3b584291fbf7694a7d1dea7f72ca604894e6cca5d326ed5e48c15eff5e6a8cc11c40f84ca920d79a5c55d07001909bf6338921c656a39d59d03f62bb5b8870189f0416ec8c317b03ccdcbbeb3e1a9bf2661813f4966b57eb56a2757de5f7745851b5f7bf75e41eb1646e61a41923c5c0e58c2ea478d95b5c39c450744aea0aad3706fce684cb7338ff3dacab60e8d968f0e6fc070693ae3ca16996b34a50afb7e6e377546ae28dc8de7a2ea3a657b4b0003a91a488e347c61971d62f32eaf843d4d4c4f86cc4033c1244c8408def09188dde509c629323f34072f9089a3846680894e8b000a03865438b2ea212b68fdef7f17583f92014eef2c8115a37c9c82dee06213c1407c104039dfe06774b946f43b68b7957a5ca3ee763eafbb7437850eb0a285c413bcf6965232d593d8da47a2a06abc635ae38e596a9dae55b43f341bcc6fe72d79b453ac1c259da37f64cbc1f1508caf280aa6a3f4cd2ff5564cc5a8727f222431454a5ac93398a29fb95b4e057686cd6fcd920992f74e5870749676a36e043bec5fc1b0fce5563affe9addfaa3689e857383ccd1f2924080449d2cfb006e855570b711c1dedd1df2629afaa3806f4ae229a9a8ef1940ddf2c55dac7812d2374c0684b7ba27b2f0849ee4c055d2b8ccc8e41c593378340d7546bb974bc8032f220b37099e3b04c6591c40d2c50a855a491e03c1c9cbb32c400f6104341262d92daaf3e2c04936cf28788fdff8e0a77770a9deb9089a9e32eb5d9e2581aecd98f83881ca8e7d49e603556dc03a9aa19a8f3a4735aaee347b25ea35b36fa57484c0b6d591979b4a3da894fa0c15966d6a5e02e397cccdb9c314b504372b81ef6913877767001263c05dae362b49e5928ef36f554ce245b4111486417634f1e7f4530a760ae6ffd3123f5736ac12c5bf506c5dca03079c0fd0776cdb56c938cdf480fb9b97b1685dfa3be6f712aae107e2dda726bec137b2ebdf56c0fcaecca4350bd7b5c84d57f29c2a2c99ae10c30cece4831d71ae4ee3362983cc816bb6cb9225b9db08503a1be23a26a0425a8628a2e718feae5df91d829f27966f766b623a0a4958a57642aefae259713733670d5b1d027fb8eb2d0d3a0b4acd482076dfa09ffe883f556b2db2262bc0872e1bd713f100dd7a8a8f2d725b46e09c625d513179872bbcc9a41e596a18b2471d977f4ca2bebd06cdaba31b70ef25e098f214fef16f16f725cad4311eb91457fdb70b471eddb65ecafb1e2b03c5ff21356241e3cab2c8ba601f9ef1aec9006b7cd0b81da29be01cb4c1d52e563298e373013886ebb1889bd5616647c6c418ea6bc1f3c0853b65cae48467b35f08318e3a9d034af7224cc3520ab1ece7751ba15407298b21e4f84ef7c23d7993739403d4f116cba2d0ae2d4003a28334c461c734d4555105b986ad0af28aac36c753ab52b91b7e23ae3ab07d3b170fe53a2249efe5b65463a3f237cec72091b04005f95a15ae595191ba39d0ae1d91d8e00b132ae9339884bc57bbb79978a308e1c31c5f213b092f380a7ba58f55869e9c29a5a6e7a7aa4f8d58e5787cc05e500", 0x2000, 0x0) 2.998925381s ago: executing program 2 (id=1737): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f00000001c0)='proc\x00', 0x189, 0x0) r3 = syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(r3, &(0x7f00000000c0)='wchan\x00') pread64(r4, &(0x7f00000002c0)=""/5, 0x5, 0x7fffffff) 2.488926391s ago: executing program 1 (id=1743): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000080000000800022cdaab4a"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_emit_ethernet(0x52, 0x0, 0x0) r1 = openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0) write(r1, 0x0, 0x0) gettid() timer_create(0x1, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4) 1.958219874s ago: executing program 2 (id=1750): r0 = socket$inet(0x2, 0x1, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x800) io_setup(0x1, &(0x7f0000000b80)) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) madvise(&(0x7f000013d000/0x3000)=nil, 0x3000, 0xb) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFCONF(r5, 0x8912, &(0x7f0000000240)=@buf={0xf5, &(0x7f0000000140)="29dd39adb5bcf7015c30d5490f3970cfb9a5556ca9805e6108098512cdc5fe7d67fa81d97b49efeb109023c36a49227d2cd246c9cb0281f200e9a1bc913d0acf9646e6d59649a38549dcf6c31f6932ad45a871976e74ad81c883a196fefce1f1c0ba401c83905b65f4a6d1dc1f948b5e9e8cfe908b6c7052f7d94eab0e806023cf40987ce2fa4741e74bd8d833fe20b069de3b53428939f5c8a02e899854363e04326103bbf0d3898531fcc5b7303d06a095ab771891ac59e0dba778393b5e4203a3932edd8ffbd1bb2dddf1467d01c7de0f5ba658c4fe61d0eb5cce95493e3f6eb0951dadd8624509650ec6846f3bf97720c13e2f"}) ptrace(0x10, r6) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x10010, 0xffffffffffffffff, 0x43929000) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='cpuset\x00') preadv(r7, &(0x7f0000000840)=[{&(0x7f0000001dc0)=""/4088, 0xff8}], 0x1, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[], 0x0, 0x96, 0x0, 0x1}, 0x28) syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) poll(0x0, 0x0, 0x73) signalfd4(r1, &(0x7f0000000000)={[0x2]}, 0x8, 0x100000) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x290, 0x0, 0xb, 0xd0e0011, 0x120, 0xc6, 0x1f8, 0x1d8, 0x190, 0x1f8, 0x1d8, 0x3, 0x0, {[{{@ip={@rand_addr, @broadcast, 0x0, 0x0, 'nr0\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x120, 0x2000000, {}, [@common=@icmp={{0x28}, {0x0, "0010"}}, @common=@unspec=@connlimit={{0x40}}]}, @unspec=@CT0={0x48}}, {{@ip={@remote, @multicast1, 0x0, 0x0, 'bridge_slave_1\x00', 'virt_wifi0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x20, 0x0, 0x0, 0x20000, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f0) 1.902876806s ago: executing program 0 (id=1752): bpf$MAP_CREATE(0x0, 0x0, 0x50) syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e145"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x40102) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r2}]}, 0x20}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x4000080) 1.457561426s ago: executing program 1 (id=1755): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60001, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0xb) 873.395283ms ago: executing program 3 (id=1761): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000340)={[{@noload}, {@stripe={'stripe', 0x3d, 0x30c}}, {@jqfmt_vfsv1}, {@nojournal_checksum}, {@jqfmt_vfsv1}, {@usrjquota}]}, 0xff, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = epoll_create1(0x80000) syz_clone3(&(0x7f0000000540)={0x901400, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000400)={0x80000014}) 873.237709ms ago: executing program 1 (id=1762): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sync_file_range(0xffffffffffffffff, 0xffff, 0x9, 0x3) 816.902016ms ago: executing program 2 (id=1763): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x198}, 0x1, 0x0, 0x0, 0x8c4}, 0x894) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20200}, 0xc, &(0x7f0000000480)={&(0x7f00000000c0)={0x38c, r1, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xff, 0x68}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SCAN_FREQUENCIES={0x3c, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}, {0x8, 0x0, 0xffffffff}, {0x8, 0x0, 0x1}, {0x8, 0x0, 0x4}, {0x8, 0x0, 0x9}, {0x8, 0x0, 0x8}, {0x8, 0x0, 0x7}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x2ec, 0x84, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x24, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x7}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x7}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x54}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xf}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac=@device_b}]}, {0x90, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x4c, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x2}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x3}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x45d}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x80000000}, @NL80211_BAND_LC={0x8, 0x5, 0x4}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x9}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x95}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x1}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x9}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x7}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x8, 0x1, @random="3120d702"}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac=@broadcast}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0xc3}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x7ff}]}, {0x58, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0xc, 0x6, 0x0, 0x1, [@NL80211_BAND_LC={0x8, 0x5, 0x3}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x80000001}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x2c, 0x6, 0x0, 0x1, [@NL80211_BAND_LC={0x8, 0x5, 0x858}, @NL80211_BAND_LC={0x8, 0x5, 0xf1}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x800}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x2}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x3bf7}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x4}]}, {0xc0, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x3c, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x5}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x4}, @NL80211_BAND_2GHZ={0x8, 0x0, 0xb9}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x2cde}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x6}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x8}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x11, 0x1, @random="ae12165f2fd74d9a12f6b4478a"}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac=@broadcast}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x24, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x7}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xffffffff}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x1600000}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x8000}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}]}, {0x7c, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x3c, 0x6, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x8, 0x1, 0x10001}, @NL80211_BAND_2GHZ={0x8}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x8}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xa1}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x4}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x16, 0x1, @random="65302688f727ea0a7b8976f62ddbbf2b0365"}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0xd}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x4}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0xf8}]}, {0x48, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x3a5e6ed0}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x1c, 0x6, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x8}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x7fff}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xfff}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x5}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac=@device_b}]}]}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x34, 0x84, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x400}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8}]}]}]}, 0x38c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000040)={0x36, &(0x7f0000000180)=[{0x7, 0x4, 0x20, 0x1000}]}) bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r4, &(0x7f0000000040)=ANY=[], 0x6) preadv(r2, &(0x7f0000000040)=[{&(0x7f00000013c0)=""/4096, 0x5}], 0x1, 0x0, 0x0) 803.480696ms ago: executing program 1 (id=1764): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000004600)='map_files\x00') fchdir(r1) sendmmsg$unix(r0, &(0x7f0000002d80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408d4}}, {{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004}}], 0x2, 0x40000004) r2 = userfaultfd(0x801) syz_mount_image$exfat(&(0x7f00000002c0), &(0x7f0000001e40)='./file0\x00', 0x800, &(0x7f0000000400)={[{@discard}, {@errors_continue}, {@gid}, {@fmask={'fmask', 0x3d, 0x8}}, {}, {@umask={'umask', 0x3d, 0xc63}}, {@allow_utime={'allow_utime', 0x3d, 0x9}}, {@errors_remount}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}]}, 0x21, 0x1555, &(0x7f0000003400)="$eJzs3AuYjtX6MPD7Xms9Y0i8TXIY1lr3w5scFkmSQ5IckiRJkpwSkibZkpAYQpKGJCSHIYkhJIeJSeN8Ph8SkqRJkpCckvVdk+aTf7X3/r69d/b1n/t3XS/rnvWu9dzPe7+H9Syv+bbbsNpN69RoTETwL8GLfyUCQCwADAKAvAAQAECFuApxgAHklJj4rx2E/Xs9mHKlM2BXEtc/e+P6Z29c/+yN65+9cf2zN65/9sb1z964/oxlZ5unF7qGb9n39tft/wPv///X4c///0Uyyoz7cm2Z67oDxPyzQ7j+2RvX/3+t4J+5E9c/e+P6Z1exVzoB9l+AX//ZQY4/7eH6Z29cf8aysyu9/3ylbxD5L3sMjua8WJi/6vwZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLG/wBl/iQKArPaVzosxxhhjjDHGGGP/Pj7Hlc6AMcYYY4wxxhhj/3kIAiQoCCAGckAs5IRcIADgasgDeSEC10AcXAv54DrIDwWgIBSCeCgMRUCDAQsEIRSFYhCF66E43AAloCSUgtLgoAyUhRuhHNwE5eFmqAC3QEW4FSpBZagCVeE2qAa3Q3W4A2rAnVATakFtqAN3QV24G+rBPVAf7oUGcB80hPuhETwAjeFBaAIPQVN4GJrBI9AcWkBLaAWt/7/GPw+94AXoDX0gEfpCP3gR+sMAGAgvwSB4GQbDKzAEXoUkGArD4DUYDq/DCHgDRsIoGA1vwhh4C8bCOBgPEyAZJsIkeBsmwzswBd6FqTANUmA6zID3YCbMgtnwPsyBD2AuzIP5sABS4UNYCIsgDT6CxfAxpMMSWArLYDmsgJWwClbDGlgL62A9bICNsAk2wxbYCttgO+yAnfAJ7IJPYTfsgb3wGeyDz38zHiDxl3r+vfGn/8f47ggIKFCgQoUxGIOxGIu5MBfmxtyYB/NgBCMYh3GYD/NhfsyPBbEgxmM8FsEiaNAgIWFRLIpRjGJxLI4lsASWwlLo0GFZLIvl8CYsj+WxAlbAilgRK2FlrIxVsSpWw2pYHatjDayBNbEm1sbaeBfehX2xHtbD+lgfG2CDrO0pbIyNsQk2wabYFJthM2yOzbEltsTW2BrbYBtsi22xPbbHDtgBO2JHTMAE7ISdsDN2xi7YBbtiV+yG3bA79sAeGc/nAHwBX8A+WFP0xX7YD/tjUo6B+BK+hC/jYHwFX8FXMQmH4jB8DV/D13EEnsKROApH42isJt7CsTgOSUzAZEzGSTgJJ+NkzEz0XZyGKTgdZ+AMnImzcBa+j3PwA/wA5+E8XICpmIoLcRGmYRouxtOYjktwKS7D5bgCl+MqXI2rcC2uw7W4ATfgJtyEW3ALbsNtuAN34CeoAPBT3IN7MAn34T7cj/vxAB7Ag3gQMzADD+EhPIyH8QgewaN4FI/hcTyBx/EknsRTeBrP4Bk8h+fwPD4b/3WTT0quSQKRSQklYkSMiBWxIpfIJXKL3CKPyCMiIiLiRJzIJ/KJ/CK/KCgKingRL4qIIsIII0iEMQAgoiIqioviooQoIUqJUsIJJ8qKsqKcKCfKi/KigrhFVBS3ikqismjnqoqqoppo76qLO0QNUUPUFLVEbVFH1BF1RV1RT9QT9UV90UA0EA3F/aKR6IsD8UGRWZmmYig2E8OwuWgh5K/vYG3ECGwr2on24nExCkdiR9HGJYinRCcxFjuLv4lx+IzoKiZgN/Gc6C56iJ7iedFLtHW9RR8xBfuKfmIa9hcDxEDxkpiJtcT7OCdnbfGqSBJDxTDxmliAr4sR4g0xUowSo8WbYox4S4wV48R4MUEki4liknhbTBbviCniXTFVTBMpYrqYId4TM8UsMVu8L+aID8RcMU/MFwtEqvhQLBSLRJr4SCwWH4t0sUQsFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUn4hd4lOxW+wRe8VnYp/4XOwXX4gD4ktxUHwlMsTX4pD4RhwW34oj4jtxVHwvjonj4oT4QZwUP4pT4rQ4I86Kc+IncV78LC4IL0CiFFJKJQMZI3PIWJlT5pJXydwy+PXRvUbGyWtlPnmdzC8LyIKykIyXhWURqaWRVpIMZVFZTEbl9bK4vEGWkCVlKVlaOllGlpU3ynLyJlle3iwryFtkRXmrrCQryyqyqrxNVpO3S4hcPEZNWUvWlnXkXTIR7pb15D2yvrxXNpD3yYbyftlIPiAbywdlE/mQbCofls3kI7K5bCFbylaytXxUtpGPybaynWwvH5cd5BOyo3xSJsinZCfpf32KPCO7ymdlN/mc7C57yJ7yZ3lBetlb9pHQF2Q/+aLsLwfIgbEAIF+Wg+Urcoh8VSbJoXKYfE0Ol6/LEfINOVKOkqPlm3KMfEuOlePkeDlBJsuJcpJ8W06W78gp8l05VU6TKXK6HCgH/TLTbCn/4fi3/2D8kF+OvklullvkVrlNbpc75E75idwld8ndcrfcK/fKfXKf3C/3ywPygDwoD8oMmSEPyUPysDwsj8gj8qg8Ko/J4/Ks/EGelD/KU/K0PC3PynPynDz/62MACpVQUikVqBiVQ8WqnCqXukrlVlerPCqviqhrVJy6VuVT16n8qoAqqAqpeFVYFVFaGWUVqVAVVcVUVF2Pvz5hVClVWjlVRpVVN/6/jFfF1Q2qhCp52fis/BL/JL/WqrVqo9qotqqtaq/aqw6qg+qoOqoElaA6qU6qs+qsuqguqqvqqrqpbqq76q56qp6ql+qleqveKlElqn7qRdVfDVAD1UtqkHpZDVaD1RA1RCWpJDVMDVPD1XA1Qo1QI9VINVqNVmPUGDVWjVXj1XiVrJLVJDVJTVaT1RQ1RU1VU1WKSlEz1Aw1U81Us9VsNUfNUXPVXDVfzVepKlUtVAtVmkpTi9Vila6WqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qXW1Wm9VWtVVtV9vVTrVT7VK71G61W+1Ve9U+tU/tV/vVAXVAHVQHVYbKUIfUIXVYHVZH1BF1VB1Vx9QxdUKdUCfVSXVKnVJn1Bl1Tp1T59V5dUFdyFz2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJAvuC7IHxQICgaFgvigcFAk0IEJbCB+LXo0uD4oHtwQlAhKBqWC0oELygRlgxuDcsFNQfng5qBCcEtQMbg1qBRUDqoEVYPbgmrB7UH14I6gRnBnUDOoFdQO6gR3BXWDu4N6wT1B/eDeoEFwX9AwuD9oFDwQNA4eDJoEDwVNg4eDZsEjQfOgRdAyaBW0/hfnz3zJX5rf+1MFHnO9dR+dqPvqfvpF3V8P0AP1S3qQflkP1q/oIfpVnaSH6mH6NT1cv65H6Df0SD1Kj9Zv6jH6LT1Wj9Pj9QSdrCfqSfptPVm/o6fod/VUPU2n6Ol6hn5Pz9Sz9Gz9vp6jP9Bz9Tw9Xy/QqfpDvVAv0mn6I71Yf6zT9RK9VC/Ty/UKvVKv0qv1Gr1Wr9Pr9Qa9UW/Sm/UWvVVv09v1Dr1Tf6J36U/1br1H79Wf6X36c71ff6EP6C/1Qf2VztBf60P6G31Yf6uP6O/0Uf29PqaP6xP6B31S/6hP6dP6jD6rz+mf9Hn9s76gfebiPvPj3SijTIyJMbEm1uQyuUxuk9vkMXlMxERMnIkz+Uw+k9/kNwVNQRNv4k0RU8RkIkOmqClqoiZqipvipoQpYUqZUsYZZ8qasqacKWfKm/KmgqlgKpqKppKpZKqYKuY2c5u53dxu7jB3mDvNnaaWqWXqmDqmrqlr6pl6pr6pbxqYBqahaWgamUamsWlsmpgmpqlpapqZZqa5aW5ampamtWlt2pg2pq1pa9qb9qaD6WA6mo4mwSSYTqaT6Ww6my6mi+lquppuppvpbrqbnqan6WV6md6mt0k0iaaf6Wf6m/5moBloBplBZrAZbIaYISbJJJlhZpgZboabEWaEGWlGmdGZC1XzlhlrxpnxZoJJNslmkplkJpvJZoqZYqaaqSbFpJgZZoaZaWaa2Wa2mWPmmLlmrplv5ptUk2oWmoUmzaSZxWaxSTfpZqlZapab5WalWWlWm9VmrVlr1sN6s9FsNJvNZrPVbDXbzXaz0+w0u8wus9vsNnvNXrPP7DP7zX5zwBwwB81Bk2EyzCFzyBw2h80Rc8QcNUfNMXPMnDAnzElz0pwyp8wZc8acMwUkQOZHpjexNqfNZa+yue3VNo/Na/9nXNAWsvG2sC1itc1vC1wWG2ttCVvSlrKlrbNlbFl74+/iSrayrWKr2ttsNXu7rf67uK6929az99j69l5bx951WdzA3mcb2odtI0QA28I2sa1sU/uwbWYfsc1tC9vStrId7BO2o33SJtinbCf79O/ihXaRXW3X2LV2nd1t99gz9qw9bL+15+xPtrftYwfZl+1g+4odYl+1SXbo7+LR9k07xr5lx9pxdryd8Lt4qp1mU+x0O8O+Z2faWb+LU+2Hdo5Ns3PtPDvfLvglzswpzX5kF9uPbboNYKldZpfbFXalXZWVq89rN9iNdpPdZT+1W+02u93usDuzFsJ2j91rP7P77Of2kP3GHrBf2oP2iM2wX/8SZ57fEfudPWq/t8fscXvC/mBP2h9V1ujMc//B/mwvWG+BkIAkKQoohnJQLOWkXHQV5aarKQ/lpQhdQ3F0LeWj6yg/FaCCVIjiqTAVIU2GLBGFVJSKUZSup6z0SlFpclSGytKNVI5uovJ0M1WgW6gi3UqVqDJVoap0G1Wj26k63UE16E6qSbWoNtWhu6gu3U316B6qT/dSA7qPGtL91IgeoMb0IDWhh6gpPUzN6BFqTi2oJbWi1vQotaHHqC21o/b0OHWgJ6gjPUkJ9BR1oqepM/2NutAz1JWepW70HHWnHtSTnqde9AL1pj6USH2pH71I/WkADaSXaBC9TIPpFRpCr1ISDaVh9BoNp9dpBL1BI2kUjaY3aQy9RWNpHI2nCZRME2kSvU2T6R2aQu/SVJpGKTSdZtB7NJNm0Wx6n+bQBzSX5tF8WkCp9CEtpEWURh/RYvqY0mkJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQTvqEdtGntJv20F76jPbR57SfvqAD9CUdpK8og76mQ/QNHaZv6Qh95/vQ93SMjtMJ+iEW6Ec6RafpDJ2lc/QTnaef6QJ5ghBDEcpQhUEYE+YIY8OcYa7wqjB3eHWYJ8wbRsJrwrjw2jBfeF2YPywQFgwLhfFh4bBIqEMT2pDCMCwaFguj4fVh8fCGsERYMiwVlg5dWCYsG94YlgtvCsuHN4cVwlvCiuGtYaWwcvjwvVXD28Jq4e1h9fCOsEZ4Z1gzrBXWDuuEd4V1w7vDeuE9Yf3w3rB8eF/YMLw/bBQ+EDYOHwybhA+FTcOHw2bhI2HzsEXYMmwVtg4fDduEj4Vtw3Zh+/DxsEP4RNgxfDJMCJ8KO4VP/9J/36Ks/sw378v7E8O+Yb/wxfDF0Pt75Pzogmhq9MPowuiiaFr0o+ji6MfR9OiS6NLosujy6Iroyuiq6Oromuja6Lro+uiG6Mbopqj3dXKAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGVfWtXKtXWvXxj3m2rp2rr173D3unnBPuCfdk+4p18k97Tq7v7ku7hnX1T3rnnXPue6uh+vpnne93MQ8F1+Tia6f6+f6u/5uoBvoBrlBbrAb7Ia4IS7JJblhbpgb7oa7EW6EG+lGutFutBvjxrixbqwb78a7ZJfsJrlJbrKb7Ka4KW6qm+pSXIqb4Wa4mW6mqzbr4lHmurluvpvvUl2qW+gy14xpbrFb7NJdulvqlrrlbrlb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+l2ul1ul9vt816c1O1z+91+d8AdcAfdVy7Dfe0OuW/cYfetO+K+c0fd9+6YO+5OuB/cSfejO+VOuzPurDvnfnLn3c/ugvMuOTIxMinydmRy5J3IlMi7kamRaZGUyPTIjMh7kZmRWZHZkfcjcyIfROZG5kXmRxZEUiMfRhZGFkXSIh9FFkc+jqRHlkSWRpZFlkdWRLwvvDX0RX0xH/XX++L+Bl/Cl/SlfGnvfBlf1t/oy/mbfHl/s6/gb/EV/a2+kq/sq/hHfHPfwrf0rXxr/6hv4x/zbX07394/7jv4J3xH/6RP8E/5Tv5p39n/zXfxz/iu/lnfzT/nu/sevqd/3vfyL/jevo9P9H19P/+i7+8H+IH+JT/Iv+wH+1f8EP+qT/JD/TD/mh/uX/cj/Bt+pB/lR8e86cdkXSLDBJ/sJ/pJ/m0/2b/jp/h3/VQ/zaf46X6Gf8/P9LP8bP++n+M/8HP9PD/fL/Cp/kO/0C/yaf4jv9h/7NP9kqxNZb/Sr/Kr/Rq/1q/z6/0Gv9Fv8pv9Fr/Vb/Pb/Q6/03/id/lP/W6/x+/1n/l9/nO/33/hD/gv/UH/lc/wX/tD/ht/2H/rj/jv/FH/vT/mj/sT/gd/0v/oT/nT/ow/68/5n/x5/7O/8Pf/z1rOX/7k77oxxhhjjMHES01xec/F7fy+fzBG/ObO/QDg6m2FMn7bn7miXJ//YnuAiO8QAYCn+nR7MOtWs2ZiYuKv902XEBSbB5D1L0GZYuBSvATawxOQAO2g3B/mP0D0OEf/YP7oLQC5fjMmFi7Fl+b/AgAT/2D+Rx8fvbBieCbu78w/D6BEsUtjMhebWfESaP/L/ko7KP8n+Rdo8yf546/z5/wyGaDtb8bkhkvxpfzLwmPwNCRcdk/GGGOMMcYYY+yiAaJKl6zrz6xvfP7R9Xm8ujQmB1yK/+D6/Kq/Mn/GGGOMMcYYY4z9Y8/06PnkowkJ7br830bWLkCX33dd3qj+513/jkYz+E/NzI0/bHgPkPUT9c88Af5+AyCzIf/Ks9jylxwr6U9eIMvP+gD+O0r572hcwTclxhhjjDHG2H/EpUX/5T9XVyohxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsG/orfp3YlT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Er7PwEAAP//OQb2Dg==") r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r3, &(0x7f0000000f80)=""/4096, 