last executing test programs: 44.2763s ago: executing program 3 (id=106): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5, "17321748"}]}}, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3445}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000200)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 41.694463867s ago: executing program 3 (id=122): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)=""/230, 0xe6}, {&(0x7f00000004c0)=""/168, 0xa8}, {&(0x7f0000000900)=""/106, 0x6a}, {&(0x7f00000000c0)=""/26, 0xfe4b}], 0x4}, 0x2000000}], 0x2, 0x101, 0x0) 41.476563858s ago: executing program 3 (id=124): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, 0x0) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_addrs=@nfc={0x27, 0x0, 0x1, 0x4}}) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 41.28537349s ago: executing program 3 (id=125): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10, 0x0}, 0x3000c085) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0xc000}, 0x4000) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b8", 0x1}], 0x1, 0x0, 0x0, 0x10000000}, 0x92cd) 41.060857851s ago: executing program 3 (id=127): r0 = socket(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty, 0x4000002}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000100)=0x1, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x1, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x10424}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_to_bond\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x60000090) syz_emit_ethernet(0x6e, &(0x7f0000000280)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0xfe, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x4000500, {0x2, 0x6, "081331", 0x3f6f, 0xff, 0x0, @mcast1, @loopback, [@fragment={0x84, 0x0, 0xa, 0x0, 0x0, 0x7, 0x65}]}}}}}}}, 0x0) 40.844531713s ago: executing program 3 (id=130): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_CONN_CREDITS_NTF={0x0, 0x0, 0x3, 0x6, 0x6, {0x3, [{0x2, 0x5}, {0x1, 0xe0}, {0x1, 0x40}]}}, 0xa) 25.767039462s ago: executing program 32 (id=130): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_CONN_CREDITS_NTF={0x0, 0x0, 0x3, 0x6, 0x6, {0x3, [{0x2, 0x5}, {0x1, 0xe0}, {0x1, 0x40}]}}, 0xa) 22.194307475s ago: executing program 2 (id=240): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) io_uring_setup(0x7327, &(0x7f00000000c0)={0x0, 0xebcc, 0x1, 0x1, 0x24}) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0x4) close_range(r0, 0xffffffffffffffff, 0x0) 21.741810878s ago: executing program 1 (id=242): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)={0x20, 0x11, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000003c0)='i2c_result\x00', r1}, 0x10) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000140)={0x1, 0x9, 0x0, 0x0}) 20.755518914s ago: executing program 2 (id=249): socket(0x200000000000011, 0x2, 0xd) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x88000, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0xffff0000, 0x0) 20.059567249s ago: executing program 1 (id=252): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000010}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0x6, 0xffff}, {0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x800, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4422}, [@IFLA_IFNAME={0x14, 0x3, 'veth0_virt_wifi\x00'}, @IFLA_PROMISCUITY={0x8, 0x1e, 0xfffffffe}]}, 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 19.967960319s ago: executing program 1 (id=253): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000003900)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x20010080, &(0x7f0000000480)=ANY=[@ANYBLOB='allow_utime=00000000000000000000007,dmask=00000000000000001,iocharset=macroman,allow_utime=00000000000000000000002,uid=', @ANYRES64=r3, @ANYRESOCT=r1, @ANYBLOB="2a3a6dc4d70cd8504afe4f20df34ad3cf37d706dd73fd000", @ANYRESDEC=r3, @ANYRESHEX=r2], 0x1, 0x14ee, &(0x7f0000002400)="$eJzs3Au0jtX2MPA511qPW9Kb5L7mmg9v2lgkSS5JckmSJElyS0iSJAmJTW5JSELuSe4hucVO7vdb7klyJEkSEpKsb+ic89ep842+b5y+z/8/9vyNscZecz97rneud77jfZ/n2WPvbzsOrlq/WqW6zAz/Efz7l1QAyAQA/QDgGgCIAKBU9lLZLx3PrDH1P3sQ8dd6aNqVrkBcSdL/9E36n75J/9M36X/6Jv1P36T/6Zv0P32T/guRnm2dnudaGel3yP3/9Ew+/9M36X/6Jv1P36T/6Zv0P32T/qdv0v/0Tfqfvkn/hUjPrvT95/85I+M/nrErXcdfO67wy08IIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghRDpxLlxmAOCf8ytdlxBCCCGEEEIIIf46IeOVrkAIIYQQQgghhBD/7yEo0GAgggyQETJBZsgCV0FWuBqywTWQgGshO1wHOeB6yAm5IDfkgbyQD/KDBQIHDDEUgIKQhBugENwIKVAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6Ai3AmV4C6oDFWgKlSDu6E63AM14F6oCfdBLbgfzpX5e5V14SGoBw9DfXgEGsCj0BAaQWNoAk1/n48I8Jv82vAA1IEHf5f/InSFl6AbdIdU6AE94WXoBb2hD/SFfvAK9IdXYQC8BgNhEAyG12EIvAFD4U0YBsNhBLwFI2EUjIYxMBbGwXh4GybAOzAR3oVJMBmmwFSYBtNhBrwHM2EWzIb3YQ58AHNhHsyHBbAQPoRFsBjS4CNYAh/DUlgGy2EFrIRVsBrWwFpYB+thA2yETbAZtsBW+AS2wXbYATthF+yGPfAp7IXPYB98Dvvhi//L/LO/y++EgIAKFRo0mAEzYCbMhFkwC2bFrJgNs2ECE5gds//XiyU35sa8mBfzY34kJGRkLIAFMIlJLISFMAVTsAgWQY8ei2NxLIE3Y0ksiaWwFJbG0lgGy2JZLI/lsQJWwIpYESthJayMlbEqVsW78W68B2tgDayJNbEW1sLaWBvrYB2si3WxHtbD+lgfG2ADbIgNsTE2xqbYFJthM2yOzbEltsRW2ApbY2tsg22wLbbFdtgO22N77IAdsCN2xE7YGTvji/givoQvYXesrHpgT+yJvbAX9sG+2Bdfwf74Kr6Kr+FAHISD8XV8Hd/AoXgGh+FwHIEjsIIahaNxDLIah+NxPE7ACTgRJ+IknIyTcSpOw+k4A2fgTJyFs/B9nIMf4Ac4D+fhAlyIC3ERLsY0TMMleBaX4jJcjitwJa7ClbgG1+IaXI8bcD1uwk24BbfgJ/gJbsftuBN34m7cjZ/ip/gZfoYDcT/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOB7HE3gST+FJPI2n8QyexXN4Ds/jebyAz+f9ut7uwusGgrrEKKMyqAwqk8qksqgsKqvKqrKpbCqhEiq7yq5yqBwqp8qpcqvcKq/Kq/Kr/IoUKVaxKqAKqKRKqkKqkEpRKaqIKqK88qq4Kq5KqBKqpCqpSqlbVWl1myqjyqoWvrwqryqolr6iulNVUpVUZVVFVVXVVDVVXVVXNVQNVVPVVLVULVVbPaDqqB7YBx9SlzpTXw3CBmowNlSNVGPVRL2Bj6lmaig2Vy1US/WEGo7DsLVq5tuop1VbNRrbqWfVGHxOdVDjsKN6QXVSnVUX9aLqqpr7bqq7moQ9VE81FXup3qqP6qtmYhV1qWNV1WtqoBqkBqvX1QJ8Qw1Vb6phargaod5SI9UoNVqNUWPVODVeva0mqHfURPWumqQmqylqqpqmpqsZ6j01U81Ss9X7ao76QM1V89R8tUAtVB+qRWqxSlMfqSXqY7VULVPL1Qq1Uq1Sq9UatVatU+vVBrVRbVKb1Ra1VX2itqntaofaqXap3WqP+lTtVZ+pfepztV99oQ4oTAX4Uh1SX6nD6mt1RH2jjqpv1TH1nTquvlcn1El1Sv2gTqsf1Zlf3xsBQP2sLqhf1EUVFGjUSmttdKQz6Iw6k86ss+irdFZ9tc6mr9EJfa3Orq/TOfT1OqfOpXPrPDqvzqfza6tJO8061gV0QZ3UN+hC+kadogvrIrqo9rqYLq5v0iX0zbqkvkWX0rfq0vo2XUaX1eV0eX27rqDv0BX1nbqSvktX1lV0VV1N362r63t0DX2vrqnv07X0/bq2fkDX0Q/quvohXU8/rOvrR3QD/ahuqBvpxrqJbqof083047q5bqFb6id0K/2kbq2f0m3007qtfka308/q9vo53UE/rzvqF3Qn3Vl30b/oizrobrq7TtU9dE/9su6le+s+uq/up1/R/fWreoB+TQ/Ug/Rg/boeot/QQ/Wbepgerkfot/RIPUqP1mP0WD1Oj9dv6wn6HT1Rv6sn6cl6ip6qp+npus8/Vpr9f5D/zr/JH/Dro2/RW/UnepvernfonXqX3q336D16r96r9+l9er/erw/oA/qgPqgP6UP6sD6sj+gj+qg+qo/pY/q4Pq5P6JP6J/2DPq1/1Gf0WX1W/6TP6/P6wj+eAzBolNHGmMhkMBlNJpPZZDFXmazmapPNXGMS5lqT3VxncpjrTU6Ty+Q2eUxek8/kN9aQcYZNbAqYgiZpbjCFzI0mxRQ2RUxR400xU9zc9B/n/1l9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL532RSpSkYlMlCHKEGWKMkVZoixR1ihrlC3KFiWiRJQ9yh7liK6Pcka5otxRnihvlC/KH9mIIhdxFEcFooJRMrohKhTdGKVEhaMiUdHIR8Wi4tFNUYno5qhkdEtUKro1Kh3dFpWJykblovLR7VGF6I6oYnRnVCm6K6ocVYmqRtWiu6Pq0T1RjejeqGZ0X1Qruj+qHT0Q1YkejOpGD0X1ooej+tEjUYPo0ahh1ChqHDWJmv6l64dwJtfjvpvtblNtD9vTvmx72d62j+1r+9lXbH/7qh1gX7MD7SA72L5uh9g37FD7ph1mh9sR9i070o6yo+0YO9aOs+Pt23aCfcdOtO/aSXaynWKn2ml2up1h37Mz7Sw7275v59gP7Fw7z863C+xC+6FdZBfbNPuRXWI/tkvtMrvcrrAr7Sq72q6xa+06u95usBvtJrvZbrFb7Sd2m91ud9iddpfdbffYT+1e+5ndZz+3++0X9oD9m1XwpT1kv7KH7df2iP3GHrXf2mP2O3vcfm9P2JP2lP3BnrY/2jP2rD1nf7Ln7c/2gv3FXrTh0sn9pY93MmQoA2WgTJSJslAWykpZKRtlowQlKDtlpxyUg3JSTspNuSkv5aX8lJ8uYWIqQAUoSUkqRIUohVKoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qA76U66i+6iKlSFqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVAml9llcVe5rO5ql81d434f53Z5XF6Xz+V31uV0uf4lJudciivsiriizrtirri76Q9xGVfWlXPl3e2ugrvDVfxDXN3d42q4e11Nd5+r5u7+l7iWu9/Vdo+4Ou5RV9c1cvVcE1ffPeIauEddQ9fINXZNXCv3pGvtnnJt3NOurXvmD/Eit9itdevcerfB7XWfuXPuJ3fUfevOu59dN9fd9XOvuP7uVTfAveYGukF/iEe4t9xIN8qNdmPcWDfuD/EUN9VNc9PdDPeem+lm/SFe6D50c1yam+vmufluwa/xpZrS3EduifvYLXXL3HK3wq10q9xqt+a/al3hNrnNbovb4z5129x2t8PtdLvc7l/jS/vY5z53+90X7oj7xh10X7pD7pg77L7+Nb60v2PuO3fcfe9OuJPulPvBnXY/ujPu7K/7v7T3H9wv7qILDhhZsWbDEWfgjJyJM3MWvoqz8tWcja/hBF/L2fk6zsHXc07Oxbk5D+flfJyfLRM7Zo65ABfkJN/AhfhGTuHCXISLsudiXJxv4hJ8M5fkW7gU38ql+TYuw2W5HJfn27kC38EV+U6uxHdxZa7CVbka383V+R6uwfdyTb6Pa/H9XJsf4Dr8INflh7geP8z1+RFuwI9yQ27EjbkJN+XHuBk/zs25BbfkJ7gVP8mt+Sluw09zW36G2/Gz3J6f4w78PHfkF7gTd+Yu/CJ35Ze4G3fnVO7BPfll7sW9uQ/35X78CvfnV3kAv8YDeRAP5td5CL/BQ/lNHsbDeQS/xSN5FI/mMTyWx/F4fpsn8Ds8kd/lSTyZp/BUnsbTeQa/xzN5Fs/m93kOf8BzeR7P5wW8kD/kRbyY0/gjXsIf81Jexst5Ba/kVbya1/BaXsfreQNv5E28mbfwVv6Et/F23sE7eRfv5j38Ke/lz3gff877+Qs+wH/jg/wlH+Kv+DB/zUf4Gz7K3/Ix/o6P8/d8gk/yKf6BT/OPfIbP8jn+ic/zz3yBf+GLHBhijFWsYxNHcYY4Y5wpzhxnia+Ks8ZXx9nia+JEfG2cPb4uzhFfH+eMc8W54zxx3jhfnD+2McUu5jiOC8QF42R8Q1wovjFOiQvHReKisY+LxcXjm+IS8c1xyfiWuFR8a1w6vi0uE5eNH7mvfHx7XCG+I64Y3xlXiu+KK8dV4qpxtfjuuHp8T1wjvjeuGd8Xl4zvj2vHD8R14gfjuvFDcb344bh+/EjcIH40bhg3ihvHTeKm8WNxs/jxuHncIm4ZPxG3ip+MW8dPxW3ip+O28TN/ejw17hH3jF+OX45DuFfPTy5ILkx+mFyUXJxMS36UXJL8OLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ObklGUK1jODRK6+98ZHP4DP6TD6zz+Kv8ln91T6bv8Yn/LU+u7/O5/DX+5w+l8/t8/i8Pp/P760n7zz72BfwBX3S3+AL+Rt9ii/si/ii3vtivrhv4pv6pr6Zf9w39y18S/+Ef8I/6Z/0T/mn/NO+rX/Gt/PP+vb+Od/BP++f9y/4Tr6z7+Jf9F39S76b7+5Tfarv6Xv6Xr6X7xOB7+f7+f6+vx/gB/iBfqAf7Af7IX6IH+qH+mF+mB/hR/iRfqQf7Uf7sX6sH+/H+wl+gp/oJ/pJfpKf4qf4aX6an+Fn+Jl+pp/tZ/s5KXP8XD/Xz/fz/UK/0C/yi3yaT/NL/BK/1C/1y/1yv9Kv9Kv9ar/Wr/Xr/Xq/0W/0m/1mv9Vv9dv8Nr/D7/C7/C6/x+/xe/1ev8/v8/v9fn/AH/AH/UF/yH/lD/uv/RH/jT/qv/XH/Hf+uP/en/An/Sn/gz/tf/Rn/Fl/zv/kz/uf/QX/i7/ogx+feDsxIfFOYmLi3cSkzJMTUxJTE9MS0xMzEu8lZiZmJWYn3k/MSXyQmJuYl5ifWJBYmPgwsSixOJGW+CixJPFxYmliWWJ5YkViZWJVIoR82+JQIBQMyXBDKBRuDCmhcCgSigYfioXi4aZQItwcSoZbQqlwaygdbgtlQtlQLjwaGoZGoXFoEpqGx0Kz8HhoHlqEluGJ0Co8GVqHp0Kb8HRoG54J7cKzoX14LnQIz4eO4YXQKXQOXcKLoWt4KXQL3UNq6BF6hpdDr9A79Al9Q7/wSugfXg0DwmthYBgUBofXw5DwRhga3gzDwvAwIrwVRoZRYXQYE8aGcWF8eDtMCO+EieHdMClMDlPC1DAtTA8zwnthZpgVZof3w5zwQZgb5oX5YUFYGD4Mi8LikBY+CkvCx2FpWBaWhxVhZVgVVoc1YW1YF9aHDWFj2BQ2hy1ha/gkbAvbw46wM+wKu8Oe8GnYGz4L+8LnYX/4IhwIfwsHw5fhUPgqHA5fhyPhm3A0fBuOhe/C8fB9OBFOhlPhh3A6/BjOhLPhXPgpnA8/hwvhl3Dx179Z636lbqILIYQQQvyPkfonx3v8m++pf4xLegLA1dvzHP7tcQ0AG3P+fd5b5W2VAICnu3d86J+jcuXU1H8+7lINUcF5AJC4nJ8BLsfLoCU8CW2gBZSAf/766rd6q87n+U/WT94KkOU3OZngcnx5/Zv/7f57q1Fz/nT9eQApBS/nZIbL8eX1S/5v1s/V7E/Wz/zleIDmv8nJCpfjy+sXh8fhGWjzLz8phBBCCCGEEEL8XW9Vrv2fXd9euj7Pay7nZITL8W+vz4UQQgghhBBCCPHf03Oduzz1WJs2LdrL5L/jZLe0SSZXZnKF35iEEEIIIYQQf7nLJ/1XuhIhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECL9+v/x78Su9B6FEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKIK+1/BQAA///apiom") r4 = open(&(0x7f00000003c0)='.