0x1000) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) writev(0xffffffffffffffff, &(0x7f0000003500)=[{&(0x7f0000000300)="aaf9cbbebec1c21b2b97fe8378b1a6f9b362b0ce28d64dcae763a477474cd92e109fff8cbeb8da39e130c0e87879555d7d691c5ffa0ac0fa49a8957e4836da102348dff8d9bf765e0ac0d619a539ea3d1bf88e4ed805f6577386bc995636ac2cea14b9677bdfb1914b421322ef4e955bc5147abd6102bd0a10ee2e48b60974cdd83be5c49500f9b91f88934faad163a176b3a9e397069e026a81e8dc2d094d1ccf11663075c478f859ad127e9b4e7a57fb3b687a7028a38d612c45d10ae18ea4e356730bd5f16d03bd49200bb34d64d2a7b86ba5aef9f82143803c2eff377d13191b2201bbdcd953a6f40365c42d1dba0dbd4f199ab5447ff3d4a43c90cb5cebf0b33851e3e7e1d8fc9c23470ed8b99af94d0e2fa928c92ad57b8a411d39e08d6a347154ba5714dae3e3e5f6f2e634006b9bed44a08df2050dd90a4fab00e368fe552ebd1c3ec9884f7ced36521d94cb7462c54e1e6150445d75535d7777cdd4bd21cbebe7aa6c97866613122b8b938fc003f4e9196f75611c7c16e2354554fce9d84c21b7c1adcfdb51a1e3df4d167ca6c934564fef3929531eb1cc3ce256fb03fced3d8838def483c40a0d60b346848e8ce72ca24d3bbd9938ec7ae7be11631bccb7627edd71f7d0d4328d7dd1d264ae863bd7e272976ac6c56d3cce490e8863bfd04e3a100d02a589d2632ab5", 0x1ee}], 0x1) memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x7, 0x7fff7ffb}]}) setgroups(0x0, 0x0) setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) unshare(0x20000400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) fgetxattr(r4, 0x0, 0x0, 0x0) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) r5 = socket$netlink(0x10, 0x3, 0x0) close(r5) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) writev(r5, &(0x7f0000000240)=[{&(0x7f0000000000)=')\x00', 0x2}], 0x1) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 616.030215ms ago: executing program 3 (id=1765): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000640)=""/88, 0x58}, {&(0x7f0000000280)=""/121, 0xa2ec4ae9}], 0x2, 0x0, 0x8dff, 0xf0ff}, 0x0) 481.060038ms ago: executing program 3 (id=1766): removexattr(0x0, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000003000/0x2000)=nil) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000fc0), 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000a40)=[@reply_sg={0x40486312, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000980)={@flat=@weak_handle={0x77682a85, 0x10a, 0x3}, @flat=@weak_handle={0x77682a85, 0xb, 0x2}, @flat=@weak_handle={0x77682a85, 0x0, 0x1}}, &(0x7f0000000a00)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 231.904911ms ago: executing program 3 (id=1767): socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x2, 0x3, 0x6) userfaultfd(0x801) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) shutdown(r2, 0x1) socket$packet(0x11, 0x3, 0x300) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="8ee8c9b8ee088ed8660f3801b2d6352ed9ff660f3882040f01cf0fc72d2626652e0f01ca0fc7386635002000000f22e0", 0xffffffffffffff8b}], 0x1, 0x50, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0xa0011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0) pipe(&(0x7f0000000240)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 89.906889ms ago: executing program 3 (id=1768): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x12) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r1}, &(0x7f0000000780), &(0x7f00000007c0)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000000), 0x0}, 0x20) 0s ago: executing program 3 (id=1769): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f00000001c0)='proc\x00', 0x189, 0x0) r3 = syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(r3, &(0x7f00000000c0)='wchan\x00') pread64(r4, &(0x7f00000002c0)=""/5, 0x5, 0x7fffffff) kernel console output (not intermixed with test programs): preconfigured BSSID 50:50:50:50:50:50 [ 122.019271][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.221845][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.740475][ T5850] loop0: detected capacity change from 0 to 512 [ 122.763114][ T5850] EXT4-fs: Ignoring removed nobh option [ 122.763147][ T5850] EXT4-fs: Ignoring removed oldalloc option [ 122.763179][ T5850] EXT4-fs: quotafile must be on filesystem root [ 123.258017][ T5859] loop2: detected capacity change from 0 to 256 [ 124.055503][ T5859] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 124.176167][ T5859] exFAT-fs (loop2): valid_size(562949953421322) is greater than size(10) [ 124.272630][ T5723] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 124.639928][ T5723] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 124.639960][ T5723] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 124.639979][ T5723] usb 2-1: config 0 has no interface number 0 [ 124.640023][ T5723] usb 2-1: config 0 interface 214 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 124.695007][ T5723] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 124.695041][ T5723] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 124.695062][ T5723] usb 2-1: Manufacturer: syz [ 124.695078][ T5723] usb 2-1: SerialNumber: syz [ 124.914731][ T5723] usb 2-1: config 0 descriptor?? [ 124.965432][ T5871] binder: 5870:5871 ioctl c0306201 0 returned -14 [ 126.135805][ T5715] usb 2-1: USB disconnect, device number 2 [ 126.196096][ T5884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.27'. [ 126.719661][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.360054][ T5878] loop4: detected capacity change from 0 to 4096 [ 128.651551][ T5878] EXT4-fs (loop4): cluster size (1024) smaller than block size (4096) [ 131.055405][ T5923] loop3: detected capacity change from 0 to 512 [ 131.227295][ T5906] loop0: detected capacity change from 0 to 40427 [ 131.296866][ T5925] loop4: detected capacity change from 0 to 512 [ 131.360953][ T5925] EXT4-fs: Ignoring removed bh option [ 131.442161][ T5923] EXT4-fs (loop3): 1 truncate cleaned up [ 131.502302][ T5923] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.649339][ T5925] EXT4-fs error (device loop4): ext4_map_blocks:791: inode #2: block 3: comm syz.4.39: lblock 0 mapped to illegal pblock 3 (length 1) [ 131.649547][ T5925] loop4: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117 [ 131.661607][ C0] EXT4-fs (loop4): initial error at time 1781302783: ext4_map_blocks:791: inode 2: block 3 [ 131.661680][ C0] EXT4-fs (loop4): last error at time 1781302783: ext4_map_blocks:791: inode 2: block 3 [ 131.723795][ T5925] EXT4-fs warning (device loop4): dx_probe:791: inode #2: lblock 0: comm syz.4.39: error -EUCLEAN reading directory block [ 131.728069][ T5925] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 131.752212][ T5925] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.755739][ T5906] F2FS-fs (loop0): invalid crc value [ 135.315569][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 135.315720][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.519236][ T5927] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 255: padding at end of block bitmap is not set [ 135.864545][ T5622] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.504462][ T5906] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 136.678493][ T5906] F2FS-fs (loop0): f2fs_disable_checkpoint starts, unusable: 0 [ 136.678531][ T5906] F2FS-fs (loop0): f2fs_disable_checkpoint: call f2fs_write_checkpoint(), meta: 0, node: 0, data: 0 [ 136.678839][ T5906] F2FS-fs (loop0): Start checkpoint disabled! [ 137.164577][ T5906] F2FS-fs (loop0): f2fs_disable_checkpoint finishes, err:0 [ 137.808476][ T5616] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.384800][ T5962] loop1: detected capacity change from 0 to 40427 [ 138.403604][ T5962] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 138.403636][ T5962] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 138.404041][ T5962] F2FS-fs (loop1): Wrong secs_per_zone / total_sections (1025, 24) [ 138.404198][ T5962] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 138.443962][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 138.972311][ T5972] bridge1: entered promiscuous mode [ 138.972501][ T5972] bridge1: entered allmulticast mode [ 140.228339][ T5980] loop3: detected capacity change from 0 to 512 [ 140.448454][ T9] usb 1-1: config 0 interface 0 altsetting 15 endpoint 0x81 has an invalid bInterval 176, changing to 11 [ 140.448504][ T9] usb 1-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 140.448535][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 140.448571][ T9] usb 1-1: New USB device found, idVendor=056a, idProduct=00c2, bcdDevice= 0.00 [ 140.448597][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.068831][ T9] usb 1-1: config 0 descriptor?? [ 141.245832][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 141.245957][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 141.359019][ T9] usb 1-1: USB disconnect, device number 2 [ 142.228807][ T5980] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -ENXIO [ 142.754294][ T5995] capability: warning: `syz.1.62' uses 32-bit capabilities (legacy support in use) [ 144.443757][ T6011] loop3: detected capacity change from 0 to 1024 [ 144.506365][ T6009] loop1: detected capacity change from 0 to 8192 [ 144.717384][ T6009] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 144.855632][ T6005] loop4: detected capacity change from 0 to 40427 [ 144.856702][ T6011] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 144.856843][ T6011] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.946648][ T6005] F2FS-fs (loop4): invalid crc value [ 145.308573][ T37] audit: type=1800 audit(1781302797.172:2): pid=6011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.68" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 145.409270][ T6025] tmpfs: Unsupported parameter 'huge' [ 145.622139][ T6005] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 145.632780][ T6031] netlink: 144 bytes leftover after parsing attributes in process `syz.0.74'. [ 145.825608][ T6005] F2FS-fs (loop4): f2fs_disable_checkpoint starts, unusable: 0 [ 145.825643][ T6005] F2FS-fs (loop4): f2fs_disable_checkpoint: call f2fs_write_checkpoint(), meta: 0, node: 0, data: 0 [ 145.825675][ T6005] F2FS-fs (loop4): Start checkpoint disabled! [ 145.987048][ T6005] F2FS-fs (loop4): f2fs_disable_checkpoint finishes, err:0 [ 146.000678][ T6005] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 146.124453][ T5622] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 146.475490][ T6043] loop1: detected capacity change from 0 to 256 [ 147.511605][ T6043] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 147.811823][ T6036] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.812709][ T6036] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.882739][ T93] kworker/u8:5: attempt to access beyond end of device [ 147.882739][ T93] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 147.925139][ T93] CPU: 1 UID: 0 PID: 93 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 147.925169][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 147.925181][ T93] Workqueue: writeback wb_workfn (flush-7:4) [ 147.925230][ T93] Call Trace: [ 147.925242][ T93] [ 147.925252][ T93] dump_stack_lvl+0xe8/0x150 [ 147.925283][ T93] f2fs_stop_checkpoint+0x3ef/0x5d0 [ 147.925320][ T93] f2fs_write_end_io+0x1274/0x1740 [ 147.925363][ T93] __submit_merged_bio+0x256/0x6a0 [ 147.925402][ T93] f2fs_submit_page_write+0xeaa/0x24f0 [ 147.925448][ T93] ? f2fs_allocate_data_block+0x2c93/0x4130 [ 147.925488][ T93] ? __pfx_f2fs_submit_page_write+0x10/0x10 [ 147.925527][ T93] ? __f2fs_is_valid_blkaddr+0xd2d/0x1570 [ 147.925557][ T93] do_write_page+0x40f/0xab0 [ 147.925588][ T93] f2fs_outplace_write_data+0x11a/0x220 [ 147.925632][ T93] f2fs_do_write_data_page+0x123b/0x16f0 [ 147.925668][ T93] ? __pfx_f2fs_do_write_data_page+0x10/0x10 [ 147.925691][ T93] ? __lock_acquire+0x146e/0x2d10 [ 147.925724][ T93] ? __lock_acquire+0x6b5/0x2d10 [ 147.925773][ T93] f2fs_write_single_data_page+0x976/0x1880 [ 147.925817][ T93] ? __pfx_f2fs_write_single_data_page+0x10/0x10 [ 147.925864][ T93] ? folio_clear_dirty_for_io+0x1d4/0x820 [ 147.925902][ T93] ? folio_clear_dirty_for_io+0x1d4/0x820 [ 147.925936][ T93] ? folio_clear_dirty_for_io+0x649/0x820 [ 147.925980][ T93] f2fs_write_data_pages+0x1a42/0x34f0 [ 147.926044][ T93] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 147.926153][ T93] ? __lock_acquire+0x6b5/0x2d10 [ 147.926226][ T93] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 147.926257][ T93] do_writepages+0x32e/0x550 [ 147.926294][ T93] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 147.926318][ T93] ? reacquire_held_locks+0x104/0x190 [ 147.926342][ T93] ? rt_spin_lock+0x1e0/0x400 [ 147.926376][ T93] __writeback_single_inode+0x133/0x10e0 [ 147.926409][ T93] ? rt_spin_unlock+0x160/0x200 [ 147.926436][ T93] writeback_sb_inodes+0x97f/0x1980 [ 147.926484][ T93] ? lockdep_hardirqs_on+0x7a/0x110 [ 147.926525][ T93] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 147.926596][ T93] ? rcu_is_watching+0x15/0xb0 [ 147.926636][ T93] wb_writeback+0x445/0xb00 [ 147.926668][ T93] ? queue_io+0x281/0x440 [ 147.926701][ T93] ? __pfx_wb_writeback+0x10/0x10 [ 147.926744][ T93] wb_workfn+0x437/0x10f0 [ 147.926801][ T93] ? __pfx_wb_workfn+0x10/0x10 [ 147.926853][ T93] ? do_raw_spin_unlock+0xf5/0x210 [ 147.926890][ T93] ? process_one_work+0x8be/0x1630 [ 147.926915][ T93] ? process_one_work+0x8be/0x1630 [ 147.926951][ T93] ? process_one_work+0x8be/0x1630 [ 147.926972][ T93] process_one_work+0x98b/0x1630 [ 147.927021][ T93] ? __pfx_process_one_work+0x10/0x10 [ 147.927042][ T93] ? do_raw_spin_lock+0x12b/0x2f0 [ 147.927090][ T93] worker_thread+0xb49/0x1140 [ 147.927127][ T93] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 147.927179][ T93] kthread+0x388/0x470 [ 147.927211][ T93] ? __pfx_worker_thread+0x10/0x10 [ 147.927234][ T93] ? __pfx_kthread+0x10/0x10 [ 147.927267][ T93] ret_from_fork+0x514/0xb70 [ 147.927301][ T93] ? __pfx_ret_from_fork+0x10/0x10 [ 147.927328][ T93] ? __switch_to+0xc79/0x1410 [ 147.927350][ T93] ? __pfx_kthread+0x10/0x10 [ 147.927374][ T93] ret_from_fork_asm+0x1a/0x30 [ 147.927415][ T93] [ 147.927608][ T93] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 148.271856][ T93] kworker/u8:5: attempt to access beyond end of device [ 148.271856][ T93] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 148.271935][ T93] CPU: 1 UID: 0 PID: 93 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 148.271961][ T93] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 148.271976][ T93] Workqueue: writeback wb_workfn (flush-7:4) [ 148.272023][ T93] Call Trace: [ 148.272031][ T93] [ 148.272041][ T93] dump_stack_lvl+0xe8/0x150 [ 148.272075][ T93] f2fs_stop_checkpoint+0x3ef/0x5d0 [ 148.272119][ T93] f2fs_write_end_io+0x1274/0x1740 [ 148.272170][ T93] __submit_merged_bio+0x256/0x6a0 [ 148.272208][ T93] ? rcu_is_watching+0x15/0xb0 [ 148.272237][ T93] f2fs_submit_merged_write+0x284/0x390 [ 148.272281][ T93] ? __pfx_f2fs_submit_merged_write+0x10/0x10 [ 148.272332][ T93] ? folio_unlock+0x101/0x160 [ 148.272369][ T93] f2fs_write_single_data_page+0x134e/0x1880 [ 148.272421][ T93] ? __pfx_f2fs_write_single_data_page+0x10/0x10 [ 148.272470][ T93] ? folio_clear_dirty_for_io+0x1d4/0x820 [ 148.272511][ T93] ? folio_clear_dirty_for_io+0x1d4/0x820 [ 148.272547][ T93] ? folio_clear_dirty_for_io+0x649/0x820 [ 148.272590][ T93] f2fs_write_data_pages+0x1a42/0x34f0 [ 148.272669][ T93] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 148.272750][ T93] ? __lock_acquire+0x6b5/0x2d10 [ 148.272813][ T93] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 148.272835][ T93] do_writepages+0x32e/0x550 [ 148.272864][ T93] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 148.272883][ T93] ? reacquire_held_locks+0x104/0x190 [ 148.272901][ T93] ? rt_spin_lock+0x1e0/0x400 [ 148.272927][ T93] __writeback_single_inode+0x133/0x10e0 [ 148.272951][ T93] ? rt_spin_unlock+0x160/0x200 [ 148.272971][ T93] writeback_sb_inodes+0x97f/0x1980 [ 148.273006][ T93] ? lockdep_hardirqs_on+0x7a/0x110 [ 148.273037][ T93] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 148.273090][ T93] ? rcu_is_watching+0x15/0xb0 [ 148.273116][ T93] wb_writeback+0x445/0xb00 [ 148.273139][ T93] ? queue_io+0x281/0x440 [ 148.273167][ T93] ? __pfx_wb_writeback+0x10/0x10 [ 148.273200][ T93] wb_workfn+0x437/0x10f0 [ 148.273243][ T93] ? __pfx_wb_workfn+0x10/0x10 [ 148.273284][ T93] ? do_raw_spin_unlock+0xf5/0x210 [ 148.273312][ T93] ? process_one_work+0x8be/0x1630 [ 148.273331][ T93] ? process_one_work+0x8be/0x1630 [ 148.273359][ T93] ? process_one_work+0x8be/0x1630 [ 148.273375][ T93] process_one_work+0x98b/0x1630 [ 148.273410][ T93] ? __pfx_process_one_work+0x10/0x10 [ 148.273425][ T93] ? do_raw_spin_lock+0x12b/0x2f0 [ 148.273461][ T93] worker_thread+0xb49/0x1140 [ 148.273487][ T93] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 148.273524][ T93] kthread+0x388/0x470 [ 148.273548][ T93] ? __pfx_worker_thread+0x10/0x10 [ 148.273565][ T93] ? __pfx_kthread+0x10/0x10 [ 148.273589][ T93] ret_from_fork+0x514/0xb70 [ 148.273618][ T93] ? __pfx_ret_from_fork+0x10/0x10 [ 148.273653][ T93] ? __switch_to+0xc79/0x1410 [ 148.273679][ T93] ? __pfx_kthread+0x10/0x10 [ 148.273704][ T93] ret_from_fork_asm+0x1a/0x30 [ 148.273748][ T93] [ 148.273782][ T93] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 148.760999][ T10] loop4: lost filesystem error report for type 5 error -108 [ 148.763424][ T10] loop4: lost filesystem error report for type 5 error -108 [ 150.004462][ T6036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.018530][ T6036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.941263][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 151.040870][ T6036] bridge1: left promiscuous mode [ 151.040897][ T6036] bridge1: left allmulticast mode [ 151.056533][ T6058] ipip0: entered promiscuous mode [ 151.089797][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 151.214202][ T10] usb 5-1: config 0 has no interfaces? [ 151.216648][ T10] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 151.216688][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.216703][ T10] usb 5-1: Product: syz [ 151.216715][ T10] usb 5-1: Manufacturer: syz [ 151.216726][ T10] usb 5-1: SerialNumber: syz [ 151.344361][ T10] usb 5-1: config 0 descriptor?? [ 151.443509][ T69] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.466134][ T69] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.479416][ T69] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.479473][ T69] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.586472][ T6082] loop0: detected capacity change from 0 to 4096 [ 151.599653][ T6082] EXT4-fs: inline encryption not supported [ 151.710679][ T6082] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 151.710705][ T6082] EXT4-fs (loop0): Test dummy encryption mode enabled [ 151.745205][ T6076] loop4: detected capacity change from 0 to 1024 [ 151.746386][ T6076] EXT4-fs: Ignoring removed oldalloc option [ 151.746410][ T6076] EXT4-fs: Ignoring removed oldalloc option [ 151.776448][ T6076] EXT4-fs (loop4): stripe (4) is not aligned with cluster size (16), stripe is disabled [ 151.806019][ T6082] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c198, mo2=0003] [ 151.806164][ T6082] System zones: 0-5 [ 151.896927][ T6076] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 151.929408][ T6082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.320475][ T6102] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 153.334683][ T37] audit: type=1800 audit(1781302805.242:3): pid=6102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.88" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 154.339168][ T9] usb 5-1: USB disconnect, device number 2 [ 154.709654][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 154.729695][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 154.739650][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 154.749651][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 154.759688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 154.769669][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 154.779671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 154.789671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 154.799679][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 155.266706][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.329549][ T5616] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.015843][ T6123] netlink: 104 bytes leftover after parsing attributes in process `syz.0.95'. [ 159.717330][ T6151] loop0: detected capacity change from 0 to 512 [ 160.864998][ T6151] EXT4-fs (loop0): 1 truncate cleaned up [ 160.913495][ T6151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.158726][ T6151] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.108: bg 0: block 465: padding at end of block bitmap is not set [ 161.224954][ T6151] EXT4-fs (loop0): Remounting filesystem read-only [ 161.225817][ T6151] EXT4-fs (loop0): error restoring inline_data for inode -- potential data loss! (inode 15, error -30) [ 161.440650][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.687554][ T6175] loop4: detected capacity change from 0 to 256 [ 162.791919][ T6175] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x8f9fe1ed, utbl_chksum : 0xe619d30d) [ 178.910427][ C0] vcan0: j1939_simple_recv: Received already invalidated message [ 182.560968][ T6306] loop4: detected capacity change from 0 to 256 [ 182.670772][ T6306] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 182.756176][ T6306] exFAT-fs (loop4): valid_size(562949953421322) is greater than size(10) [ 191.655750][ T10] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 191.932238][ T10] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 191.932273][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 191.932295][ T10] usb 5-1: config 0 has no interface number 0 [ 191.932343][ T10] usb 5-1: config 0 interface 214 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 191.934969][ T10] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 191.935004][ T10] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 191.935028][ T10] usb 5-1: Manufacturer: syz [ 191.935045][ T10] usb 5-1: SerialNumber: syz [ 192.431211][ T10] usb 5-1: config 0 descriptor?? [ 192.588685][ T6363] loop1: detected capacity change from 0 to 256 [ 192.672226][ T32] usb 5-1: USB disconnect, device number 3 [ 197.097415][ T6397] syz.3.181 uses obsolete (PF_INET,SOCK_PACKET) [ 200.041352][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.041479][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 203.287190][ T6402] loop1: detected capacity change from 0 to 40427 [ 203.297162][ T6402] f2fs: Unknown parameter '0x00000000000000000xffffffffffffffff0xffffffffffffffff' [ 203.362771][ T6407] loop0: detected capacity change from 0 to 32768 [ 203.675835][ T6407] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 204.853864][ T6407] XFS (loop0): Ending clean mount [ 204.894414][ T6407] XFS (loop0): Quotacheck needed: Please wait. [ 205.004755][ T6424] tmpfs: Unsupported parameter 'huge' [ 205.196081][ T6426] netlink: 144 bytes leftover after parsing attributes in process `syz.4.189'. [ 205.345396][ T6431] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 205.615633][ T6407] XFS (loop0): Quotacheck: Done. [ 207.466384][ T37] audit: type=1326 audit(1781302858.907:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.506632][ T37] audit: type=1326 audit(1781302858.973:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.506694][ T37] audit: type=1326 audit(1781302858.973:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.506746][ T37] audit: type=1326 audit(1781302858.973:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.506796][ T37] audit: type=1326 audit(1781302858.973:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.628418][ T37] audit: type=1326 audit(1781302858.973:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.628475][ T37] audit: type=1326 audit(1781302859.000:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.674380][ T37] audit: type=1326 audit(1781302859.130:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.674558][ T37] audit: type=1326 audit(1781302859.130:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 207.683964][ T37] audit: type=1326 audit(1781302859.140:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6449 comm="syz.1.195" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8631cfce59 code=0x7ffc0000 [ 208.011662][ T6450] bridge0: port 3(syz_tun) entered blocking state [ 208.012011][ T6450] bridge0: port 3(syz_tun) entered disabled state [ 208.012909][ T6450] syz_tun: entered allmulticast mode [ 208.065803][ T6450] syz_tun: entered promiscuous mode [ 208.385481][ T6450] bridge0: port 3(syz_tun) entered blocking state [ 208.385722][ T6450] bridge0: port 3(syz_tun) entered forwarding state [ 208.514260][ T32] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 208.710972][ T32] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 208.711028][ T32] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 208.750499][ T32] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 208.750535][ T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.750559][ T32] usb 2-1: Product: syz [ 208.750575][ T32] usb 2-1: Manufacturer: syz [ 208.750592][ T32] usb 2-1: SerialNumber: syz [ 209.086284][ T6450] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 209.861401][ T32] cdc_ncm 2-1:1.0: SET_CRC_MODE failed [ 209.861809][ T32] cdc_ncm 2-1:1.0: SET_NTB_FORMAT failed [ 209.893133][ T32] cdc_ncm 2-1:1.0: bind() failure [ 209.931638][ T32] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 209.931698][ T32] cdc_ncm 2-1:1.1: bind() failure [ 210.036942][ T32] usb 2-1: USB disconnect, device number 3 [ 211.951310][ T6477] loop1: detected capacity change from 0 to 512 [ 212.131461][ T6477] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 212.183470][ T5612] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 212.269307][ T6477] EXT4-fs (loop1): 1 truncate cleaned up [ 212.297987][ T6477] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.777324][ T6483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.204'. [ 213.811050][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.148056][ T6487] overlayfs: failed to clone upperpath [ 221.313419][ T6510] netlink: 20 bytes leftover after parsing attributes in process `syz.0.200'. [ 221.313448][ T6510] netlink: 16 bytes leftover after parsing attributes in process `syz.0.200'. [ 223.567339][ T6523] netlink: 28 bytes leftover after parsing attributes in process `syz.3.217'. [ 223.776903][ T6523] Zero length message leads to an empty skb [ 223.966521][ T6529] loop0: detected capacity change from 0 to 128 [ 224.068917][ T6513] Bluetooth: hci0: command 0x0406 tx timeout [ 224.069294][ T6513] Bluetooth: hci2: command 0x0406 tx timeout [ 224.142073][ T5613] Bluetooth: hci1: command 0x0406 tx timeout [ 224.142115][ T5613] Bluetooth: hci4: command 0x0406 tx timeout [ 224.142137][ T5613] Bluetooth: hci3: command 0x0406 tx timeout [ 227.572270][ T6575] tmpfs: Unsupported parameter 'huge' [ 227.884766][ T5627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 227.952276][ T5627] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 227.955252][ T5627] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 227.980582][ T5627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 227.984300][ T5627] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 228.590918][ T6592] loop0: detected capacity change from 0 to 256 [ 230.322552][ T5624] Bluetooth: hci5: command tx timeout [ 231.957842][ T6619] tmpfs: Unsupported parameter 'huge' [ 232.511818][ T6626] loop0: detected capacity change from 0 to 256 [ 232.515923][ T6626] exfat: Deprecated parameter 'utf8' [ 232.515986][ T6626] exfat: Deprecated parameter 'namecase' [ 232.516016][ T6626] exfat: Deprecated parameter 'utf8' [ 232.560848][ T5624] Bluetooth: hci5: command tx timeout [ 232.814451][ T6626] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 233.546988][ T5737] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 233.709248][ T5737] usb 1-1: Using ep0 maxpacket: 32 [ 233.711929][ T5737] usb 1-1: config 5 has an invalid interface number: 152 but max is 0 [ 233.711962][ T5737] usb 1-1: config 5 has no interface number 0 [ 233.711996][ T5737] usb 1-1: config 5 interface 152 has no altsetting 0 [ 233.715105][ T5737] usb 1-1: New USB device found, idVendor=08ca, idProduct=0024, bcdDevice=6f.cb [ 233.715138][ T5737] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.715161][ T5737] usb 1-1: Product: syz [ 233.715178][ T5737] usb 1-1: Manufacturer: syz [ 233.715196][ T5737] usb 1-1: SerialNumber: syz [ 234.417286][ T5737] aiptek 1-1:5.152: interface has no int in endpoints, but must have minimum 1 [ 234.422292][ T5737] uvcvideo 1-1:5.152: probe with driver uvcvideo failed with error -22 [ 234.497935][ T5737] usb 1-1: USB disconnect, device number 3 [ 234.823677][ T5624] Bluetooth: hci5: command tx timeout [ 235.799224][ T6657] input: syz1 as /devices/virtual/input/input6 [ 236.778657][ T6664] overlayfs: failed to clone upperpath [ 236.823926][ T6666] loop1: detected capacity change from 0 to 512 [ 236.887398][ T6666] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.259: iget: bad i_size value: 38620345925642 [ 236.887441][ T6666] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 236.895245][ C0] EXT4-fs (loop1): initial error at time 1781302886: ext4_orphan_get:1399: inode 15 [ 236.895372][ C0] EXT4-fs (loop1): last error at time 1781302886: ext4_orphan_get:1399: inode 15 [ 237.020569][ T6666] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.259: couldn't read orphan inode 15 (err -117) [ 237.020599][ T6666] loop1: lost filesystem error report for type 5 error -117 [ 237.067802][ T5624] Bluetooth: hci5: command tx timeout [ 237.069648][ T185] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.131018][ T6666] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.462592][ T6681] tmpfs: Unsupported parameter 'huge' [ 238.505262][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.572133][ T6682] loop0: detected capacity change from 0 to 256 [ 238.966953][ T6581] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.967427][ T6581] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.967741][ T6581] bridge_slave_0: entered allmulticast mode [ 238.971667][ T6581] bridge_slave_0: entered promiscuous mode [ 238.977383][ T6581] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.977843][ T6581] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.978152][ T6581] bridge_slave_1: entered allmulticast mode [ 238.982114][ T6581] bridge_slave_1: entered promiscuous mode [ 239.174548][ T6581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.209405][ T6682] FAT-fs (loop0): data area starts beyond volume (274 > 64) [ 239.209433][ T6682] FAT-fs (loop0): Can't find a valid FAT filesystem [ 240.112363][ T6691] loop1: detected capacity change from 0 to 4096 [ 240.271024][ T6691] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.793430][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.005596][ T185] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.460807][ T6581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 242.376628][ T6714] tmpfs: Unsupported parameter 'huge' [ 242.537585][ T185] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.099241][ T6581] team0: Port device team_slave_0 added [ 244.238314][ T6581] team0: Port device team_slave_1 added [ 244.722188][ T185] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.923534][ T6581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 244.923559][ T6581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 244.923581][ T6581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 244.961932][ T6581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 244.961986][ T6581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 244.962041][ T6581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.202950][ T6581] hsr_slave_0: entered promiscuous mode [ 247.254740][ T6581] hsr_slave_1: entered promiscuous mode [ 247.281973][ T6581] debugfs: 'hsr0' already exists in 'hsr' [ 247.282002][ T6581] Cannot create hsr debugfs directory [ 248.982154][ T6751] tmpfs: Unsupported parameter 'huge' [ 251.883598][ T6757] netlink: 32 bytes leftover after parsing attributes in process `syz.0.287'. [ 251.883627][ T6757] tipc: Invalid UDP bearer configuration [ 251.883693][ T6757] tipc: Enabling of bearer rejected, failed to enable media [ 252.546542][ T185] bridge_slave_1: left allmulticast mode [ 252.546809][ T185] bridge_slave_1: left promiscuous