\x00', 0x100, 0x97) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='pids.events\x00', 0x275a, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8) 19.82654051s ago: executing program 2 (id=254): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x6}, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) close(r0) 19.634525492s ago: executing program 1 (id=256): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') syz_read_part_table(0x4073, &(0x7f00000004c0)="$eJzszz9KA0EUB+DfbrJmlYUgaCWIwV7WC+wtUis5g7UG9yaW4gE8kaVXiCRRIRjLgIbvK2beH95jJvwTdZKbVVQkeZ29HCe5mKRv24yW5eGWofY61VFdpkly97M9fd75swEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL+q3MgekmK+DovlUX93Zmfp77vFoknq03HyOEjVnRc5SSZXW/YOkrfPLe9JpuMd/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2ANlktuNyugrOFhfh81vs8Pk6TJ9V62yefLB7hzaABACMBTt5QwLsiRLFoMnQb+n6vrTtpfDfmf8I5nrvRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCzAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04kAEAAAAQ5m+dR/sBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4KAAD//7gmFoQ=") fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/time\x00') 19.558153582s ago: executing program 2 (id=257): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000028c0)="1a", 0x1}], 0x1}}], 0x1, 0x4000800) writev(r0, &(0x7f0000000880)=[{&(0x7f00000003c0)="c5", 0x1}], 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000b95000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0}, &(0x7f0000000040)=0x40) 19.347605084s ago: executing program 2 (id=258): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x1, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00'}, 0x94) 19.237605014s ago: executing program 2 (id=259): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000300)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40020402cd1af3"], 0x7) 18.779544937s ago: executing program 1 (id=261): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10003, @loopback, 0x7}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x10}, 0xc) writev(r0, &(0x7f0000000640)=[{&(0x7f0000000240)='.', 0x1}], 0x1) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1) 18.640725918s ago: executing program 1 (id=262): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x44, 0x0, 0x6, 0x6, 0x3, 0x101}, {0x3, 0x2, 0x7, 0x4, 0x0, 0x6}, 0x90000000, 0x82b8ca3e, 0x1d24}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x9b4e7c312ffd1ff5}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x1, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xb}, {0xa, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) 16.720214261s ago: executing program 0 (id=268): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) connect$pppl2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) sendmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) 16.664636311s ago: executing program 0 (id=269): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) syz_emit_ethernet(0x5e, &(0x7f0000000080)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "bbddf0", 0x28, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}}}}, 0x0) 16.616734581s ago: executing program 0 (id=270): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, 0x0) 15.699664957s ago: executing program 0 (id=271): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/73, 0x49}], 0x1}, 0x0) sendmsg$alg(r1, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000540)="2c9c", 0x2}], 0x1, 0x0, 0x0, 0x4011}, 0x40) 15.643236148s ago: executing program 0 (id=272): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1084}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 15.595742728s ago: executing program 0 (id=273): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3c01}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0x24, 0x0, &(0x7f0000000280)={0x0, 0x3, 0xc, @string={0xc, 0x3, "9a000000000000000000"}}, 0x0, 0x0}, 0x0) 4.086421044s ago: executing program 33 (id=259): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000300)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40020402cd1af3"], 0x7) 3.03508792s ago: executing program 34 (id=262): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x44, 0x0, 0x6, 0x6, 0x3, 0x101}, {0x3, 0x2, 0x7, 0x4, 0x0, 0x6}, 0x90000000, 0x82b8ca3e, 0x1d24}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x9b4e7c312ffd1ff5}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x1, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xb}, {0xa, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) 0s ago: executing program 35 (id=273): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3c01}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0x24, 0x0, &(0x7f0000000280)={0x0, 0x3, 0xc, @string={0xc, 0x3, "9a000000000000000000"}}, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.64' (ED25519) to the list of known hosts. syzkaller login: [ 64.723642][ T5775] cgroup: Unknown subsys name 'net' [ 64.853855][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.233939][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.654296][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.663724][ T5789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.672362][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.679962][ T5789] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.691256][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.699545][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.708288][ T5789] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.717215][ T5789] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.724602][ T5800] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.727303][ T5799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.732340][ T5789] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.742114][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.746981][ T5789] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.753955][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.766944][ T5799] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.767887][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.775513][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.783288][ T5789] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.796033][ T5789] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.798206][ T5797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.806260][ T5789] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.818251][ T5789] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.826301][ T5797] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.840553][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.275770][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 68.314699][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 68.420736][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 68.469722][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.476894][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.485976][ T5788] bridge_slave_0: entered allmulticast mode [ 68.493591][ T5788] bridge_slave_0: entered promiscuous mode [ 68.548192][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.555352][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.562948][ T5788] bridge_slave_1: entered allmulticast mode [ 68.569902][ T5788] bridge_slave_1: entered promiscuous mode [ 68.635936][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 68.647490][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.654643][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.662679][ T5785] bridge_slave_0: entered allmulticast mode [ 68.669609][ T5785] bridge_slave_0: entered promiscuous mode [ 68.677027][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.684284][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.691586][ T5785] bridge_slave_1: entered allmulticast mode [ 68.700238][ T5785] bridge_slave_1: entered promiscuous mode [ 68.716342][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.729063][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.761710][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.769143][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.776478][ T5787] bridge_slave_0: entered allmulticast mode [ 68.783837][ T5787] bridge_slave_0: entered promiscuous mode [ 68.791721][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.798983][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.806155][ T5787] bridge_slave_1: entered allmulticast mode [ 68.814563][ T5787] bridge_slave_1: entered promiscuous mode [ 68.843579][ T5788] team0: Port device team_slave_0 added [ 68.882544][ T5788] team0: Port device team_slave_1 added [ 68.901802][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.939037][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.962217][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.974434][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.993609][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.001077][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.027840][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.076470][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.083690][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.111034][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.125262][ T5785] team0: Port device team_slave_0 added [ 69.160522][ T5785] team0: Port device team_slave_1 added [ 69.170781][ T5787] team0: Port device team_slave_0 added [ 69.177002][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.184366][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.191939][ T5786] bridge_slave_0: entered allmulticast mode [ 69.198946][ T5786] bridge_slave_0: entered promiscuous mode [ 69.243700][ T5787] team0: Port device team_slave_1 added [ 69.250257][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.258280][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.265564][ T5786] bridge_slave_1: entered allmulticast mode [ 69.272693][ T5786] bridge_slave_1: entered promiscuous mode [ 69.289703][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.296684][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.323126][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.374326][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.382461][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.409329][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.423582][ T5788] hsr_slave_0: entered promiscuous mode [ 69.430615][ T5788] hsr_slave_1: entered promiscuous mode [ 69.451127][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.458233][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.484310][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.500047][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.516472][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.545164][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.552357][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.578504][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.614133][ T5786] team0: Port device team_slave_0 added [ 69.622905][ T5786] team0: Port device team_slave_1 added [ 69.691098][ T5785] hsr_slave_0: entered promiscuous mode [ 69.698805][ T5785] hsr_slave_1: entered promiscuous mode [ 69.705087][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.713596][ T5785] Cannot create hsr debugfs directory [ 69.751889][ T5787] hsr_slave_0: entered promiscuous mode [ 69.758862][ T5787] hsr_slave_1: entered promiscuous mode [ 69.764969][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.773409][ T5787] Cannot create hsr debugfs directory [ 69.792547][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.799581][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.825534][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.842437][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.849493][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.875580][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.886417][ T5789] Bluetooth: hci0: command tx timeout [ 69.890276][ T5794] Bluetooth: hci3: command tx timeout [ 69.948788][ T5794] Bluetooth: hci1: command tx timeout [ 69.951615][ T5789] Bluetooth: hci2: command tx timeout [ 70.065319][ T5786] hsr_slave_0: entered promiscuous mode [ 70.071802][ T5786] hsr_slave_1: entered promiscuous mode [ 70.078275][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.085862][ T5786] Cannot create hsr debugfs directory [ 70.314206][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.327036][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.339193][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.359411][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.436737][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.453958][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.470339][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.481801][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.574110][ T5787] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.583526][ T5787] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.594353][ T5787] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.605853][ T5787] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.698148][ T5786] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.708133][ T5786] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.734044][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.741374][ T5786] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.756259][ T5786] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.818988][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.853140][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.860558][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.895634][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.922203][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.929367][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.970613][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.009752][ T3528] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.016888][ T3528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.044860][ T3528] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.052060][ T3528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.084666][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.128977][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.156388][ T3528] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.163604][ T3528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.185642][ T3528] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.192872][ T3528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.232079][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.290978][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.343322][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.350516][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.385549][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.392774][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.516924][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.681230][ T5788] veth0_vlan: entered promiscuous mode [ 71.723809][ T5788] veth1_vlan: entered promiscuous mode [ 71.743824][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.800471][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.807308][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.890656][ T5785] veth0_vlan: entered promiscuous mode [ 71.916615][ T5788] veth0_macvtap: entered promiscuous mode [ 71.936220][ T5785] veth1_vlan: entered promiscuous mode [ 71.938382][ T5789] Bluetooth: hci0: command tx timeout [ 71.945168][ T5794] Bluetooth: hci3: command tx timeout [ 71.969522][ T5788] veth1_macvtap: entered promiscuous mode [ 71.982518][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.017942][ T5794] Bluetooth: hci1: command tx timeout [ 72.018278][ T5789] Bluetooth: hci2: command tx timeout [ 72.032794][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.049351][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.059836][ T5785] veth0_macvtap: entered promiscuous mode [ 72.075054][ T5785] veth1_macvtap: entered promiscuous mode [ 72.106643][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.116138][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.125652][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.134518][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.176910][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.188375][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.201537][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.222256][ T5787] veth0_vlan: entered promiscuous mode [ 72.234431][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.245183][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.256444][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.276674][ T5787] veth1_vlan: entered promiscuous mode [ 72.291706][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.305331][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.314283][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.323220][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.332145][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.430785][ T5787] veth0_macvtap: entered promiscuous mode [ 72.446006][ T5787] veth1_macvtap: entered promiscuous mode [ 72.507754][ T3482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.512460][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.515804][ T3482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.526931][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.546580][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.557904][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.569601][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.614505][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.626289][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.636836][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.647997][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.665044][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.681843][ T3482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.686329][ T5786] veth0_vlan: entered promiscuous mode [ 72.690181][ T3482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.715717][ T5787] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.724717][ T5787] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.733712][ T5787] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.743491][ T5787] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.794432][ T3528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.795231][ T5786] veth1_vlan: entered promiscuous mode [ 72.809178][ T3528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.906176][ T3528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.913355][ T5786] veth0_macvtap: entered promiscuous mode [ 72.927139][ T3528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.970220][ T5786] veth1_macvtap: entered promiscuous mode [ 73.068088][ T28] audit: type=1326 audit(1762110124.819:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5877 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 73.095926][ T3528] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.139183][ T3528] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.161766][ T28] audit: type=1326 audit(1762110124.819:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5877 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 73.167468][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.214089][ T28] audit: type=1326 audit(1762110124.819:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5877 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 73.214389][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.245579][ T28] audit: type=1326 audit(1762110124.819:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5877 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 73.255716][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.270212][ T28] audit: type=1326 audit(1762110124.829:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5877 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 73.285338][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.324843][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.329667][ T28] audit: type=1326 audit(1762110124.829:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5877 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 73.337456][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.373615][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.464418][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.492241][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.502403][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.513149][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.523276][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.533811][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.546922][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.562711][ T3482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.573675][ T3482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.611377][ T5786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.647950][ T5786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.657099][ T5786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.666233][ T5786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.820919][ T5891] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 73.921914][ T5893] syz.2.9[5893]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 74.018275][ T5789] Bluetooth: hci3: command tx timeout [ 74.023963][ T5789] Bluetooth: hci0: command tx timeout [ 74.058089][ T5891] netlink: 'syz.3.4': attribute type 12 has an invalid length. [ 74.081444][ T5891] netlink: 'syz.3.4': attribute type 29 has an invalid length. [ 74.097667][ T5794] Bluetooth: hci1: command tx timeout [ 74.103844][ T5789] Bluetooth: hci2: command tx timeout [ 74.117647][ T5891] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4'. [ 74.126561][ T5891] netlink: 'syz.3.4': attribute type 1 has an invalid length. [ 74.160982][ T5891] netlink: 15 bytes leftover after parsing attributes in process `syz.3.4'. [ 74.192050][ T5891] Zero length message leads to an empty skb [ 74.311670][ T5893] loop2: detected capacity change from 0 to 32768 [ 74.343157][ T5893] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 74.351903][ T5893] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 74.378896][ T5893] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 74.391306][ T5875] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 74.400758][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.408728][ T5875] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 74.455750][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.524449][ T3482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.536242][ T3482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.628294][ T5875] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 219ms [ 74.667513][ T5875] gfs2: fsid=syz:syz.0: jid=0: Done [ 74.674072][ T5893] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 74.759623][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 74.782873][ T5893] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block) [ 74.792748][ T5893] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 74.792748][ T5893] inode = 12 2341 [ 74.792748][ T5893] function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602 [ 74.811592][ T5893] gfs2: fsid=syz:syz.0: G: s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 74.822772][ T5893] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:5893 [syz.2.9] __gfs2_lookup+0x90/0x270 [ 74.832703][ T5893] gfs2: fsid=syz:syz.0: I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0 [ 74.841290][ T5893] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 74.848964][ T5893] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 74.857834][ T5893] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 74.865107][ T5893] gfs2: fsid=syz:syz.0: File system withdrawn [ 74.871363][ T5893] CPU: 1 PID: 5893 Comm: syz.2.9 Not tainted syzkaller #0 [ 74.878524][ T5893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 74.888637][ T5893] Call Trace: [ 74.891950][ T5893] [ 74.894934][ T5893] dump_stack_lvl+0x16c/0x230 [ 74.899683][ T5893] ? kobject_uevent_env+0x363/0x8c0 [ 74.904932][ T5893] ? show_regs_print_info+0x20/0x20 [ 74.910179][ T5893] ? load_image+0x3b0/0x3b0 [ 74.914738][ T5893] ? kobject_uevent_env+0x363/0x8c0 [ 74.919996][ T5893] gfs2_withdraw+0xe50/0x13b0 [ 74.924747][ T5893] ? gfs2_lm+0x220/0x220 [ 74.929042][ T5893] ? load_image+0x3b0/0x3b0 [ 74.933598][ T5893] ? gfs2_consist_inode_i+0xf5/0x110 [ 74.934760][ T5902] Bluetooth: MGMT ver 1.22 [ 74.938922][ T5893] gfs2_dirent_scan+0x525/0x650 [ 74.938987][ T5893] ? gfs2_dirent_search+0x7e0/0x7e0 [ 74.939008][ T5893] ? gfs2_dirent_search+0x7e0/0x7e0 [ 74.939027][ T5893] gfs2_dirent_search+0x2e1/0x7e0 [ 74.939050][ T5893] ? gfs2_permission+0x370/0x430 [ 74.939076][ T5893] ? __might_sleep+0xe0/0xe0 [ 74.939101][ T5893] ? gfs2_dir_search+0x220/0x220 [ 74.939121][ T5893] ? gfs2_lookupi+0x5a0/0x5a0 [ 74.939143][ T5893] ? do_raw_spin_lock+0x121/0x2c0 [ 74.939171][ T5893] gfs2_dir_search+0x4d/0x220 [ 74.939194][ T5893] gfs2_lookupi+0x3d9/0x5a0 [ 74.939223][ T5893] ? gfs2_lookup_meta+0x170/0x170 [ 75.002480][ T5893] ? __gfs2_lookup+0x90/0x270 [ 75.007183][ T5893] ? d_alloc_parallel+0x13e4/0x1530 [ 75.012404][ T5893] __gfs2_lookup+0x90/0x270 [ 75.016939][ T5893] ? d_alloc_parallel+0x343/0x1530 [ 75.022096][ T5893] ? gfs2_atomic_open+0x220/0x220 [ 75.027137][ T5893] ? __d_lookup+0x8f/0x7c0 [ 75.031573][ T5893] ? d_hash_and_lookup+0x1b0/0x1b0 [ 75.036813][ T5893] gfs2_atomic_open+0x92/0x220 [ 75.041611][ T5893] ? gfs2_rename2+0x1d70/0x1d70 [ 75.046565][ T5893] path_openat+0xf27/0x3190 [ 75.051116][ T5893] ? do_filp_open+0x3d0/0x3d0 [ 75.055862][ T5893] do_filp_open+0x1c5/0x3d0 [ 75.060384][ T5893] ? vfs_tmpfile+0x490/0x490 [ 75.065021][ T5893] ? _raw_spin_unlock+0x28/0x40 [ 75.069924][ T5893] ? alloc_fd+0x58f/0x630 [ 75.074278][ T5893] do_sys_openat2+0x12c/0x1c0 [ 75.078968][ T5893] ? do_sys_open+0xe0/0xe0 [ 75.083436][ T5893] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 75.089464][ T5893] ? lock_chain_count+0x20/0x20 [ 75.094334][ T5893] __x64_sys_openat+0x139/0x160 [ 75.099196][ T5893] do_syscall_64+0x55/0xb0 [ 75.103623][ T5893] ? clear_bhb_loop+0x40/0x90 [ 75.108307][ T5893] ? clear_bhb_loop+0x40/0x90 [ 75.113524][ T5893] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.119429][ T5893] RIP: 0033:0x7fb1ee38efc9 [ 75.123867][ T5893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.143488][ T5893] RSP: 002b:00007fb1ef191038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 75.151930][ T5893] RAX: ffffffffffffffda RBX: 00007fb1ee5e5fa0 RCX: 00007fb1ee38efc9 [ 75.159905][ T5893] RDX: 000000000000275a RSI: 0000200000000280 RDI: ffffffffffffff9c [ 75.167892][ T5893] RBP: 00007fb1ee411f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.175877][ T5893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.183862][ T5893] R13: 00007fb1ee5e6038 R14: 00007fb1ee5e5fa0 R15: 00007ffc43bc8e58 [ 75.192324][ T5893] [ 75.236612][ T5905] loop1: detected capacity change from 0 to 1024 [ 75.315748][ T23] usb 1-1: Using ep0 maxpacket: 8 [ 75.331243][ T23] usb 1-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 75.383969][ T23] usb 1-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 75.418904][ T23] usb 1-1: config 0 interface 0 has no altsetting 0 [ 75.425675][ T23] usb 1-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00 [ 75.447727][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.505351][ T23] usb 1-1: config 0 descriptor?? [ 75.570713][ T2993] hfsplus: b-tree write err: -5, ino 3 [ 75.735701][ T5910] loop3: detected capacity change from 0 to 1024 [ 75.751851][ T5912] loop1: detected capacity change from 0 to 512 [ 75.758812][ T5910] ======================================================= [ 75.758812][ T5910] WARNING: The mand mount option has been deprecated and [ 75.758812][ T5910] and is ignored by this kernel. Remove the mand [ 75.758812][ T5910] option from the mount to silence this warning. [ 75.758812][ T5910] ======================================================= [ 75.817872][ T5912] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 75.842923][ T5912] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 75.876857][ T5910] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.911128][ T5912] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 75.931953][ T5912] EXT4-fs (loop1): 1 truncate cleaned up [ 75.941470][ T5912] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.982887][ T28] audit: type=1800 audit(1762110127.729:8): pid=5910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.16" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 76.019511][ T5896] loop0: detected capacity change from 0 to 1024 [ 76.040317][ T5896] EXT4-fs: Ignoring removed orlov option [ 76.058741][ T5910] EXT4-fs error (device loop3): mb_free_blocks:1938: group 0, inode 15: block 449:freeing already freed block (bit 28); block bitmap corrupt. [ 76.098279][ T5794] Bluetooth: hci0: command tx timeout [ 76.099570][ T5789] Bluetooth: hci3: command tx timeout [ 76.168880][ T5896] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.186956][ T5789] Bluetooth: hci1: command tx timeout [ 76.192527][ T5794] Bluetooth: hci2: command tx timeout [ 76.264497][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.340594][ T23] gt683r_led 0003:1770:FF00.0001: item fetching failed at offset 3/5 [ 76.388947][ T23] gt683r_led 0003:1770:FF00.0001: hid parsing failed [ 76.395818][ T23] gt683r_led: probe of 0003:1770:FF00.0001 failed with error -22 [ 76.420693][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.529643][ T5926] loop3: detected capacity change from 0 to 2048 [ 76.576105][ T5926] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.605246][ T23] usb 1-1: USB disconnect, device number 2 [ 76.620129][ T5926] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.652762][ T5933] loop2: detected capacity change from 0 to 128 [ 76.664377][ T5933] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 76.705287][ T5933] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 76.710531][ T5926] fs-verity: sha512 using implementation "sha512-avx2" [ 76.873918][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.261857][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.113859][ T5961] netlink: 8 bytes leftover after parsing attributes in process `syz.3.33'. [ 78.159986][ T5961] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 78.184257][ T5961] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 78.731469][ T5958] loop2: detected capacity change from 0 to 40427 [ 78.784561][ T5958] F2FS-fs (loop2): invalid crc value [ 78.826525][ T5958] F2FS-fs (loop2): Found nat_bits in checkpoint [ 79.014835][ T5958] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 79.176098][ T5980] netlink: 'syz.3.40': attribute type 2 has an invalid length. [ 79.198630][ T5958] F2FS-fs (loop2): Inconsistent segment (8) type [1, 0] in SSA and SIT [ 79.231245][ T5958] F2FS-fs (loop2): Stopped filesystem due to reason: 4 [ 79.903923][ T5994] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.070341][ T6000] warning: `syz.1.49' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 80.236377][ T6004] netlink: 28 bytes leftover after parsing attributes in process `syz.1.52'. [ 80.332537][ T6007] Illegal XDP return value 4292403200 on prog (id 13) dev N/A, expect packet