mode [ 252.635078][ T185] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.370758][ T185] bridge_slave_0: left allmulticast mode [ 253.370797][ T185] bridge_slave_0: left promiscuous mode [ 253.371083][ T185] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.757342][ T6842] loop1: detected capacity change from 0 to 512 [ 262.759545][ T6842] EXT4-fs: Ignoring removed nomblk_io_submit option [ 262.764218][ T6842] EXT4-fs (loop1): Test dummy encryption mode enabled [ 262.831914][ T6842] EXT4-fs error (device loop1): ext4_iget_extra_inode:5180: inode #15: comm syz.1.315: corrupted in-inode xattr: invalid ea_ino [ 262.831959][ T6842] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 262.833176][ T6842] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.315: couldn't read orphan inode 15 (err -117) [ 262.833214][ T6842] loop1: lost filesystem error report for type 5 error -117 [ 262.846581][ C0] EXT4-fs (loop1): error count since last fsck: 2 [ 262.846610][ C0] EXT4-fs (loop1): initial error at time 1781302910: ext4_iget_extra_inode:5180: inode 15 [ 262.846646][ C0] EXT4-fs (loop1): last error at time 1781302910: ext4_orphan_get:1404 [ 262.962283][ T6842] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 263.012994][ T6842] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 263.152257][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.204984][ T185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 263.291752][ T185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 263.501022][ T185] bond0 (unregistering): Released all slaves [ 266.490639][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.490757][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 271.001513][ T5268] 8021q: adding VLAN 0 to HW filter on device eth1 [ 273.036922][ T6931] loop0: detected capacity change from 0 to 128 [ 273.096447][ T6931] FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 273.096483][ T6931] FAT-fs (loop0): data area starts beyond volume (36 > 6) [ 273.096504][ T6931] FAT-fs (loop0): Can't find a valid FAT filesystem [ 276.975589][ T6958] tmpfs: Unsupported parameter 'huge' [ 277.080593][ T6959] netlink: 144 bytes leftover after parsing attributes in process `syz.2.343'. [ 278.226815][ T6963] overlayfs: missing 'lowerdir' [ 278.874111][ T6581] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 279.136219][ T6581] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 279.245622][ T6581] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 279.593784][ T6581] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 280.255754][ T185] hsr_slave_0: left promiscuous mode [ 280.296913][ T185] hsr_slave_1: left promiscuous mode [ 280.298307][ T185] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 280.339337][ T185] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 280.442426][ T185] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 280.442460][ T185] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 281.780515][ T7012] loop1: detected capacity change from 0 to 4096 [ 282.077501][ T7012] EXT4-fs: inline encryption not supported [ 282.081560][ T7012] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 282.081584][ T7012] EXT4-fs (loop1): Test dummy encryption mode enabled [ 282.203464][ T7012] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c198, mo2=0003] [ 282.203612][ T7012] System zones: 0-5 [ 282.279101][ T185] veth1_macvtap: left promiscuous mode [ 282.405324][ T185] veth0_macvtap: left promiscuous mode [ 282.424210][ T7012] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.427901][ T185] veth1_vlan: left promiscuous mode [ 284.428346][ T185] veth0_vlan: left promiscuous mode [ 284.567030][ T37] kauditd_printk_skb: 136 callbacks suppressed [ 284.567109][ T37] audit: type=1800 audit(1781302930.027:150): pid=7023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.356" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 285.230328][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.038697][ T7035] loop0: detected capacity change from 0 to 1024 [ 287.345867][ T7052] overlayfs: missing 'lowerdir' [ 287.764202][ T37] audit: type=1800 audit(1781302932.935:151): pid=7053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.362" name="file0" dev="loop0" ino=26 res=0 errno=0 [ 290.049914][ T7069] loop0: detected capacity change from 0 to 4096 [ 290.051080][ T7069] EXT4-fs: inline encryption not supported [ 290.052792][ T7069] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 290.052812][ T7069] EXT4-fs (loop0): Test dummy encryption mode enabled [ 290.142854][ T7069] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c198, mo2=0003] [ 290.206129][ T7069] System zones: 0-5 [ 290.396074][ T7069] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.417691][ T185] team0 (unregistering): Port device team_slave_1 removed [ 290.739743][ T185] team0 (unregistering): Port device team_slave_0 removed [ 291.464549][ T37] audit: type=1800 audit(1781302936.471:152): pid=7079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.369" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 292.638211][ T6581] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 292.778208][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.989701][ T6581] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 293.067394][ T5268] 8021q: adding VLAN 0 to HW filter on device eth2 [ 293.681775][ T7094] loop0: detected capacity change from 0 to 8 [ 293.724060][ T7094] SQUASHFS error: xz decompression failed, data probably corrupt [ 293.724112][ T7094] SQUASHFS error: Failed to read block 0x108: -5 [ 293.724136][ T7094] SQUASHFS error: Unable to read metadata cache entry [106] [ 293.724163][ T7094] SQUASHFS error: Unable to read inode 0x11f [ 294.682631][ T5627] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 294.858856][ T5627] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 294.922518][ T5627] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 295.222574][ T5627] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 295.266638][ T5627] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 296.180767][ T7129] loop1: detected capacity change from 0 to 4096 [ 296.198282][ T7129] EXT4-fs: inline encryption not supported [ 296.510174][ T7129] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 296.510202][ T7129] EXT4-fs (loop1): Test dummy encryption mode enabled [ 296.714214][ T7129] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c198, mo2=0003] [ 296.714368][ T7129] System zones: 0-5 [ 296.747413][ T7129] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 297.159695][ T37] audit: type=1800 audit(1781302941.760:153): pid=7141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.383" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 297.553991][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.726818][ T5624] Bluetooth: hci1: command tx timeout [ 297.795709][ T5268] 8021q: adding VLAN 0 to HW filter on device eth3 [ 300.008376][ T5624] Bluetooth: hci1: command tx timeout [ 301.300697][ T5268] 8021q: adding VLAN 0 to HW filter on device eth4 [ 302.231540][ T5624] Bluetooth: hci1: command tx timeout [ 305.908505][ T5624] Bluetooth: hci1: command tx timeout [ 308.529998][ T7232] loop1: detected capacity change from 0 to 4096 [ 308.893149][ T7232] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.020552][ T7241] loop0: detected capacity change from 0 to 256 [ 309.091811][ T7241] FAT-fs (loop0): data area starts beyond volume (274 > 64) [ 309.091844][ T7241] FAT-fs (loop0): Can't find a valid FAT filesystem [ 309.586574][ T7097] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.587245][ T7097] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.591580][ T7097] bridge_slave_0: entered allmulticast mode [ 309.609965][ T7097] bridge_slave_0: entered promiscuous mode [ 309.650019][ T7097] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.650268][ T7097] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.650530][ T7097] bridge_slave_1: entered allmulticast mode [ 310.333123][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.368559][ T7097] bridge_slave_1: entered promiscuous mode [ 310.661134][ T7097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.687686][ T7097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.929394][ T7269] loop0: detected capacity change from 0 to 8 [ 313.952466][ T7269] SQUASHFS error: xz decompression failed, data probably corrupt [ 313.952503][ T7269] SQUASHFS error: Failed to read block 0x108: -5 [ 313.952524][ T7269] SQUASHFS error: Unable to read metadata cache entry [106] [ 313.952542][ T7269] SQUASHFS error: Unable to read inode 0x11f [ 314.629641][ T7276] netlink: 144 bytes leftover after parsing attributes in process `syz.2.416'. [ 317.261705][ T7097] team0: Port device team_slave_0 added [ 317.290205][ T7290] loop1: detected capacity change from 0 to 1024 [ 317.352003][ T7097] team0: Port device team_slave_1 added [ 317.837886][ T7097] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 317.837904][ T7097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 317.837928][ T7097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 317.848524][ T7097] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 317.848551][ T7097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 317.848584][ T7097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 318.101163][ T37] audit: type=1800 audit(1781302961.037:154): pid=7308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.421" name="file0" dev="loop1" ino=26 res=0 errno=0 [ 323.427551][ T7097] hsr_slave_0: entered promiscuous mode [ 323.436157][ T7097] hsr_slave_1: entered promiscuous mode [ 323.443361][ T7097] debugfs: 'hsr0' already exists in 'hsr' [ 323.443472][ T7097] Cannot create hsr debugfs directory [ 323.653345][ T7345] loop1: detected capacity change from 0 to 1024 [ 324.230592][ T37] audit: type=1800 audit(1781302966.752:155): pid=7354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.437" name="file0" dev="loop1" ino=26 res=0 errno=0 [ 329.168475][ T7380] loop0: detected capacity change from 0 to 32768 [ 329.373220][ T7380] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 329.729849][ T7380] XFS (loop0): Ending clean mount [ 329.975308][ T7380] XFS (loop0): Quotacheck needed: Please wait. [ 332.078665][ T7432] loop1: detected capacity change from 0 to 4096 [ 332.431046][ T7380] XFS (loop0): Quotacheck: Done. [ 332.515736][ T7432] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 332.571546][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 332.571642][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 332.837549][ T185] bridge_slave_1: left allmulticast mode [ 332.837589][ T185] bridge_slave_1: left promiscuous mode [ 332.837873][ T185] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.888837][ T5612] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 332.927182][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.166890][ T185] bridge_slave_0: left allmulticast mode [ 334.166961][ T185] bridge_slave_0: left promiscuous mode [ 334.167509][ T185] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.661908][ T7487] loop1: detected capacity change from 0 to 4096 [ 339.717156][ T7487] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 340.605221][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 340.896841][ T7504] loop1: detected capacity change from 0 to 1024 [ 342.141506][ T185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 342.152350][ T37] audit: type=1800 audit(1781302983.295:156): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.472" name="file0" dev="loop1" ino=26 res=0 errno=0 [ 342.299537][ T185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 342.369993][ T185] bond0 (unregistering): Released all slaves [ 347.172924][ T7542] loop1: detected capacity change from 0 to 4096 [ 347.206527][ T7542] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 347.904044][ T7545] loop0: detected capacity change from 0 to 2048 [ 348.080174][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.373672][ T7545] loop0: p1 p2 < > p3 < p5 p6 > p4 [ 348.373701][ T7545] loop0: partition table partially beyond EOD, truncated [ 348.521892][ T7545] loop0: p1 size 196608 extends beyond EOD, truncated [ 348.568589][ T7545] loop0: p2 start 4278190080 is beyond EOD, truncated [ 348.693140][ T7545] loop0: p4 size 8192 extends beyond EOD, truncated [ 348.742628][ T7545] loop0: p5 size 196608 extends beyond EOD, truncated [ 348.787131][ T7545] loop0: p6 size 8192 extends beyond EOD, truncated [ 350.097688][ T185] hsr_slave_0: left promiscuous mode [ 350.335858][ T185] hsr_slave_1: left promiscuous mode [ 350.337243][ T185] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 351.518547][ T7581] loop0: detected capacity change from 0 to 512 [ 351.971338][ T185] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 352.269857][ T6969] udevd[6969]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 352.304904][ T7100] udevd[7100]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 352.370014][ T7584] udevd[7584]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 352.455134][ T7586] udevd[7586]: inotify_add_watch(7, /dev/loop0p5, 10) failed: No such file or directory [ 352.473008][ T7588] udevd[7588]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory [ 352.740196][ T185] team0 (unregistering): Port device team_slave_1 removed [ 352.810149][ T185] team0 (unregistering): Port device team_slave_0 removed [ 353.122634][ T5268] 8021q: adding VLAN 0 to HW filter on device eth5 [ 353.166236][ T7596] loop0: detected capacity change from 0 to 256 [ 353.249403][ T7596] exfat: Deprecated parameter 'namecase' [ 353.565108][ T7596] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 354.124506][ T7610] loop1: detected capacity change from 0 to 2048 [ 354.229135][ T7610] loop1: p1 p2 < > p3 < p5 p6 > p4 [ 354.229166][ T7610] loop1: partition table partially beyond EOD, truncated [ 354.229426][ T7610] loop1: p1 size 196608 extends beyond EOD, truncated [ 354.256127][ T7610] loop1: p2 start 4278190080 is beyond EOD, truncated [ 354.258927][ T7610] loop1: p4 size 8192 extends beyond EOD, truncated [ 354.261279][ T7610] loop1: p5 size 196608 extends beyond EOD, truncated [ 354.263637][ T7610] loop1: p6 size 8192 extends beyond EOD, truncated [ 355.467045][ T6974] udevd[6974]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 355.508918][ T7100] udevd[7100]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 355.565892][ T6969] udevd[6969]: inotify_add_watch(7, /dev/loop1p6, 10) failed: No such file or directory [ 355.581880][ T7584] udevd[7584]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 355.615570][ T7586] udevd[7586]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 361.770816][ T5627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 361.855386][ T5627] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 361.881913][ T5627] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 361.931667][ T5627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 361.932565][ T5627] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 365.387712][ T7696] loop1: detected capacity change from 0 to 512 [ 365.394599][ T7696] EXT4-fs: inline encryption not supported [ 365.465759][ T5627] Bluetooth: hci5: command tx timeout [ 366.145683][ T7696] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.515: invalid indirect mapped block 256 (level 2) [ 366.145730][ T7696] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 366.160816][ C1] EXT4-fs (loop1): initial error at time 1781303005: ext4_free_branches:1023: inode 11 [ 366.160868][ C1] EXT4-fs (loop1): last error at time 1781303005: ext4_free_branches:1023: inode 11 [ 366.556663][ T7696] EXT4-fs (loop1): 2 truncates cleaned up [ 367.571716][ T7696] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 367.714051][ T7718] fuse: fd is not a fuse device [ 367.714159][ T5627] Bluetooth: hci5: command tx timeout [ 367.814364][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 370.281125][ T5627] Bluetooth: hci5: command tx timeout [ 371.707594][ T7774] loop1: detected capacity change from 0 to 1024 [ 371.715658][ T7774] ext3: Unknown parameter 'noacl' [ 371.762471][ T7775] loop0: detected capacity change from 0 to 1024 [ 372.143777][ T7778] IPVS: set_ctl: invalid protocol: 43 172.20.20.1:20000 [ 372.741469][ T7779] netlink: 20 bytes leftover after parsing attributes in process `syz.1.534'. [ 373.616384][ T5627] Bluetooth: hci5: command tx timeout [ 374.164981][ T37] audit: type=1800 audit(1781303012.718:157): pid=7775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.535" name="file0" dev="loop0" ino=26 res=0 errno=0 [ 375.035552][ T185] bridge_slave_1: left allmulticast mode [ 375.035593][ T185] bridge_slave_1: left promiscuous mode [ 375.036000][ T185] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.230713][ T185] bridge_slave_0: left allmulticast mode [ 375.230752][ T185] bridge_slave_0: left promiscuous mode [ 375.231036][ T185] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.659373][ T7797] loop0: detected capacity change from 0 to 40427 [ 377.710561][ T7797] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 377.710598][ T7797] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 377.813671][ T7797] F2FS-fs (loop0): invalid crc value [ 378.190407][ T7797] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 379.234183][ T7797] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 379.234224][ T7797] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 382.695942][ T185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 382.804841][ T185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 382.887809][ T185] bond0 (unregistering): Released all slaves [ 382.935726][ T7817] veth0: entered promiscuous mode [ 383.173992][ T7812] veth0: left promiscuous mode [ 384.469116][ T185] hsr_slave_0: left promiscuous mode [ 384.571985][ T185] hsr_slave_1: left promiscuous mode [ 384.573145][ T185] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 384.657332][ T185] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 384.748717][ T57] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 384.939292][ T57] usb 2-1: unable to get BOS descriptor or descriptor too short [ 384.940107][ T57] usb 2-1: not running at top speed; connect to a high speed hub [ 384.945730][ T57] usb 2-1: config 129 has an invalid interface number: 48 but max is 0 [ 384.945762][ T57] usb 2-1: config 129 has no interface number 0 [ 384.945815][ T57] usb 2-1: config 129 interface 48 has no altsetting 0 [ 384.989926][ T57] usb 2-1: New USB device found, idVendor=0952, idProduct=f144, bcdDevice=c0.7c [ 384.989963][ T57] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.989987][ T57] usb 2-1: Product: syz [ 384.990003][ T57] usb 2-1: Manufacturer: syz [ 384.990020][ T57] usb 2-1: SerialNumber: syz [ 385.473379][ T57] usb 2-1: USB disconnect, device number 4 [ 390.165538][ T185] team0 (unregistering): Port device team_slave_1 removed [ 390.221677][ T185] team0 (unregistering): Port device team_slave_0 removed [ 392.485559][ T7918] loop1: detected capacity change from 0 to 2048 [ 392.748962][ T7918] loop1: p1 p2 < > p3 < p5 p6 > p4 [ 392.748994][ T7918] loop1: partition table partially beyond EOD, truncated [ 392.749384][ T7918] loop1: p1 size 196608 extends beyond EOD, truncated [ 392.832397][ T7685] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.832811][ T7685] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.834798][ T7685] bridge_slave_0: entered allmulticast mode [ 392.838892][ T7685] bridge_slave_0: entered promiscuous mode [ 392.874271][ T7685] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.875934][ T7685] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.876239][ T7685] bridge_slave_1: entered allmulticast mode [ 392.908645][ T7685] bridge_slave_1: entered promiscuous mode [ 392.922378][ T7918] loop1: p2 start 4278190080 is beyond EOD, truncated [ 392.955467][ T7918] loop1: p4 size 8192 extends beyond EOD, truncated [ 393.027873][ T7918] loop1: p5 size 196608 extends beyond EOD, truncated [ 393.042488][ T7918] loop1: p6 size 8192 extends beyond EOD, truncated [ 393.185995][ T7685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 393.209563][ T7685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 393.373139][ T7685] team0: Port device team_slave_0 added [ 393.377099][ T7854] udevd[7854]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 393.403496][ T7685] team0: Port device team_slave_1 added [ 393.500258][ T7928] udevd[7928]: inotify_add_watch(7, /dev/loop1p6, 10) failed: No such file or directory [ 393.519535][ T7858] udevd[7858]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 393.569258][ T7874] udevd[7874]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 393.572420][ T7857] udevd[7857]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 394.043649][ T7685] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 394.043669][ T7685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 394.043701][ T7685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 394.100944][ T7685] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 394.100963][ T7685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 394.100996][ T7685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 395.368292][ T7685] hsr_slave_0: entered promiscuous mode [ 395.371702][ T7685] hsr_slave_1: entered promiscuous mode [ 395.373861][ T7685] debugfs: 'hsr0' already exists in 'hsr' [ 395.373888][ T7685] Cannot create hsr debugfs directory [ 399.219513][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 399.219633][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 400.505605][ T7685] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 400.908301][ T7685] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 400.927676][ T7685] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 401.032581][ T7685] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 401.034537][ T7685] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 401.118265][ T7973] loop0: detected capacity change from 0 to 1024 [ 401.149025][ T7685] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 401.159585][ T7685] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 402.386884][ T37] audit: type=1800 audit(1781303038.909:158): pid=7973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.579" name="file0" dev="loop0" ino=26 res=0 errno=0 [ 402.819889][ T7685] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 407.270211][ T7685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.438245][ T7685] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.535567][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.555173][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.650085][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.650274][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 416.744996][ T7685] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 419.029433][ T7685] veth0_vlan: entered promiscuous mode [ 419.078908][ T7685] veth1_vlan: entered promiscuous mode [ 419.567612][ T8094] loop1: detected capacity change from 0 to 32768 [ 419.660530][ T8094] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 419.740397][ T7685] veth0_macvtap: entered promiscuous mode [ 419.815303][ T7685] veth1_macvtap: entered promiscuous mode [ 419.817669][ T8094] XFS (loop1): Ending clean mount [ 419.846872][ T8094] XFS (loop1): Quotacheck needed: Please wait. [ 421.616508][ T7685] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 421.936300][ T7685] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 421.978209][ T8108] netlink: 84 bytes leftover after parsing attributes in process `syz.2.609'. [ 422.218031][ T8094] XFS (loop1): Quotacheck: Done. [ 422.441732][ T69] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.463837][ T69] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.513721][ T69] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.513884][ T69] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.743715][ T185] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 423.743737][ T185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 423.796848][ T8122] overlayfs: failed to clone upperpath [ 424.261795][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 424.261817][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 424.466275][ T5621] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 426.253689][ T8141] loop0: detected capacity change from 0 to 256 [ 426.455509][ T8141] FAT-fs (loop0): data area starts beyond volume (274 > 64) [ 426.455552][ T8141] FAT-fs (loop0): Can't find a valid FAT filesystem [ 427.201169][ T8147] loop1: detected capacity change from 0 to 1024 [ 427.486665][ T8147] ext3: Unknown parameter 'noacl' [ 428.701251][ T5624] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 428.764350][ T5624] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 428.784477][ T5624] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 428.806795][ T8155] IPVS: set_ctl: invalid protocol: 43 172.20.20.1:20000 [ 429.299816][ T8156] loop1: detected capacity change from 0 to 128 [ 429.331504][ T8156] netlink: 20 bytes leftover after parsing attributes in process `syz.1.613'. [ 429.828624][ T5624] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 429.836591][ T5624] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 432.049728][ T5624] Bluetooth: hci1: command tx timeout [ 434.255657][ T8193] loop1: detected capacity change from 0 to 512 [ 434.303539][ T5624] Bluetooth: hci1: command tx timeout [ 434.454401][ T8193] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 434.882485][ T8193] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 434.882695][ T8193] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 434.882718][ T8193] EXT4-fs error (device loop1): ext4_acquire_dquot:7041: comm syz.1.632: Failed to acquire dquot type 1 [ 434.882743][ T8193] loop1: lost filesystem error report for type 5 error -117 [ 434.888706][ T8199] loop0: detected capacity change from 0 to 32768 [ 434.889483][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 434.889504][ C0] EXT4-fs (loop1): last error at time 1781303068: ext4_acquire_dquot:7041 [ 435.032375][ T8199] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 435.133564][ T8199] XFS (loop0): Ending clean mount [ 435.158902][ T8199] XFS (loop0): Quotacheck needed: Please wait. [ 435.247210][ T8193] EXT4-fs (loop1): 1 truncate cleaned up [ 435.265696][ T8193] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 435.488351][ T8193] EXT4-fs: Cannot change journaled quota options when quota turned on [ 436.733247][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 436.733448][ T5624] Bluetooth: hci1: command tx timeout [ 437.617452][ T8199] XFS (loop0): Quotacheck: Done. [ 439.587745][ T5624] Bluetooth: hci1: command tx timeout [ 441.985937][ T5612] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 442.123486][ T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.850952][ T8270] netlink: 20 bytes leftover after parsing attributes in process `syz.3.651'. [ 444.121154][ T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.659896][ T5817] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 444.828538][ T5817] usb 2-1: Using ep0 maxpacket: 32 [ 444.849345][ T5817] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 444.849373][ T5817] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 444.849404][ T5817] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 444.849423][ T5817] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.938049][ T5817] usb 2-1: config 0 descriptor?? [ 444.984997][ T5817] hub 2-1:0.0: USB hub found [ 446.715597][ T5817] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 446.929853][ T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.960699][ T8296] loop0: detected capacity change from 0 to 256 [ 446.968339][ T8296] FAT-fs (loop0): data area starts beyond volume (274 > 64) [ 446.968378][ T8296] FAT-fs (loop0): Can't find a valid FAT filesystem [ 447.696545][ T5817] hid-generic 0003:046D:C31C.0001: item fetching failed at offset 0/1 [ 447.703344][ T5817] hid-generic 0003:046D:C31C.0001: probe with driver hid-generic failed with error -22 [ 447.874856][ T8309] netlink: 20 bytes leftover after parsing attributes in process `syz.2.661'. [ 447.901610][ T5817] usb 2-1: USB disconnect, device number 5 [ 447.928866][ T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.942358][ T8327] loop0: detected capacity change from 0 to 8192 [ 450.035709][ T8327] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 451.793678][ T8329] loop1: detected capacity change from 0 to 40427 [ 451.841476][ T8329] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 451.841506][ T8329] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 451.847159][ T8341] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 452.536487][ T8329] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 453.861541][ T8374] loop0: detected capacity change from 0 to 256 [ 453.871313][ T8374] FAT-fs (loop0): data area starts beyond volume (274 > 64) [ 453.871400][ T8374] FAT-fs (loop0): Can't find a valid FAT filesystem [ 455.072720][ T8394] netlink: 44 bytes leftover after parsing attributes in process `syz.0.679'. [ 455.352578][ T13] bridge_slave_1: left allmulticast mode [ 455.352622][ T13] bridge_slave_1: left promiscuous mode [ 455.353166][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.549999][ T13] bridge_slave_0: left allmulticast mode [ 455.550037][ T13] bridge_slave_0: left promiscuous mode [ 455.550319][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.554897][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 459.720692][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 459.763624][ T13] bond0 (unregistering): Released all slaves [ 459.867531][ T5268] 8021q: adding VLAN 0 to HW filter on device eth5 [ 459.992020][ T8399] netlink: 224 bytes leftover after parsing attributes in process `syz.1.681'. [ 461.297110][ T8143] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.297814][ T8143] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.298156][ T8143] bridge_slave_0: entered allmulticast mode [ 461.302020][ T8143] bridge_slave_0: entered promiscuous mode [ 461.892223][ T8143] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.892848][ T8143] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.906000][ T8143] bridge_slave_1: entered allmulticast mode [ 461.934607][ T8143] bridge_slave_1: entered promiscuous mode [ 462.676229][ T8143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.707570][ T8143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 464.235337][ T8460] loop1: detected capacity change from 0 to 256 [ 464.245367][ T8460] FAT-fs (loop1): data area starts beyond volume (274 > 64) [ 464.245399][ T8460] FAT-fs (loop1): Can't find a valid FAT filesystem [ 465.399713][ T8143] team0: Port device team_slave_0 added [ 465.415573][ T8476] netlink: 204 bytes leftover after parsing attributes in process `syz.2.703'. [ 465.453230][ T8143] team0: Port device team_slave_1 added [ 465.680305][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 465.680421][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 465.774255][ T8143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 465.774276][ T8143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 465.774309][ T8143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 465.874219][ T8143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 465.874238][ T8143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 465.874271][ T8143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 466.209971][ T8496] netlink: 'syz.1.705': attribute type 3 has an invalid length. [ 467.160749][ T5268] 8021q: adding VLAN 0 to HW filter on device eth6 [ 468.290574][ T8143] hsr_slave_0: entered promiscuous mode [ 468.304153][ T8143] hsr_slave_1: entered promiscuous mode [ 468.313849][ T8143] debugfs: 'hsr0' already exists in 'hsr' [ 468.313879][ T8143] Cannot create hsr debugfs directory [ 469.008618][ T8521] netlink: 204 bytes leftover after parsing attributes in process `syz.0.715'. [ 469.185813][ T13] hsr_slave_0: left promiscuous mode [ 469.227880][ T13] hsr_slave_1: left promiscuous mode [ 469.230123][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 469.230154][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 469.294816][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.294848][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 469.402365][ T13] veth1_macvtap: left promiscuous mode [ 469.402476][ T13] veth0_macvtap: left promiscuous mode [ 469.402783][ T13] veth1_vlan: left promiscuous mode [ 469.407298][ T13] veth0_vlan: left promiscuous mode [ 470.873716][ T8546] loop1: detected capacity change from 0 to 1024 [ 470.881200][ T8546] ext3: Unknown parameter 'noacl' [ 471.264337][ T8547] IPVS: set_ctl: invalid protocol: 43 172.20.20.1:20000 [ 471.758227][ T8548] loop1: detected capacity change from 0 to 128 [ 471.839842][ T8548] netlink: 20 bytes leftover after parsing attributes in process `syz.1.726'. [ 473.675815][ T8559] loop1: detected capacity change from 0 to 128 [ 473.689997][ T8559] EXT4-fs: inline encryption not supported [ 473.792535][ T8559] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 473.796331][ T8559] ext4 filesystem being mounted at /133/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 474.051732][ T5621] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 474.266399][ T8569] loop1: detected capacity change from 0 to 256 [ 474.276846][ T8569] FAT-fs (loop1): data area starts beyond volume (274 > 64) [ 474.276876][ T8569] FAT-fs (loop1): Can't find a valid FAT filesystem [ 474.882217][ T13] team0 (unregistering): Port device team_slave_1 removed [ 474.950825][ T13] team0 (unregistering): Port device team_slave_0 removed [ 475.538482][ T8542] netlink: 204 bytes leftover after parsing attributes in process `syz.0.725'. [ 481.695812][ T5268] 8021q: adding VLAN 0 to HW filter on device eth7 [ 481.802884][ T8616] loop0: detected capacity change from 0 to 256 [ 481.808365][ T8616] FAT-fs (loop0): data area starts beyond volume (274 > 64) [ 481.808413][ T8616] FAT-fs (loop0): Can't find a valid FAT filesystem [ 482.583288][ T8622] netlink: 204 bytes leftover after parsing attributes in process `syz.3.746'. [ 482.595619][ T8618] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.953969][ T8657] netlink: 204 bytes leftover after parsing attributes in process `syz.0.757'. [ 486.605362][ T8700] loop0: detected capacity change from 0 to 512 [ 486.857668][ T8700] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 486.857841][ T8700] ext4 filesystem being mounted at /160/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 487.167274][ T8681] loop1: detected capacity change from 0 to 40427 [ 487.284335][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 488.833402][ T8737] loop1: detected capacity change from 0 to 256 [ 488.840135][ T8737] FAT-fs (loop1): data area starts beyond volume (274 > 64) [ 488.840168][ T8737] FAT-fs (loop1): Can't find a valid FAT filesystem [ 489.676675][ T8143] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 489.739114][ T8143] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 489.783607][ T8143] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 489.922167][ T8143] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 489.925289][ T8143] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 490.056405][ T8143] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 490.089328][ T8143] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 490.301342][ T8143] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 490.735705][ T8769] netlink: 204 bytes leftover after parsing attributes in process `syz.2.780'. [ 495.314416][ T5627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 495.384474][ T5627] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 495.406217][ T5627] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 495.412493][ T5627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 495.414452][ T5627] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 497.138722][ T8833] netlink: 204 bytes leftover after parsing attributes in process `syz.0.792'. [ 500.928054][ T5624] Bluetooth: hci5: command tx timeout [ 503.111081][ T5624] Bluetooth: hci5: command tx timeout [ 504.507584][ T1397] kworker/u8:12 (1397) used greatest stack depth: 18904 bytes left [ 506.277089][ T5624] Bluetooth: hci5: command tx timeout [ 507.451770][ T8900] loop1: detected capacity change from 0 to 512 [ 507.528445][ T8885] netlink: 204 bytes leftover after parsing attributes in process `syz.0.804'. [ 507.644140][ T8900] EXT4-fs (loop1): 1 truncate cleaned up [ 507.677720][ T8900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 507.722903][ T8907] tmpfs: Unsupported parameter 'huge' [ 510.987717][ T5624] Bluetooth: hci5: command tx timeout [ 512.508505][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 514.092867][ T8808] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.093317][ T8808] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.094026][ T8808] bridge_slave_0: entered allmulticast mode [ 514.097939][ T8808] bridge_slave_0: entered promiscuous mode [ 514.130373][ T8808] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.130824][ T8808] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.131727][ T8808] bridge_slave_1: entered allmulticast mode [ 514.156420][ T8808] bridge_slave_1: entered promiscuous mode [ 514.258302][ T8808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 514.276537][ T8808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 514.347856][ T8808] team0: Port device team_slave_0 added [ 514.360503][ T8808] team0: Port device team_slave_1 added [ 514.427178][ T8808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 514.427198][ T8808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 514.427230][ T8808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 514.476323][ T8808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 514.476342][ T8808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 514.476374][ T8808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 514.612313][ T8808] hsr_slave_0: entered promiscuous mode [ 514.614959][ T8808] hsr_slave_1: entered promiscuous mode [ 514.617448][ T8808] debugfs: 'hsr0' already exists in 'hsr' [ 514.617475][ T8808] Cannot create hsr debugfs directory [ 516.431852][ T5817] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 517.180700][ T8971] loop1: detected capacity change from 0 to 256 [ 517.206612][ T8971] FAT-fs (loop1): data area starts beyond volume (274 > 64) [ 517.206651][ T8971] FAT-fs (loop1): Can't find a valid FAT filesystem [ 521.329662][ T8995] Illegal XDP return value 4294967274 on prog (id 67) dev syz_tun, expect packet loss! [ 524.045181][ T9015] loop1: detected capacity change from 0 to 512 [ 524.134385][ T9015] EXT4-fs: Ignoring removed orlov option [ 524.144278][ T9015] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 524.170396][ T9015] EXT4-fs error (device loop1): ext4_iget_extra_inode:5180: inode #17: comm syz.1.840: corrupted in-inode xattr: invalid ea_ino [ 524.170435][ T9015] loop1: lost file I/O error report for ino 17 type 5 pos 0x0 len 0x0 error -117 [ 524.186149][ T9015] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.840: couldn't read orphan inode 17 (err -117) [ 524.186189][ T9015] loop1: lost filesystem error report for type 5 error -117 [ 524.196589][ T9015] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 524.770950][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 524.956581][ T9024] loop0: detected capacity change from 0 to 256 [ 526.902623][ T9047] loop0: detected capacity change from 0 to 512 [ 526.936428][ T9047] EXT4-fs (loop0): Test dummy encryption mode enabled [ 527.108107][ T9047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 527.630851][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 528.513268][ T9074] loop0: detected capacity change from 0 to 256 [ 532.962671][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 532.962789][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 533.298221][ T176] bridge_slave_1: left allmulticast mode [ 533.298261][ T176] bridge_slave_1: left promiscuous mode [ 533.326007][ T176] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.673434][ T176] bridge_slave_0: left allmulticast mode [ 535.673474][ T176] bridge_slave_0: left promiscuous mode [ 535.673763][ T176] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.074306][ T9118] loop1: detected capacity change from 0 to 256 [ 538.259113][ T176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 538.400208][ T176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 538.426016][ T9122] loop1: detected capacity change from 0 to 4096 [ 538.428645][ T9122] EXT4-fs: inline encryption not supported [ 538.439537][ T9122] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 538.439610][ T9122] EXT4-fs (loop1): Test dummy encryption mode enabled [ 538.500630][ T176] bond0 (unregistering): Released all slaves [ 538.514755][ T9122] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c198, mo2=0003] [ 538.514870][ T9122] System zones: 0-5 [ 538.535561][ T9122] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 538.610436][ T9081] netlink: 224 bytes leftover after parsing attributes in process `syz.0.861'. [ 538.684400][ T5268] 8021q: adding VLAN 0 to HW filter on device eth5 [ 539.002739][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.980450][ T176] hsr_slave_0: left promiscuous mode [ 540.023759][ T176] hsr_slave_1: left promiscuous mode [ 540.024734][ T176] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 541.142895][ T176] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 541.238459][ T9157] loop0: detected capacity change from 0 to 512 [ 541.289613][ T9157] EXT4-fs (loop0): 1 truncate cleaned up [ 541.304701][ T9157] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 545.140184][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 545.177963][ T176] team0 (unregistering): Port device team_slave_1 removed [ 545.234666][ T176] team0 (unregistering): Port device team_slave_0 removed [ 545.880057][ T9174] loop1: detected capacity change from 0 to 256 [ 547.593272][ T9203] loop0: detected capacity change from 0 to 512 [ 547.761523][ T9203] EXT4-fs (loop0): 1 truncate cleaned up [ 547.767968][ T9203] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 556.981624][ T9227] loop1: detected capacity change from 0 to 512 [ 557.001901][ T9227] EXT4-fs (loop1): Test dummy encryption mode enabled [ 557.001927][ T9227] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 557.777518][ T9227] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.900: invalid indirect mapped block 32768 (level 2) [ 557.777566][ T9227] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 557.804346][ C0] EXT4-fs (loop1): initial error at time 1781303182: ext4_free_branches:1023: inode 16 [ 557.805519][ C0] EXT4-fs (loop1): last error at time 1781303182: ext4_free_branches:1023: inode 16 [ 558.054033][ T9227] EXT4-fs (loop1): 1 orphan inode deleted [ 558.054065][ T9227] EXT4-fs (loop1): 1 truncate cleaned up [ 558.075276][ T9227] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 558.109653][ T9227] EXT4-fs error (device loop1): ext4_inlinedir_to_tree:1332: inode #12: block 7: comm syz.1.900: path /174/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 558.399733][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 558.528335][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 558.656017][ T9234] loop0: detected capacity change from 0 to 512 [ 561.691730][ T5624] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 561.752326][ T5624] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 561.794665][ T5624] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 561.904780][ T5624] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 561.909977][ T5624] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 564.377367][ T5627] Bluetooth: hci1: command tx timeout [ 566.736688][ T5627] Bluetooth: hci1: command tx timeout [ 568.982942][ T5627] Bluetooth: hci1: command tx timeout [ 569.311278][ T9306] netlink: 48 bytes leftover after parsing attributes in process `syz.1.918'. [ 569.311309][ T9306] netlink: 152 bytes leftover after parsing attributes in process `syz.1.918'. [ 569.849349][ T9322] loop0: detected capacity change from 0 to 256 [ 571.209242][ T5627] Bluetooth: hci1: command tx timeout [ 572.532314][ T9338] loop1: detected capacity change from 0 to 16 [ 572.550705][ T9338] erofs (device loop1): mounted with root inode @ nid 36. [ 572.603357][ T9338] erofs (device loop1): not enough plain data on disk @ la 0 of nid 89 [ 572.603504][ T9338] erofs (device loop1): readahead error at folio 2 @ nid 89 [ 572.603873][ T9338] erofs (device loop1): not enough plain data on disk @ la 0 of nid 89 [ 572.603953][ T9338] erofs (device loop1): readahead error at folio 1 @ nid 89 [ 573.641807][ T9338] erofs (device loop1): not enough plain data on disk @ la 0 of nid 89 [ 573.641843][ T9338] erofs (device loop1): not enough plain data on disk @ la 0 of nid 89 [ 573.641865][ T9338] erofs (device loop1): read error -117 @ 1 of nid 89 [ 573.642237][ T37] audit: type=1800 audit(1781303197.007:159): pid=9338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.926" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 583.276801][ T43] bridge_slave_1: left allmulticast mode [ 583.276840][ T43] bridge_slave_1: left promiscuous mode [ 583.277292][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 583.450279][ T43] bridge_slave_0: left allmulticast mode [ 583.450309][ T43] bridge_slave_0: left promiscuous mode [ 583.450554][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 583.803770][ T9398] input: syz1 as /devices/virtual/input/input8 [ 584.196690][ T37] audit: type=1326 audit(1781303206.728:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.939" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59700bce59 code=0x7ffc0000 [ 584.197091][ T37] audit: type=1326 audit(1781303206.728:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.939" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59700bce59 code=0x7ffc0000 [ 584.197387][ T37] audit: type=1326 audit(1781303206.728:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.939" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f59700bce59 code=0x7ffc0000 [ 584.197695][ T37] audit: type=1326 audit(1781303206.728:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.939" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59700bce59 code=0x7ffc0000 [ 584.455273][ T37] audit: type=1326 audit(1781303206.737:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.939" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59700bce59 code=0x7ffc0000 [ 584.455768][ T37] audit: type=1326 audit(1781303206.737:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.939" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f59700bce59 code=0x7ffc0000 [ 584.459819][ T37] audit: type=1326 audit(1781303206.737:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.939" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59700bce59 code=0x7ffc0000 [ 584.460410][ T37] audit: type=1326 audit(1781303206.737:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9395 comm="syz.2.939" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59700bce59 code=0x7ffc0000 [ 586.625373][ T32] usb 2-1: new low-speed USB device number 7 using dummy_hcd [ 586.845775][ T32] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 586.845844][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 8 [ 586.845876][ T32] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 586.845923][ T32] usb 2-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00 [ 586.845949][ T32] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.927965][ T32] usb 2-1: config 0 descriptor?? [ 586.930342][ T9406] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 587.464768][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 587.486647][ T32] cypress 0003:04B4:0001.0002: unexpected long global item [ 587.487436][ T32] cypress 0003:04B4:0001.0002: parse failed [ 587.487552][ T32] cypress 0003:04B4:0001.0002: probe with driver cypress failed with error -22 [ 587.603689][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 587.657421][ T5817] usb 2-1: USB disconnect, device number 7 [ 587.732683][ T43] bond0 (unregistering): Released all slaves [ 588.787626][ T9426] loop0: detected capacity change from 0 to 256 [ 594.442388][ T9436] netlink: 144 bytes leftover after parsing attributes in process `syz.1.952'. [ 594.840848][ T9260] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.841328][ T9260] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.841640][ T9260] bridge_slave_0: entered allmulticast mode [ 594.866862][ T9260] bridge_slave_0: entered promiscuous mode [ 594.878662][ T9260] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.879130][ T9260] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.879815][ T9260] bridge_slave_1: entered allmulticast mode [ 594.883622][ T9260] bridge_slave_1: entered promiscuous mode [ 594.988518][ T9260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 595.006497][ T9260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 595.078484][ T9260] team0: Port device team_slave_0 added [ 595.090829][ T9260] team0: Port device team_slave_1 added [ 595.486677][ T9448] loop0: detected capacity change from 0 to 512 [ 595.554826][ T43] hsr_slave_0: left promiscuous mode [ 595.588276][ T9448] EXT4-fs (loop0): 1 truncate cleaned up [ 595.611400][ T43] hsr_slave_1: left promiscuous mode [ 595.612357][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 595.647176][ T9448] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 595.927534][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 601.473807][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.507272][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 601.507389][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 602.368673][ T9495] netlink: 4 bytes leftover after parsing attributes in process `syz.2.972'. [ 602.845951][ T9502] loop0: detected capacity change from 0 to 256 [ 606.598183][ T9537] loop0: detected capacity change from 0 to 16 [ 607.907748][ T9537] erofs (device loop0): mounted with root inode @ nid 36. [ 607.983157][ T9537] erofs (device loop0): not enough plain data on disk @ la 0 of nid 89 [ 607.983192][ T9537] erofs (device loop0): readahead error at folio 2 @ nid 89 [ 607.983212][ T9537] erofs (device loop0): not enough plain data on disk @ la 0 of nid 89 [ 607.983230][ T9537] erofs (device loop0): readahead error at folio 1 @ nid 89 [ 608.017269][ T9537] erofs (device loop0): not enough plain data on disk @ la 0 of nid 89 [ 608.017305][ T9537] erofs (device loop0): not enough plain data on disk @ la 0 of nid 89 [ 608.017325][ T9537] erofs (device loop0): read error -117 @ 1 of nid 89 [ 608.111012][ T37] audit: type=1800 audit(1781303228.774:168): pid=9537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.989" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 610.563151][ T43] team0 (unregistering): Port device team_slave_1 removed [ 610.681520][ T43] team0 (unregistering): Port device team_slave_0 removed [ 611.267277][ T9554] loop0: detected capacity change from 0 to 256 [ 611.358433][ T9554] FAT-fs (loop0): data area starts beyond volume (274 > 64) [ 611.358456][ T9554] FAT-fs (loop0): Can't find a valid FAT filesystem [ 611.390682][ T9260] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 611.390702][ T9260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 611.390734][ T9260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 611.693546][ T9495] bridge_slave_1: left allmulticast mode [ 611.693585][ T9495] bridge_slave_1: left promiscuous mode [ 611.693884][ T9495] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.865756][ T9495] bridge_slave_0: left allmulticast mode [ 611.865795][ T9495] bridge_slave_0: left promiscuous mode [ 611.866123][ T9495] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.513524][ T9260] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 612.513544][ T9260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 612.513578][ T9260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 612.867253][ T9581] loop0: detected capacity change from 0 to 512 [ 612.927995][ T9260] hsr_slave_0: entered promiscuous mode [ 612.930506][ T9260] hsr_slave_1: entered promiscuous mode [ 612.932603][ T9260] debugfs: 'hsr0' already exists in 'hsr' [ 612.932632][ T9260] Cannot create hsr debugfs directory [ 613.129574][ T9581] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 613.558509][ T9581] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 613.564379][ T9581] ext4 filesystem being mounted at /205/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 614.647861][ T37] audit: type=1800 audit(1781303234.830:169): pid=9581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1013" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 614.759668][ T9614] loop1: detected capacity change from 0 to 256 [ 614.767195][ T9614] FAT-fs (loop1): data area starts beyond volume (274 > 64) [ 614.767269][ T9614] FAT-fs (loop1): Can't find a valid FAT filesystem [ 615.061312][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 615.423107][ T9260] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 615.539937][ T9260] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 615.549006][ T9260] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 615.587890][ T9260] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 615.589201][ T9260] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 615.854126][ T9260] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 615.859037][ T9260] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 615.915236][ T5736] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 616.073322][ T9260] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 616.074782][ T5736] usb 1-1: Using ep0 maxpacket: 32 [ 616.081801][ T5736] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 616.081888][ T5736] usb 1-1: config 0 has no interface number 0 [ 616.082039][ T5736] usb 1-1: config 0 interface 184 has no altsetting 0 [ 617.028248][ T5736] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 617.028287][ T5736] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.028311][ T5736] usb 1-1: Product: syz [ 617.028328][ T5736] usb 1-1: Manufacturer: syz [ 617.028345][ T5736] usb 1-1: SerialNumber: syz [ 617.370927][ T5736] usb 1-1: config 0 descriptor?? [ 617.384452][ T9637] loop1: detected capacity change from 0 to 8192 [ 618.121718][ T37] audit: type=1804 audit(1781303237.932:170): pid=9637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1034" name="/newroot/195/file1/bus" dev="loop1" ino=1048625 res=1 errno=0 [ 618.819095][ T37] audit: type=1800 audit(1781303238.717:171): pid=9637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1034" name="bus" dev="loop1" ino=1048625 res=0 errno=0 [ 620.002851][ T5736] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -32 [ 620.002893][ T5736] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 620.043897][ T5736] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 620.043937][ T5736] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 620.043961][ T5736] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 620.043983][ T5736] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 620.044324][ T5736] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 620.195472][ T5736] usb 1-1: USB disconnect, device number 5 [ 620.761107][ T9260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 620.938660][ T9260] 8021q: adding VLAN 0 to HW filter on device team0 [ 620.953920][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 620.954223][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 621.051965][ T176] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.052180][ T176] bridge0: port 2(bridge_slave_1) entered forwarding state [ 622.110798][ T9710] loop0: detected capacity change from 0 to 512 [ 622.492559][ T9710] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 622.911663][ T9720] loop1: detected capacity change from 0 to 512 [ 623.106792][ T9720] EXT4-fs (loop1): 1 truncate cleaned up [ 623.137304][ T9720] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 623.265473][ T9710] EXT4-fs (loop0): 1 truncate cleaned up [ 623.497662][ T9710] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 628.835267][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 629.234566][ T9752] loop1: detected capacity change from 0 to 512 [ 629.341888][ T9752] EXT4-fs (loop1): 1 truncate cleaned up [ 629.406679][ T9752] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 629.708865][ T5624] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 630.816802][ T5624] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 630.832848][ T5624] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 630.850389][ T5624] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 630.851268][ T5624] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 631.131097][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 633.311130][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 634.118819][ T9811] loop0: detected capacity change from 0 to 512 [ 634.316026][ T5624] Bluetooth: hci5: command tx timeout [ 634.316899][ T9811] EXT4-fs (loop0): 1 truncate cleaned up [ 634.325167][ T9811] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 636.597105][ T5624] Bluetooth: hci5: command tx timeout [ 636.823004][ T9825] raw_sendmsg: syz.2.1096 forgot to set AF_INET. Fix it! [ 637.071502][ T9754] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.071953][ T9754] bridge0: port 1(bridge_slave_0) entered disabled state [ 637.072272][ T9754] bridge_slave_0: entered allmulticast mode [ 637.077081][ T9754] bridge_slave_0: entered promiscuous mode [ 637.094182][ T9754] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.094550][ T9754] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.094882][ T9754] bridge_slave_1: entered allmulticast mode [ 637.099133][ T9754] bridge_slave_1: entered promiscuous mode [ 637.172663][ T9754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 637.242629][ T9754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 638.216843][ T9843] loop1: detected capacity change from 0 to 128 [ 638.218559][ T9843] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 638.331072][ T9843] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 638.825544][ T5624] Bluetooth: hci5: command tx timeout [ 640.443890][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 641.061942][ T5624] Bluetooth: hci5: command tx timeout [ 642.499398][ T9754] team0: Port device team_slave_0 added [ 643.153169][ T9754] team0: Port device team_slave_1 added [ 643.388077][ T9754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 643.388096][ T9754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 643.388128][ T9754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 643.391612][ T9754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 643.391629][ T9754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 643.391654][ T9754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 643.792631][ T9754] hsr_slave_0: entered promiscuous mode [ 643.804394][ T9754] hsr_slave_1: entered promiscuous mode [ 643.808281][ T9754] debugfs: 'hsr0' already exists in 'hsr' [ 643.808312][ T9754] Cannot create hsr debugfs directory [ 644.031756][ T9892] IPVS: set_ctl: invalid protocol: 4 127.0.0.1:20004 [ 647.914315][ T9944] loop0: detected capacity change from 0 to 256 [ 647.915670][ T9944] vfat: Bad value for 'fmask' [ 648.020228][ T37] audit: type=1800 audit(1781303265.628:172): pid=9944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1145" name="file1" dev="tmpfs" ino=1191 res=0 errno=0 [ 648.185573][ T9949] loop1: detected capacity change from 0 to 256 [ 650.850095][ T9975] loop1: detected capacity change from 0 to 512 [ 650.937511][ T9975] EXT4-fs (loop1): 1 truncate cleaned up [ 651.080636][ T9975] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 652.477490][ T9990] fuse: fd is not a fuse device [ 654.178001][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 656.443380][T10045] loop1: detected capacity change from 0 to 512 [ 656.496101][T10045] EXT4-fs (loop1): 1 truncate cleaned up [ 656.574335][T10045] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 656.741315][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 657.322747][T10059] loop1: detected capacity change from 0 to 4096 [ 657.329290][T10059] EXT4-fs: inline encryption not supported [ 657.379663][T10059] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 657.380207][T10059] EXT4-fs (loop1): can't mount with data_err=abort, fs mounted w/o journal [ 659.068626][T10070] loop0: detected capacity change from 0 to 512 [ 659.179670][T10070] EXT4-fs (loop0): 1 truncate cleaned up [ 659.195982][T10070] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 662.348350][ T5268] 8021q: adding VLAN 0 to HW filter on device eth5 [ 662.545696][T10105] process 'syz.2.1200' launched './file2' with NULL argv: empty string added [ 662.769185][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 662.850108][ T69] bridge_slave_1: left allmulticast mode [ 662.850149][ T69] bridge_slave_1: left promiscuous mode [ 662.850446][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.614272][ T69] bridge_slave_0: left allmulticast mode [ 663.614311][ T69] bridge_slave_0: left promiscuous mode [ 663.614625][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.164613][T10142] loop1: detected capacity change from 0 to 512 [ 665.232954][T10142] EXT4-fs (loop1): 1 truncate cleaned up [ 665.391724][T10142] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 667.414357][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 667.560537][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 667.634843][ T69] bond0 (unregistering): Released all slaves [ 668.884190][ T5268] 8021q: adding VLAN 0 to HW filter on device eth6 [ 669.497336][ T69] hsr_slave_0: left promiscuous mode [ 669.556413][ T69] hsr_slave_1: left promiscuous mode [ 669.557538][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 669.607132][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 670.869900][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 670.870027][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 671.495462][ T69] team0 (unregistering): Port device team_slave_1 removed [ 671.583397][ T69] team0 (unregistering): Port device team_slave_0 removed [ 672.048147][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 672.808846][ T5268] 8021q: adding VLAN 0 to HW filter on device eth7 [ 676.370061][T10325] loop0: detected capacity change from 0 to 512 [ 676.371422][T10325] ext2: Unknown parameter 'smackfsfloor' [ 676.810816][T10325] loop0: detected capacity change from 0 to 40427 [ 676.857261][T10325] F2FS-fs (loop0): Fix alignment : internally, start(4096) end(16896) block(12288) [ 676.885178][T10325] F2FS-fs (loop0): invalid crc value [ 677.025806][T10325] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 677.046447][T10325] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 681.403773][T10390] loop1: detected capacity change from 0 to 512 [ 681.406853][T10390] ext2: Unknown parameter 'smackfsfloor' [ 684.630155][ T5723] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 684.799949][ T5723] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 684.799992][ T5723] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 684.800020][ T5723] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 684.800079][ T5723] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 684.800106][ T5723] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.154252][ T9754] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 685.190330][ T5723] usb 1-1: config 0 descriptor?? [ 686.135804][ T9754] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 686.145968][ T9754] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 686.943108][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 686.943156][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 686.943206][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 686.943237][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 686.946983][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 686.947027][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 686.947058][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 686.947089][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 686.947119][ T5723] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 687.202231][ T9754] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 687.226395][ T9754] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 687.927001][ T9754] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 687.942926][ T9754] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 688.090112][ T9754] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 688.240357][ T5723] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 688.327669][ T5723] usb 1-1: USB disconnect, device number 6 [ 688.889214][T10493] fido_id[10493]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 691.646559][T10536] loop0: detected capacity change from 0 to 512 [ 691.748594][T10536] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 691.939068][T10536] EXT4-fs (loop0): 1 truncate cleaned up [ 691.978779][T10536] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 694.032793][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 694.457105][T10589] capability: warning: `syz.1.1348' uses deprecated v2 capabilities in a way that may be insecure [ 695.428291][ T5627] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 695.519344][ T5627] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 695.532602][ T5627] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 695.554604][ T5627] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 695.583621][ T5627] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 696.108685][T10617] loop0: detected capacity change from 0 to 2048 [ 696.123817][T10617] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 697.949902][T10671] loop1: detected capacity change from 0 to 512 [ 697.984880][T10671] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 697.985425][ T5627] Bluetooth: hci1: command tx timeout [ 698.096562][T10671] EXT4-fs (loop1): 1 truncate cleaned up [ 698.122130][T10671] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 700.186899][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 700.254919][ T5627] Bluetooth: hci1: command tx timeout [ 701.196948][T10732] binder: 10731:10732 ioctl 4018620d 0 returned -22 [ 702.771673][ T5627] Bluetooth: hci1: command tx timeout [ 703.952728][T10749] loop1: detected capacity change from 0 to 256 [ 703.962832][T10749] FAT-fs (loop1): data area starts beyond volume (274 > 64) [ 703.962862][T10749] FAT-fs (loop1): Can't find a valid FAT filesystem [ 704.025224][T10753] loop0: detected capacity change from 0 to 256 [ 705.033762][ T5627] Bluetooth: hci1: command tx timeout [ 711.014278][T10607] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.014772][T10607] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.015066][T10607] bridge_slave_0: entered allmulticast mode [ 711.057431][T10607] bridge_slave_0: entered promiscuous mode [ 711.154420][T10607] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.157969][T10607] bridge0: port 2(bridge_slave_1) entered disabled state [ 711.158799][T10607] bridge_slave_1: entered allmulticast mode [ 711.199939][T10607] bridge_slave_1: entered promiscuous mode [ 711.591653][T10607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 711.694317][T10607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.291767][T10607] team0: Port device team_slave_0 added [ 712.311127][T10607] team0: Port device team_slave_1 added [ 