loss! [ 80.334744][ T6004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.52'. [ 80.593787][ T6011] loop2: detected capacity change from 0 to 1024 [ 80.614289][ T6011] EXT4-fs: Ignoring removed nobh option [ 80.642420][ T6011] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.685521][ T6011] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.910683][ T6011] syz.2.54 (6011) used greatest stack depth: 20968 bytes left [ 81.009835][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.177990][ T6026] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.344582][ T6034] loop2: detected capacity change from 0 to 256 [ 82.040152][ T787] cfg80211: failed to load regulatory.db [ 82.384388][ T6060] nbd2: detected capacity change from 0 to 8 [ 82.437725][ T6061] block nbd2: shutting down sockets [ 82.470670][ C0] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 82.480147][ C0] Buffer I/O error on dev nbd2, logical block 0, async page read [ 82.494190][ T5908] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 82.509373][ T5908] Buffer I/O error on dev nbd2, logical block 0, async page read [ 82.518741][ T5900] ldm_validate_partition_table(): Disk read failed. [ 82.525615][ T5900] Dev nbd2: unable to read RDB block 0 [ 82.543197][ T5900] nbd2: unable to read partition table [ 82.552227][ T5900] nbd2: partition table beyond EOD, truncated [ 82.784010][ T6065] loop3: detected capacity change from 0 to 8192 [ 82.807498][ T787] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 82.817919][ T6057] loop1: detected capacity change from 0 to 32768 [ 82.927436][ T6057] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 82.940254][ T6065] FAT-fs (loop3): error, clusters badly computed (2 != 1) [ 82.955892][ T6065] FAT-fs (loop3): Filesystem has been set read-only [ 82.968025][ T6057] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 83.017429][ T787] usb 1-1: Using ep0 maxpacket: 32 [ 83.039196][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.060820][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.079684][ T787] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 83.089196][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.109556][ T787] usb 1-1: config 0 descriptor?? [ 83.126572][ T787] hub 1-1:0.0: USB hub found [ 83.136754][ T6057] XFS (loop1): Ending clean mount [ 83.236787][ T6057] XFS (loop1): Quotacheck needed: Please wait. [ 83.344260][ T787] hub 1-1:0.0: 1 port detected [ 83.385639][ T6057] XFS (loop1): Quotacheck: Done. [ 83.574660][ T5786] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 83.712243][ T6079] loop2: detected capacity change from 0 to 32768 [ 83.758221][ T6079] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz.2.80 (6079) [ 83.780821][ T787] usb 1-1: USB disconnect, device number 3 [ 83.836448][ T6079] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 83.858277][ T6079] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 83.877708][ T6079] BTRFS info (device loop2): enabling disk space caching [ 83.895213][ T6079] BTRFS info (device loop2): force clearing of disk cache [ 83.910018][ T6079] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 83.947494][ T6079] BTRFS info (device loop2): use zstd compression, level 3 [ 83.954865][ T6079] BTRFS info (device loop2): disk space caching is enabled [ 84.110747][ T6079] BTRFS info (device loop2): enabling ssd optimizations [ 84.134884][ T6079] BTRFS info (device loop2): auto enabling async discard [ 84.168067][ T6079] BTRFS info (device loop2): rebuilding free space tree [ 84.285686][ T6079] BTRFS info (device loop2): disabling free space tree [ 84.292972][ T6079] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 84.304762][ T6079] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.773272][ T5785] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 85.409343][ T6138] process 'syz.3.97' launched '/dev/fd/3' with NULL argv: empty string added [ 85.946164][ T6157] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 86.470023][ T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 86.669649][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.704045][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.746684][ T8] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 86.768562][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.800466][ T8] usb 4-1: config 0 descriptor?? [ 87.446228][ T6181] loop2: detected capacity change from 0 to 40427 [ 87.470476][ T6181] F2FS-fs (loop2): heap/no_heap options were deprecated [ 87.488949][ T6181] F2FS-fs (loop2): Image doesn't support compression [ 87.495791][ T6181] F2FS-fs (loop2): heap/no_heap options were deprecated [ 87.548104][ T6181] F2FS-fs (loop2): invalid crc value [ 87.586020][ T6181] F2FS-fs (loop2): Found nat_bits in checkpoint [ 87.618439][ T6202] input: syz1 as /devices/virtual/input/input5 [ 87.746746][ T6181] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 87.959647][ T5785] syz-executor: attempt to access beyond end of device [ 87.959647][ T5785] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 87.979315][ T5785] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 88.059902][ T8] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #100: -71 [ 88.095516][ T8] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71 [ 88.115605][ T8] uclogic 0003:256C:006D.0002: failed probing pen v1 parameters: -71 [ 88.125069][ T8] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 88.143766][ T8] uclogic: probe of 0003:256C:006D.0002 failed with error -71 [ 88.181755][ T8] usb 4-1: USB disconnect, device number 2 [ 88.915705][ T6223] loop2: detected capacity change from 0 to 4096 [ 88.975595][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.123'. [ 88.997491][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.123'. [ 89.909828][ T6215] loop1: detected capacity change from 0 to 40427 [ 89.938389][ T6215] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x7ffff [ 89.957016][ T6215] F2FS-fs (loop1): invalid crc value [ 89.995173][ T6215] F2FS-fs (loop1): Found nat_bits in checkpoint [ 90.153916][ T6259] input: syz0 as /devices/virtual/input/input6 [ 90.220317][ T6215] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 90.450854][ T6266] loop2: detected capacity change from 0 to 1024 [ 90.496147][ T6266] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 90.610535][ T6266] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.801413][ T6276] binder: 6275:6276 ioctl c0306201 2000000003c0 returned -14 [ 90.842711][ T5786] syz-executor: attempt to access beyond end of device [ 90.842711][ T5786] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 90.912932][ T5786] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 90.935986][ T5786] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 90.998321][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.146003][ T6296] loop2: detected capacity change from 0 to 32768 [ 92.171931][ T6296] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.145 (6296) [ 92.222259][ T6296] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 92.242549][ T6296] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 92.267881][ T6296] BTRFS info (device loop2): force clearing of disk cache [ 92.275161][ T6296] BTRFS info (device loop2): enabling auto defrag [ 92.297429][ T5854] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 92.305324][ T6296] BTRFS info (device loop2): max_inline at 0 [ 92.312167][ T6296] BTRFS info (device loop2): enabling disk space caching [ 92.327637][ T6296] BTRFS info (device loop2): disk space caching is enabled [ 92.451865][ T6296] BTRFS info (device loop2): enabling ssd optimizations [ 92.480184][ T6296] BTRFS info (device loop2): rebuilding free space tree [ 92.498404][ T5854] usb 2-1: Using ep0 maxpacket: 8 [ 92.509035][ T5854] usb 2-1: config 162 has an invalid interface number: 197 but max is 0 [ 92.527595][ T5854] usb 2-1: config 162 has no interface number 0 [ 92.534098][ T5854] usb 2-1: config 162 interface 197 altsetting 4 endpoint 0x86 has invalid maxpacket 1024, setting to 64 [ 92.543327][ T6296] BTRFS info (device loop2): disabling free space tree [ 92.557341][ T5854] usb 2-1: config 162 interface 197 has no altsetting 0 [ 92.567418][ T6296] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 92.587936][ T6296] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 92.604165][ T5854] usb 2-1: New USB device found, idVendor=0c10, idProduct=0000, bcdDevice=95.a7 [ 92.628740][ T5854] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.657768][ T5854] usb 2-1: Product: syz [ 92.672388][ T5854] usb 2-1: Manufacturer: syz [ 92.690209][ T5854] usb 2-1: SerialNumber: syz [ 92.882180][ T11] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 92.995703][ T5785] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 93.284297][ T6304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 93.327001][ T6304] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 93.496022][ T5854] usb 2-1: USB disconnect, device number 2 [ 93.649525][ T6343] loop2: detected capacity change from 0 to 256 [ 93.664314][ T6343] exfat: Deprecated parameter 'namecase' [ 93.700878][ T6343] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d) [ 93.915794][ T28] audit: type=1326 audit(1762110145.669:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 93.962734][ T28] audit: type=1326 audit(1762110145.699:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 94.033250][ T28] audit: type=1326 audit(1762110145.699:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 94.121992][ T28] audit: type=1326 audit(1762110145.699:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 94.182856][ T28] audit: type=1326 audit(1762110145.699:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 94.250629][ T28] audit: type=1326 audit(1762110145.699:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 94.339504][ T28] audit: type=1326 audit(1762110145.699:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 94.403857][ T28] audit: type=1326 audit(1762110145.699:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 94.455163][ T28] audit: type=1326 audit(1762110145.699:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 94.507489][ T28] audit: type=1326 audit(1762110145.699:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fb1ee38efc9 code=0x7ffc0000 [ 95.069943][ T6362] loop1: detected capacity change from 0 to 40427 [ 95.123334][ T6362] F2FS-fs (loop1): invalid crc value [ 95.172303][ T6362] F2FS-fs (loop1): Found nat_bits