712.539299][T10607] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 712.539319][T10607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 712.539350][T10607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 712.589772][T10607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 712.589793][T10607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 712.589828][T10607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 712.857530][ T12] bridge_slave_1: left allmulticast mode [ 712.857580][ T12] bridge_slave_1: left promiscuous mode [ 712.857897][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 713.061798][ T12] bridge_slave_0: left allmulticast mode [ 713.061838][ T12] bridge_slave_0: left promiscuous mode [ 713.062212][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 713.697435][T10907] loop0: detected capacity change from 0 to 256 [ 714.831522][ T5817] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 717.500878][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 717.518153][ T5817] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 717.518195][ T5817] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 717.518239][ T5817] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 717.518266][ T5817] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 717.524904][ T5817] usb 1-1: config 0 descriptor?? [ 717.700264][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 719.019649][ T5817] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 719.019691][ T5817] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 719.019722][ T5817] cp2112 0003:10C4:EA90.0004: item fetching failed at offset 5/7 [ 719.020573][ T5817] cp2112 0003:10C4:EA90.0004: parse failed [ 719.020722][ T5817] cp2112 0003:10C4:EA90.0004: probe with driver cp2112 failed with error -22 [ 719.104197][ T12] bond0 (unregistering): Released all slaves [ 719.300798][ T5339] usb 1-1: USB disconnect, device number 7 [ 719.394156][ T5268] 8021q: adding VLAN 0 to HW filter on device eth5 [ 721.600567][T10607] hsr_slave_0: entered promiscuous mode [ 721.606297][T10607] hsr_slave_1: entered promiscuous mode [ 721.612350][T10607] debugfs: 'hsr0' already exists in 'hsr' [ 721.612382][T10607] Cannot create hsr debugfs directory [ 723.691499][ T12] hsr_slave_0: left promiscuous mode [ 723.740186][ T12] hsr_slave_1: left promiscuous mode [ 723.741032][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 723.800656][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 726.844024][ T12] team0 (unregistering): Port device team_slave_1 removed [ 726.961232][ T12] team0 (unregistering): Port device team_slave_0 removed [ 728.811594][ T5268] 8021q: adding VLAN 0 to HW filter on device eth6 [ 729.407798][T11131] loop1: detected capacity change from 0 to 256 [ 729.494126][T11131] exfat: Deprecated parameter 'utf8' [ 729.906338][T11131] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 731.684624][T11161] loop1: detected capacity change from 0 to 1024 [ 731.715099][T11161] ext3: Unknown parameter 'noacl' [ 732.634359][T11172] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1568'. [ 734.609944][T11180] loop0: detected capacity change from 0 to 512 [ 734.714619][T11180] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 734.714659][T11180] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 734.714681][T11180] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.1574: Corrupt directory, running e2fsck is recommended [ 734.882502][T11180] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 734.894042][T11180] EXT4-fs error (device loop0): ext4_iget_extra_inode:5180: inode #15: comm syz.0.1574: corrupted in-inode xattr: invalid ea_ino [ 734.894083][T11180] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 734.902494][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 734.902523][ C1] EXT4-fs (loop0): initial error at time 1781303345: ext4_iget_extra_inode:5180: inode 15 [ 734.902556][ C1] EXT4-fs (loop0): last error at time 1781303345: ext4_iget_extra_inode:5180: inode 15 [ 734.904645][T11180] EXT4-fs (loop0): Remounting filesystem read-only [ 734.970542][T11180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 735.321561][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 745.029637][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 745.029776][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 745.467492][T11242] loop0: detected capacity change from 0 to 256 [ 745.558904][ T57] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 745.759899][ T57] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 745.759940][ T57] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 745.759974][ T57] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 745.760008][ T57] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 745.760054][ T57] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.877559][ T57] usb 2-1: config 0 descriptor?? [ 746.931699][ T57] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 747.288462][ T57] usb 2-1: USB disconnect, device number 8 [ 750.113902][T10607] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 750.153787][T10607] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 750.157039][T10607] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 750.277210][T10607] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 750.289732][T10607] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 750.557186][T10607] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 750.669991][T10607] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 750.889481][T10607] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 752.712711][T11394] input: syz1 as /devices/virtual/input/input11 [ 752.908777][T11395] loop1: detected capacity change from 0 to 256 [ 755.558051][T11415] binder: 11414:11415 ioctl 4018620d 0 returned -22 [ 755.670901][T10607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 755.839510][T10607] 8021q: adding VLAN 0 to HW filter on device team0 [ 755.868758][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 755.883773][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 755.960257][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 755.996373][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 757.481254][T11453] loop1: detected capacity change from 0 to 512 [ 758.424163][T11453] EXT4-fs (loop1): blocks per group (255) and clusters per group (8192) inconsistent [ 760.514488][T11471] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1663'. [ 760.514515][T11471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1663'. [ 760.585380][T11472] binder: 11468:11472 ioctl 4018620d 0 returned -22 [ 760.749371][T11471] macsec1: entered allmulticast mode [ 760.749398][T11471] veth1_macvtap: entered allmulticast mode [ 762.190530][ T5624] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 762.253591][ T5624] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 762.261069][ T5624] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 762.297052][ T5624] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 762.299961][ T5624] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 764.832546][T11513] loop1: detected capacity change from 0 to 256 [ 766.250290][ T5624] Bluetooth: hci5: command tx timeout [ 768.526311][ T5624] Bluetooth: hci5: command tx timeout [ 768.635153][T11536] loop1: detected capacity change from 0 to 512 [ 768.900606][T11536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 769.943192][ T5737] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 770.635325][ T5737] usb 2-1: Using ep0 maxpacket: 32 [ 770.638835][ T5737] usb 2-1: unable to get BOS descriptor or descriptor too short [ 770.681984][ T5737] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 770.682025][ T5737] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.682051][ T5737] usb 2-1: Product: syz [ 770.682068][ T5737] usb 2-1: Manufacturer: syz [ 770.682086][ T5737] usb 2-1: SerialNumber: syz [ 770.782744][ T5624] Bluetooth: hci5: command tx timeout [ 771.565238][ T5737] usb 2-1: 1:1: invalid format type 0x1002 is detected, processed as PCM [ 771.565274][ T5737] usb 2-1: 1:1 : unsupported sample bitwidth 16 in 12 bytes [ 771.659891][ T5737] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 772.162253][ T5621] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 772.646823][T11568] loop0: detected capacity change from 0 to 40427 [ 772.679097][T11568] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 772.679127][T11568] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 772.834996][T11568] F2FS-fs (loop0): invalid crc value [ 772.883886][ T5737] usb 2-1: USB disconnect, device number 9 [ 773.030800][ T5624] Bluetooth: hci5: command tx timeout [ 773.916007][T11605] loop1: detected capacity change from 0 to 512 [ 774.139978][T11605] EXT4-fs (loop1): blocks per group (255) and clusters per group (8192) inconsistent [ 775.656322][T11568] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 777.719456][ T5737] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 778.598805][ T5737] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 778.598841][ T5737] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 778.598864][ T5737] usb 2-1: config 0 has no interface number 0 [ 778.598915][ T5737] usb 2-1: config 0 interface 214 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 778.606245][ T5737] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 778.606284][ T5737] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 778.606308][ T5737] usb 2-1: Manufacturer: syz [ 778.606326][ T5737] usb 2-1: SerialNumber: syz [ 778.793061][ T5737] usb 2-1: config 0 descriptor?? [ 778.906386][T11649] loop0: detected capacity change from 0 to 512 [ 780.051205][T11649] EXT4-fs (loop0): 1 truncate cleaned up [ 780.058543][ T57] usb 2-1: USB disconnect, device number 10 [ 780.125996][T11649] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 781.431669][T11480] bridge0: port 1(bridge_slave_0) entered blocking state [ 781.432202][T11480] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.432538][T11480] bridge_slave_0: entered allmulticast mode [ 781.463260][ T5612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 781.463999][T11480] bridge_slave_0: entered promiscuous mode [ 781.526192][T11480] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.526549][T11480] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.526926][T11480] bridge_slave_1: entered allmulticast mode [ 781.530680][T11480] bridge_slave_1: entered promiscuous mode [ 782.335257][T11480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 782.369560][T11480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 782.595664][T11731] loop1: detected capacity change from 0 to 256 [ 782.637455][ T57] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 782.855507][ T57] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 782.855538][ T57] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 782.855556][ T57] usb 1-1: config 0 has no interface number 0 [ 782.855593][ T57] usb 1-1: config 0 interface 214 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 782.868260][ T57] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 782.868352][ T57] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 782.868429][ T57] usb 1-1: Manufacturer: syz [ 782.868453][ T57] usb 1-1: SerialNumber: syz [ 783.058634][ T57] usb 1-1: config 0 descriptor?? [ 783.194342][T11480] team0: Port device team_slave_0 added [ 783.229265][T11480] team0: Port device team_slave_1 added [ 783.444811][ T16] ------------[ cut here ]------------ [ 783.444824][ T16] task_rq(p) != rq [ 783.444836][ T16] WARNING: kernel/sched/fair.c:7656 at hrtick_start_fair+0x196/0x1f0, CPU#0: ktimers/0/16 [ 783.444882][ T16] Modules linked in: [ 783.444920][ T16] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 783.444941][ T16] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 783.444957][ T16] RIP: 0010:hrtick_start_fair+0x196/0x1f0 [ 783.444986][ T16] Code: 42 80 3c 20 00 74 08 4c 89 ff e8 85 f5 97 00 4d 39 37 0f 85 0c ff ff ff 48 89 df 5b 41 5c 41 5d 41 5e 41 5f e9 7b 64 fa ff 90 <0f> 0b 90 e9 d1 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 82 [ 783.445002][ T16] RSP: 0018:ffffc90000157aa0 EFLAGS: 00010087 [ 783.445019][ T16] RAX: ffff8880b873ba40 RBX: ffff8880b863ba40 RCX: ffffffff819798ae [ 783.445033][ T16] RDX: 0000000000000000 RSI: ffff888031160000 RDI: ffff8880b863ba40 [ 783.445047][ T16] RBP: dffffc0000000000 R08: ffffffff8f8d710f R09: 1ffffffff1f1ae21 [ 783.445061][ T16] R10: dffffc0000000000 R11: fffffbfff1f1ae22 R12: dffffc0000000000 [ 783.445075][ T16] R13: 1ffff110170c78d6 R14: ffff888031160000 R15: ffffffff8d9047d8 [ 783.445090][ T16] FS: 0000000000000000(0000) GS:ffff888125eb8000(0000) knlGS:0000000000000000 [ 783.445105][ T16] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 783.445118][ T16] CR2: 0000000000000000 CR3: 00000000287ae000 CR4: 00000000003526f0 [ 783.445135][ T16] DR0: 0000000000000001 DR1: 00000000000001f8 DR2: 0000000000000003 [ 783.445146][ T16] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 783.445160][ T16] Call Trace: [ 783.445171][ T16] [ 783.445182][ T16] set_next_task_fair+0xa68/0xce0 [ 783.445213][ T16] __schedule+0x3e03/0x5550 [ 783.445258][ T16] ? __pfx___schedule+0x10/0x10 [ 783.445278][ T16] ? schedule+0x90/0x360 [ 783.445307][ T16] ? schedule+0x90/0x360 [ 783.445331][ T16] schedule+0x164/0x360 [ 783.445353][ T16] ? smpboot_thread_fn+0x4d/0xa50 [ 783.445374][ T16] smpboot_thread_fn+0x5bc/0xa50 [ 783.445396][ T16] ? smpboot_thread_fn+0x4d/0xa50 [ 783.445425][ T16] kthread+0x388/0x470 [ 783.445450][ T16] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 783.445469][ T16] ? __pfx_kthread+0x10/0x10 [ 783.445494][ T16] ret_from_fork+0x514/0xb70 [ 783.445522][ T16] ? __pfx_ret_from_fork+0x10/0x10 [ 783.445547][ T16] ? __switch_to+0xc79/0x1410 [ 783.445569][ T16] ? __pfx_kthread+0x10/0x10 [ 783.445594][ T16] ret_from_fork_asm+0x1a/0x30 [ 783.445635][ T16] [ 783.445648][ T16] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 783.445661][ T16] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 783.445682][ T16] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 783.445694][ T16] Call Trace: [ 783.445700][ T16] [ 783.445708][ T16] vpanic+0x56c/0xa60 [ 783.445735][ T16] ? __pfx__printk+0x10/0x10 [ 783.445754][ T16] ? __pfx_vpanic+0x10/0x10 [ 783.445779][ T16] ? is_bpf_text_address+0x292/0x2b0 [ 783.445808][ T16] ? is_bpf_text_address+0x26/0x2b0 [ 783.445847][ T16] panic+0xc5/0xd0 [ 783.445872][ T16] ? __pfx_panic+0x10/0x10 [ 783.445906][ T16] ? ret_from_fork_asm+0x1a/0x30 [ 783.445945][ T16] __warn+0x315/0x4c0 [ 783.445969][ T16] ? hrtick_start_fair+0x196/0x1f0 [ 783.445998][ T16] ? hrtick_start_fair+0x196/0x1f0 [ 783.446027][ T16] __report_bug+0x339/0x540 [ 783.446057][ T16] ? hrtick_start_fair+0x196/0x1f0 [ 783.446085][ T16] ? __pfx___report_bug+0x10/0x10 [ 783.446110][ T16] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 783.446146][ T16] ? hrtick_start_fair+0x196/0x1f0 [ 783.446173][ T16] report_bug+0x16a/0x220 [ 783.446198][ T16] ? hrtick_start_fair+0x196/0x1f0 [ 783.446224][ T16] ? hrtick_start_fair+0x198/0x1f0 [ 783.446251][ T16] handle_bug+0x9c/0x200 [ 783.446279][ T16] exc_invalid_op+0x1a/0x50 [ 783.446307][ T16] asm_exc_invalid_op+0x1a/0x20 [ 783.446326][ T16] RIP: 0010:hrtick_start_fair+0x196/0x1f0 [ 783.446353][ T16] Code: 42 80 3c 20 00 74 08 4c 89 ff e8 85 f5 97 00 4d 39 37 0f 85 0c ff ff ff 48 89 df 5b 41 5c 41 5d 41 5e 41 5f e9 7b 64 fa ff 90 <0f> 0b 90 e9 d1 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 82 [ 783.446370][ T16] RSP: 0018:ffffc90000157aa0 EFLAGS: 00010087 [ 783.446386][ T16] RAX: ffff8880b873ba40 RBX: ffff8880b863ba40 RCX: ffffffff819798ae [ 783.446401][ T16] RDX: 0000000000000000 RSI: ffff888031160000 RDI: ffff8880b863ba40 [ 783.446415][ T16] RBP: dffffc0000000000 R08: ffffffff8f8d710f R09: 1ffffffff1f1ae21 [ 783.446431][ T16] R10: dffffc0000000000 R11: fffffbfff1f1ae22 R12: dffffc0000000000 [ 783.446445][ T16] R13: 1ffff110170c78d6 R14: ffff888031160000 R15: ffffffff8d9047d8 [ 783.446467][ T16] ? set_next_task_fair+0xa4e/0xce0 [ 783.446496][ T16] set_next_task_fair+0xa68/0xce0 [ 783.446525][ T16] __schedule+0x3e03/0x5550 [ 783.446569][ T16] ? __pfx___schedule+0x10/0x10 [ 783.446590][ T16] ? schedule+0x90/0x360 [ 783.446619][ T16] ? schedule+0x90/0x360 [ 783.446644][ T16] schedule+0x164/0x360 [ 783.446666][ T16] ? smpboot_thread_fn+0x4d/0xa50 [ 783.446689][ T16] smpboot_thread_fn+0x5bc/0xa50 [ 783.446716][ T16] ? smpboot_thread_fn+0x4d/0xa50 [ 783.446750][ T16] kthread+0x388/0x470 [ 783.446771][ T16] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 783.446789][ T16] ? __pfx_kthread+0x10/0x10 [ 783.446811][ T16] ret_from_fork+0x514/0xb70 [ 783.446836][ T16] ? __pfx_ret_from_fork+0x10/0x10 [ 783.446858][ T16] ? __switch_to+0xc79/0x1410 [ 783.446879][ T16] ? __pfx_kthread+0x10/0x10 [ 783.446901][ T16] ret_from_fork_asm+0x1a/0x30 [ 783.446942][ T16] [ 784.555540][ T16] Shutting down cpus with NMI [ 784.556240][ T16] Kernel Offset: disabled