in checkpoint [ 95.354348][ T6362] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 95.550628][ T5786] syz-executor: attempt to access beyond end of device [ 95.550628][ T5786] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 95.575920][ T5786] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 96.515337][ T6424] loop2: detected capacity change from 0 to 2048 [ 96.564788][ T6424] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 96.611217][ T6426] loop1: detected capacity change from 0 to 16 [ 96.654823][ T6426] erofs: (device loop1): mounted with root inode @ nid 36. [ 96.919309][ T6431] netlink: 'syz.1.166': attribute type 1 has an invalid length. [ 96.940488][ T6431] netlink: 'syz.1.166': attribute type 6 has an invalid length. [ 96.957075][ T6431] netlink: 'syz.1.166': attribute type 3 has an invalid length. [ 98.669240][ T5777] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 98.867343][ T5777] usb 3-1: Using ep0 maxpacket: 32 [ 98.877268][ T5777] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 98.885396][ T5777] usb 3-1: config 0 has no interface number 0 [ 98.895198][ T5777] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 98.905687][ T5777] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.913743][ T5777] usb 3-1: Product: syz [ 98.918261][ T5777] usb 3-1: Manufacturer: syz [ 98.922884][ T5777] usb 3-1: SerialNumber: syz [ 98.930106][ T5777] usb 3-1: config 0 descriptor?? [ 98.938981][ T5777] smsc95xx v2.0.0 [ 99.138579][ T6477] capability: warning: `syz.0.187' uses deprecated v2 capabilities in a way that may be insecure [ 99.817372][ T787] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 100.002215][ T787] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 100.012138][ T787] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 100.021984][ T787] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 100.040868][ T787] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 100.050018][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.058227][ T787] usb 2-1: Product: syz [ 100.062448][ T787] usb 2-1: Manufacturer: syz [ 100.067083][ T787] usb 2-1: SerialNumber: syz [ 100.077995][ T787] hub 2-1:1.0: bad descriptor, ignoring hub [ 100.086336][ T787] hub: probe of 2-1:1.0 failed with error -5 [ 100.160217][ T5777] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 100.171968][ T5777] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 100.183463][ T5777] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 100.195526][ T5777] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 100.221552][ T5777] usb 3-1: USB disconnect, device number 2 [ 100.294238][ T787] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 100.764777][ T6483] usb 2-1: reset high-speed USB device number 3 using dummy_hcd [ 100.960968][ T6483] usb 2-1: device firmware changed [ 100.969526][ T5854] usb 2-1: USB disconnect, device number 3 [ 100.981520][ T5854] usblp0: removed [ 101.168963][ T5854] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 101.365356][ T5854] usb 2-1: unable to get BOS descriptor or descriptor too short [ 101.373304][ T5793] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 101.380986][ T5854] usb 2-1: no configurations [ 101.385578][ T5854] usb 2-1: can't read configurations, error -22 [ 101.567360][ T5793] usb 3-1: Using ep0 maxpacket: 8 [ 101.574007][ T5793] usb 3-1: config 0 has no interfaces? [ 101.583035][ T5793] usb 3-1: New USB device found, idVendor=6933, idProduct=5001, bcdDevice=45.02 [ 101.592280][ T5793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.600392][ T5793] usb 3-1: Product: syz [ 101.604778][ T5793] usb 3-1: Manufacturer: syz [ 101.609458][ T5793] usb 3-1: SerialNumber: syz [ 101.616127][ T5793] usb 3-1: config 0 descriptor?? [ 101.831084][ T5793] usb 3-1: USB disconnect, device number 3 [ 102.443680][ T6519] loop2: detected capacity change from 0 to 16 [ 102.452632][ T6519] erofs: (device loop2): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 127766) [ 102.907491][ T5777] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 103.099461][ T5777] usb 3-1: Using ep0 maxpacket: 32 [ 103.109976][ T5777] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 103.113740][ T6541] netlink: 68 bytes leftover after parsing attributes in process `syz.1.210'. [ 103.120581][ T5777] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.137013][ T5777] usb 3-1: Product: syz [ 103.146108][ T5777] usb 3-1: Manufacturer: syz [ 103.151545][ T5777] usb 3-1: SerialNumber: syz [ 103.164393][ T5777] usb 3-1: config 0 descriptor?? [ 103.171969][ T5777] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 103.262219][ T5854] IPVS: starting estimator thread 0... [ 103.346175][ T6546] loop1: detected capacity change from 0 to 4096 [ 103.359099][ T6544] IPVS: using max 20 ests per chain, 48000 per kthread [ 103.405725][ T6547] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 104.025001][ T6552] af_packet: tpacket_rcv: packet too big, clamped from 20 to 4294967272. macoff=96 [ 104.192639][ T6558] netlink: 83 bytes leftover after parsing attributes in process `syz.0.218'. [ 104.312192][ T6563] block device autoloading is deprecated and will be removed. [ 104.392163][ T5777] gspca_topro: reg_w err -71 [ 104.437203][ T5777] gspca_topro: Sensor soi763a [ 104.462611][ T5777] usb 3-1: USB disconnect, device number 4 [ 105.074035][ T6577] loop0: detected capacity change from 0 to 2048 [ 105.077800][ T6568] loop1: detected capacity change from 0 to 32768 [ 105.088509][ T6577] EXT4-fs: Ignoring removed bh option [ 105.133072][ T6568] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 105.236647][ T6577] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.311502][ T6568] XFS (loop1): Ending clean mount [ 105.321075][ T6577] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 105.349867][ T6577] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 1 with error 28 [ 105.349908][ T6568] XFS (loop1): Quotacheck needed: Please wait. [ 105.370325][ T6577] EXT4-fs (loop0): This should not happen!! Data will be lost [ 105.370325][ T6577] [ 105.388534][ T6577] EXT4-fs (loop0): Total free blocks count 0 [ 105.394797][ T6577] EXT4-fs (loop0): Free/Dirty block details [ 105.403213][ T6577] EXT4-fs (loop0): free_blocks=2415919104 [ 105.411021][ T6577] EXT4-fs (loop0): dirty_blocks=16 [ 105.429893][ T6577] EXT4-fs (loop0): Block reservation details [ 105.467003][ T6577] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 105.478512][ T6568] XFS (loop1): Quotacheck: Done. [ 105.592642][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 105.601132][ T6581] loop2: detected capacity change from 0 to 32768 [ 105.623690][ T6581] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.227 (6581) [ 105.625992][ T5786] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 105.665946][ T6581] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 105.679805][ T6581] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 105.689664][ T6581] BTRFS info (device loop2): metadata ratio 2 [ 105.695826][ T6581] BTRFS info (device loop2): allowing degraded mounts [ 105.738366][ T6581] BTRFS info (device loop2): force zlib compression, level 3 [ 105.746102][ T6581] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 105.802242][ T6581] BTRFS info (device loop2): use zstd compression, level 3 [ 105.842581][ T6594] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 105.845599][ T6581] BTRFS info (device loop2): force clearing of disk cache [ 105.886587][ T6581] BTRFS info (device loop2): max_inline at 0 [ 105.905245][ T6581] BTRFS info (device loop2): using free space tree [ 106.085234][ T6611] tipc: Started in network mode [ 106.091308][ T6611] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711 [ 106.104333][ T6611] tipc: Enabled bearer , priority 10 [ 106.116755][ T6581] BTRFS info (device loop2): enabling ssd optimizations [ 106.161243][ T6581] BTRFS info (device loop2): rebuilding free space tree [ 106.285082][ T6619] loop0: detected capacity change from 0 to 256 [ 106.328132][ T6619] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 106.379866][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 106.379880][ T28] audit: type=1800 audit(1762110158.139:29): pid=6581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.227" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 106.615340][ T5785] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 106.734789][ T6625] loop0: detected capacity change from 0 to 8192 [ 106.787658][ T6625] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 106.812600][ T6625] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 106.873989][ T6625] REISERFS (device loop0): using ordered data mode [ 106.898888][ T6625] reiserfs: using flush barriers [ 106.922617][ T6625] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 106.966047][ T6625] REISERFS (device loop0): checking transaction log (loop0) [ 107.206080][ T6625] REISERFS (device loop0): Using tea hash to sort names [ 107.219851][ T6621] loop1: detected capacity change from 0 to 32768 [ 107.221575][ T6625] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 107.238643][ T968] tipc: Node number set to 4269801491 [ 107.280215][ T6625] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 107.360762][ T6621] JBD2: Ignoring recovery information on journal [ 107.485593][ T6621] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 107.826241][ T6628] loop2: detected capacity change from 0 to 32768 [ 107.841806][ T5786] ocfs2: Unmounting device (7,1) on (node local) [ 107.910692][ T6628] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 108.084339][ T6638] loop0: detected capacity change from 0 to 128 [ 108.126828][ T6628] syz.2.235 (6628) used greatest stack depth: 20712 bytes left [ 108.147521][ T6638] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 108.226303][ T3528] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8) [ 108.253721][ T3528] FAT-fs (loop0): Filesystem has been set read-only [ 108.259674][ T6642] loop1: detected capacity change from 0 to 4096 [ 108.265704][ T3528] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522) [ 108.277956][ T6642] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 108.287960][ T5785] ocfs2: Unmounting device (7,2) on (node local) [ 108.354587][ T6638] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522) [ 108.384454][ T6638] FAT-fs (loop0): Filesystem has been set read-only [ 108.506629][ T6642] ntfs3: loop1: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ntfs3_write_inode failed, -22. [ 108.554603][ T6642] syz.1.239 (6642) used greatest stack depth: 19952 bytes left [ 108.616735][ T2921] ntfs3: loop1: ino=1e, ntfs3_write_inode failed, -22. [ 109.017482][ T5793] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 109.182641][ T6663] loop0: detected capacity change from 0 to 1024 [ 109.197437][ T5793] usb 2-1: Using ep0 maxpacket: 32 [ 109.198220][ T6663] EXT4-fs: Ignoring removed oldalloc option [ 109.211660][ T5793] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 109.216004][ T6663] EXT4-fs: Ignoring removed orlov option [ 109.223213][ T5793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.256066][ T6663] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.257472][ T5793] usb 2-1: config 0 descriptor?? [ 109.339718][ T6663] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.247: Allocating blocks 497-513 which overlap fs metadata [ 109.365774][ T6662] EXT4-fs (loop0): pa ffff8880798dde80: logic 64, phys. 321, len 12 [ 109.374826][ T6662] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 1 [ 109.421578][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.495335][ T5793] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 109.517146][ T5793] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 109.548990][ T5793] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 109.556672][ T5793] usb 2-1: media controller created [ 109.603014][ T5793] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 109.713970][ T5793] az6027: usb out operation failed. (-71) [ 109.742054][ T5793] az6027: usb out operation failed. (-71) [ 109.748310][ T5793] stb0899_attach: Driver disabled by Kconfig [ 109.754562][ T5793] az6027: no front-end attached [ 109.754562][ T5793] [ 109.768183][ T5793] az6027: usb out operation failed. (-71) [ 109.774481][ T5793] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 109.796485][ T5793] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7 [ 109.841447][ T5793] dvb-usb: schedule remote query interval to 400 msecs. [ 109.860199][ T5793] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 109.895639][ T5793] usb 2-1: USB disconnect, device number 6 [ 109.985900][ T5793] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 110.165392][ T6674] loop0: detected capacity change from 0 to 32768 [ 110.192468][ T6674] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 110.215108][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 110.294201][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 110.306141][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 110.316076][ T6684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.252'. [ 110.325868][ T6684] netlink: 'syz.1.252': attribute type 30 has an invalid length. [ 110.334308][ T6684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.252'. [ 110.349276][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 110.358096][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.366553][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.375145][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 110.444589][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 110.478717][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 110.492311][ T6674] XFS (loop0): Ending clean mount [ 110.539153][ T6686] loop1: detected capacity change from 0 to 256 [ 110.610607][ T6686] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 110.636186][ T5788] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 111.205306][ T6697] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 111.396739][ T6690] loop1: detected capacity change from 0 to 32768 [ 111.443673][ T6690] loop1: p1 p3 < > [ 111.761706][ T5900] udevd[5900]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 111.774380][ T5936] udevd[5936]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 111.825787][ T6708] loop0: detected capacity change from 0 to 40427 [ 111.840355][ T6708] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 111.857440][ T6708] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 111.883179][ T6708] F2FS-fs (loop0): invalid crc value [ 111.910528][ T6708] F2FS-fs (loop0): Found nat_bits in checkpoint [ 112.014842][ T6708] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 112.022423][ T6708] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 112.099453][ T6708] syz.0.260: attempt to access beyond end of device [ 112.099453][ T6708] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 112.115820][ T6708] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 112.124699][ T6708] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 112.375819][ T6722] netlink: 'syz.0.263': attribute type 21 has an invalid length. [ 112.384131][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'. [ 112.400874][ T6722] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.410311][ T6722] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.419153][ T6722] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.427958][ T6722] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.438490][ T6722] netlink: 'syz.0.263': attribute type 21 has an invalid length. [ 112.446250][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'. [ 133.223579][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.230152][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.664800][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.671624][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.057526][ T29] INFO: task kworker/0:0:8 blocked for more than 143 seconds. [ 249.065160][ T29] Not tainted syzkaller #0 [ 249.070315][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 249.079075][ T29] task:kworker/0:0 state:D stack:22184 pid:8 ppid:2 flags:0x00004000 [ 249.088373][ T29] Workqueue: events rfkill_op_handler [ 249.093782][ T29] Call Trace: [ 249.097048][ T29] [ 249.100062][ T29] __schedule+0x14d2/0x44d0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 249.104602][ T29] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 249.110753][ T29] ? preempt_schedule_common+0x82/0xc0 [ 249.116248][ T29] ? asan.module_dtor+0x20/0x20 [ 249.121536][ T29] ? preempt_schedule+0xab/0xc0 [ 249.126431][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 249.147243][ T29] schedule+0xbd/0x170 [ 249.151386][ T29] schedule_preempt_disabled+0x13/0x20 [ 249.156865][ T29] __mutex_lock+0x6b7/0xcc0 [ 249.165057][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 249.170129][ T29] ? nfc_rfkill_set_block+0x50/0x2e0 [ 249.175445][ T29] ? mutex_lock_nested+0x20/0x20 [ 249.193494][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 249.198883][ T29] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 249.204815][ T29] ? _raw_spin_unlock+0x40/0x40 [ 249.211804][ T29] ? kobject_uevent_env+0x363/0x8c0 [ 249.217036][ T29] ? nfc_unregister_device+0x2a0/0x2a0 [ 249.222730][ T29] nfc_rfkill_set_block+0x50/0x2e0 [ 249.228130][ T29] ? nfc_unregister_device+0x2a0/0x2a0 [ 249.233713][ T29] rfkill_set_block+0x1c6/0x420 [ 249.238708][ T29] rfkill_epo+0x79/0x180 [ 249.242965][ T29] ? process_scheduled_works+0x957/0x15b0 [ 249.248842][ T29] rfkill_op_handler+0x84/0x240 [ 249.253707][ T29] process_scheduled_works+0xa45/0x15b0 [ 249.259813][ T29] ? assign_work+0x400/0x400 [ 249.264420][ T29] ? assign_work+0x39e/0x400 [ 249.269088][ T29] worker_thread+0xa55/0xfc0 [ 249.273793][ T29] kthread+0x2fa/0x390 [ 249.277982][ T29] ? pr_cont_work+0x560/0x560 [ 249.282695][ T29] ? kthread_blkcg+0xd0/0xd0 [ 249.287346][ T29] ret_from_fork+0x48/0x80 [ 249.291780][ T29] ? kthread_blkcg+0xd0/0xd0 [ 249.296379][ T29] ret_from_fork_asm+0x11/0x20 [ 249.301395][ T29] [ 249.304526][ T29] INFO: task kworker/0:1:9 blocked for more than 143 seconds. [ 249.312095][ T29] Not tainted syzkaller #0 [ 249.317033][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 249.325826][ T29] task:kworker/0:1 state:D stack:23032 pid:9 ppid:2 flags:0x00004000 [ 249.335272][ T29] Workqueue: events rfkill_global_led_trigger_worker [ 249.342024][ T29] Call Trace: [ 249.345304][ T29] [ 249.348304][ T29] __schedule+0x14d2/0x44d0 [ 249.352833][ T29] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 249.358909][ T29] ? mark_lock+0x94/0x320 [ 249.363267][ T29] ? asan.module_dtor+0x20/0x20 [ 249.368406][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 249.373617][ T29] schedule+0xbd/0x170 [ 249.378055][ T29] schedule_preempt_disabled+0x13/0x20 [ 249.383534][ T29] __mutex_lock+0x6b7/0xcc0 [ 249.388135][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 249.392826][ T29] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 249.399111][ T29] ? mutex_lock_nested+0x20/0x20 [ 249.404057][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 249.410123][ T29] ? read_lock_is_recursive+0x20/0x20 [ 249.415513][ T29] ? process_scheduled_works+0x957/0x15b0 [ 249.421282][ T29] rfkill_global_led_trigger_worker+0x27/0xd0 [ 249.427408][ T29] ? process_scheduled_works+0x957/0x15b0 [ 249.433120][ T29] process_scheduled_works+0xa45/0x15b0 [ 249.438761][ T29] ? assign_work+0x400/0x400 [ 249.443387][ T29] ? assign_work+0x39e/0x400 [ 249.448079][ T29] worker_thread+0xa55/0xfc0 [ 249.452687][ T29] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 249.458644][ T29] kthread+0x2fa/0x390 [ 249.462720][ T29] ? pr_cont_work+0x560/0x560 [ 249.467568][ T29] ? kthread_blkcg+0xd0/0xd0 [ 249.472179][ T29] ret_from_fork+0x48/0x80 [ 249.476616][ T29] ? kthread_blkcg+0xd0/0xd0 [ 249.481289][ T29] ret_from_fork_asm+0x11/0x20 [ 249.486107][ T29] [ 249.490947][ T29] INFO: task syz.3.130:6239 blocked for more than 143 seconds. [ 249.498559][ T29] Not tainted syzkaller #0 [ 249.503490][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 249.512220][ T29] task:syz.3.130 state:D stack:27016 pid:6239 ppid:5787 flags:0x00004004 [ 249.521561][ T29] Call Trace: [ 249.524828][ T29] [ 249.527821][ T29] __schedule+0x14d2/0x44d0 [ 249.532342][ T29] ? __kernfs_remove+0x720/0x840 [ 249.537608][ T29] ? asan.module_dtor+0x20/0x20 [ 249.542522][ T29] ? __mutex_lock+0x6b2/0xcc0 [ 249.547675][ T29] ? __mutex_trylock_common+0x84/0x250 [ 249.553181][ T29] ? trace_raw_output_contention_end+0xd0/0xd0 [ 249.559411][ T29] schedule+0xbd/0x170 [ 249.563493][ T29] schedule_preempt_disabled+0x13/0x20 [ 249.569009][ T29] __mutex_lock+0x6b7/0xcc0 [ 249.573523][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 249.578418][ T29] ? rfkill_unregister+0xc8/0x220 [ 249.583454][ T29] ? mutex_lock_nested+0x20/0x20 [ 249.588457][ T29] ? kill_device+0x160/0x160 [ 249.593056][ T29] ? nfc_genl_device_removed+0x22e/0x320 [ 249.598751][ T29] ? destroy_workqueue+0x898/0xf20 [ 249.603883][ T29] ? nfc_genl_setup_device_added+0x320/0x320 [ 249.609941][ T29] ? destroy_workqueue+0xd80/0xf20 [ 249.615099][ T29] ? destroy_workqueue+0x898/0xf20 [ 249.620586][ T29] rfkill_unregister+0xc8/0x220 [ 249.625468][ T29] nfc_unregister_device+0x96/0x2a0 [ 249.630750][ T29] ? virtual_ncidev_open+0x1a0/0x1a0 [ 249.636068][ T29] virtual_ncidev_close+0x59/0x90 [ 249.641186][ T29] __fput+0x234/0x970 [ 249.645194][ T29] task_work_run+0x1ce/0x250 [ 249.649850][ T29] ? task_work_cancel+0x240/0x240 [ 249.654892][ T29] ? exit_to_user_mode_loop+0x3b/0x110 [ 249.660449][ T29] exit_to_user_mode_loop+0xe6/0x110 [ 249.665754][ T29] exit_to_user_mode_prepare+0xf6/0x180 [ 249.671373][ T29] syscall_exit_to_user_mode+0x1a/0x50 [ 249.676884][ T29] do_syscall_64+0x61/0xb0 [ 249.681358][ T29] ? clear_bhb_loop+0x40/0x90 [ 249.686044][ T29] ? clear_bhb_loop+0x40/0x90 [ 249.690885][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.696797][ T29] RIP: 0033:0x7fb1e9f8efc9 [ 249.701337][ T29] RSP: 002b:00007ffcb63410c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 249.709860][ T29] RAX: 0000000000000000 RBX: 00007fb1ea1e7da0 RCX: 00007fb1e9f8efc9 [ 249.717988][ T29] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 249.726129][ T29] RBP: 00007fb1ea1e7da0 R08: 000000000000ba0c R09: 00000006b63413bf [ 249.734205][ T29] R10: 00007fb1ea1e7cb0 R11: 0000000000000246 R12: 0000000000016119 [ 249.742313][ T29] R13: 00007fb1ea1e6090 R14: ffffffffffffffff R15: 00007ffcb63411e0 [ 249.750373][ T29] [ 249.753438][ T29] INFO: task syz-executor:6585 blocked for more than 144 seconds. [ 249.762616][ T29] Not tainted syzkaller #0 [ 249.767636][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 249.776445][ T29] task:syz-executor state:D stack:27912 pid:6585 ppid:1 flags:0x00004000 [ 249.785797][ T29] Call Trace: [ 249.789168][ T29] [ 249.792113][ T29] __schedule+0x14d2/0x44d0 [ 249.796640][ T29] ? asan.module_dtor+0x20/0x20 [ 249.801650][ T29] ? __mutex_lock+0x6b2/0xcc0 [ 249.806343][ T29] ? __mutex_trylock_common+0x84/0x250 [ 249.811955][ T29] ? trace_raw_output_contention_end+0xd0/0xd0 [ 249.818265][ T29] schedule+0xbd/0x170 [ 249.822354][ T29] schedule_preempt_disabled+0x13/0x20 [ 249.827879][ T29] __mutex_lock+0x6b7/0xcc0 [ 249.832426][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 249.837121][ T29] ? rfkill_register+0x37/0x8e0 [ 249.842033][ T29] ? mutex_lock_nested+0x20/0x20 [ 249.846995][ T29] ? device_initialize+0x24b/0x440 [ 249.852193][ T29] rfkill_register+0x37/0x8e0 [ 249.856885][ T29] hci_register_dev+0x3f5/0x890 [ 249.861916][ T29] vhci_create_device+0x38b/0x650 [ 249.867002][ T29] vhci_write+0x3b5/0x470 [ 249.871424][ T29] vfs_write+0x43b/0x940 [ 249.875687][ T29] ? file_end_write+0x250/0x250 [ 249.880631][ T29] ? __fdget_pos+0x1d8/0x330 [ 249.885247][ T29] ksys_write+0x147/0x250 [ 249.889650][ T29] ? __ia32_sys_read+0x90/0x90 [ 249.894452][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 249.899769][ T29] do_syscall_64+0x55/0xb0 [ 249.904201][ T29] ? clear_bhb_loop+0x40/0x90 [ 249.909038][ T29] ? clear_bhb_loop+0x40/0x90 [ 249.913733][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.919696][ T29] RIP: 0033:0x7f532b18da40 [ 249.924117][ T29] RSP: 002b:00007fff721212b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 249.932598][ T29] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f532b18da40 [ 249.940629][ T29] RDX: 0000000000000002 RSI: 00007fff721212ca RDI: 00000000000000ca [ 249.948710][ T29] RBP: 00007f532b3e67b8 R08: 0000000000000000 R09: 00007f532bf1d6c0 [ 249.956696][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 249.964736][ T29] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 249.972770][ T29] [ 249.976054][ T29] [ 249.976054][ T29] Showing all locks held in the system: [ 249.983836][ T29] 4 locks held by kworker/0:0/8: [ 249.988816][ T29] #0: ffff888017870938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 249.999840][ T29] #1: ffffc900000d7d00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 250.010902][ T29] #2: ffffffff8e297928 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x47/0x180 [ 250.020780][ T29] #3: ffff88805e55d100 (&dev->mutex){....}-{3:3}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 250.030740][ T29] 3 locks held by kworker/0:1/9: [ 250.035697][ T29] #0: ffff888017870938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 250.046752][ T29] #1: ffffc900000e7d00 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 250.060380][ T29] #2: ffffffff8e297928 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 250.071882][ T29] 1 lock held by khungtaskd/29: [ 250.076865][ T29] #0: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 250.086824][ T29] 2 locks held by getty/5550: [ 250.091543][ T29] #0: ffff88823bce40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 250.101370][ T29] #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380 [ 250.111543][ T29] 2 locks held by syz.3.130/6239: [ 250.116551][ T29] #0: ffff88805e55d100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x63/0x2a0 [ 250.126372][ T29] #1: ffffffff8e297928 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xc8/0x220 [ 250.136640][ T29] 2 locks held by syz-executor/6585: [ 250.142013][ T29] #0: ffff88805b3f2918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x650 [ 250.152122][ T29] #1: ffffffff8e297928 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x37/0x8e0 [ 250.162145][ T29] 3 locks held by syz.2.259/6701: [ 250.167210][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.175690][ T29] #1: ffff888024de8100 (&dev->mutex){....}-{3:3}, at: nfc_register_device+0xa1/0x320 [ 250.185344][ T29] #2: ffffffff8e297928 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x37/0x8e0 [ 250.195343][ T29] 1 lock held by syz.1.262/6712: [ 250.200362][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.208883][ T29] 1 lock held by syz.0.273/6748: [ 250.213821][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.222338][ T29] 1 lock held by syz-executor/6750: [ 250.227580][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.236066][ T29] 1 lock held by syz-executor/6752: [ 250.241418][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.249926][ T29] 1 lock held by syz-executor/6754: [ 250.255108][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.263804][ T29] 1 lock held by syz-executor/6756: [ 250.269222][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.277869][ T29] 1 lock held by syz-executor/6762: [ 250.283081][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.291610][ T29] 1 lock held by syz-executor/6764: [ 250.296848][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.305367][ T29] 1 lock held by syz-executor/6766: [ 250.310652][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.319192][ T29] 1 lock held by syz-executor/6768: [ 250.324387][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.332907][ T29] 1 lock held by syz-executor/6774: [ 250.338176][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.346657][ T29] 1 lock held by syz-executor/6776: [ 250.351991][ T29] #0: ffffffff8d4c2788 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 250.360528][ T29] [ 250.362851][ T29] ============================================= [ 250.362851][ T29] [ 250.371376][ T29] NMI backtrace for cpu 0 [ 250.375716][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 250.382897][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 250.392969][ T29] Call Trace: [ 250.396238][ T29] [ 250.399514][ T29] dump_stack_lvl+0x16c/0x230 [ 250.404178][ T29] ? preempt_count_add+0x91/0x1a0 [ 250.409192][ T29] ? show_regs_print_info+0x20/0x20 [ 250.414376][ T29] ? load_image+0x3b0/0x3b0 [ 250.418868][ T29] nmi_cpu_backtrace+0x39b/0x3d0 [ 250.423794][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 250.429941][ T29] ? _printk+0xd0/0x110 [ 250.434092][ T29] ? load_image+0x3b0/0x3b0 [ 250.438594][ T29] ? load_image+0x3b0/0x3b0 [ 250.443155][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 250.449262][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 250.455287][ T29] watchdog+0xf41/0xf80 [ 250.459452][ T29] ? watchdog+0x1e1/0xf80 [ 250.463853][ T29] kthread+0x2fa/0x390 [ 250.467940][ T29] ? hungtask_pm_notify+0x90/0x90 [ 250.472973][ T29] ? kthread_blkcg+0xd0/0xd0 [ 250.477565][ T29] ret_from_fork+0x48/0x80 [ 250.482002][ T29] ? kthread_blkcg+0xd0/0xd0 [ 250.486612][ T29] ret_from_fork_asm+0x11/0x20 [ 250.491395][ T29] [ 250.494781][ T29] Sending NMI from CPU 0 to CPUs 1: [ 250.500106][ C1] NMI backtrace for cpu 1 [ 250.500118][ C1] CPU: 1 PID: 73 Comm: kworker/u4:5 Not tainted syzkaller #0 [ 250.500132][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 250.500141][ C1] Workqueue: bat_events batadv_nc_worker [ 250.500166][ C1] RIP: 0010:mark_lock+0xe2/0x320 [ 250.500186][ C1] Code: 03 42 0f b6 04 28 84 c0 0f 85 06 02 00 00 83 3d 13 3f 83 15 00 74 36 45 31 ff 49 83 c7 60 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 ff e8 54 35 75 00 b8 01 00 00 00 45 85 27 74 50 48 83 [ 250.500197][ C1] RSP: 0018:ffffc900015d7920 EFLAGS: 00000046 [ 250.500209][ C1] RAX: 1ffffffff20ed108 RBX: ffff88801def1e00 RCX: ffffffff8167b534 [ 250.500219][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff90da85d8 [ 250.500228][ C1] RBP: 0000000000000006 R08: ffffffff90da85df R09: 1ffffffff21b50bb [ 250.500245][ C1] R10: dffffc0000000000 R11: fffffbfff21b50bc R12: 0000000000000040 [ 250.500254][ C1] R13: dffffc0000000000 R14: ffff88801def2908 R15: ffffffff90768840 [ 250.500264][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 250.500275][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 250.500285][ C1] CR2: 000056061a334f70 CR3: 000000000cb30000 CR4: 00000000003506e0 [ 250.500298][ C1] Call Trace: [ 250.500303][ C1] [ 250.500311][ C1] lockdep_hardirqs_on_prepare+0x369/0x760 [ 250.500329][ C1] ? lock_chain_count+0x20/0x20 [ 250.500345][ C1] ? rcu_is_watching+0x15/0xb0 [ 250.500362][ C1] ? batadv_nc_purge_paths+0x311/0x3a0 [ 250.500382][ C1] trace_hardirqs_on+0x28/0x40 [ 250.500401][ C1] __local_bh_enable_ip+0x12e/0x1c0 [ 250.500415][ C1] ? _local_bh_enable+0xa0/0xa0 [ 250.500429][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 250.500447][ C1] ? batadv_nc_purge_paths+0x311/0x3a0 [ 250.500470][ C1] ? batadv_nc_purge_paths+0x3a0/0x3a0 [ 250.500490][ C1] batadv_nc_purge_paths+0x311/0x3a0 [ 250.500522][ C1] batadv_nc_worker+0x328/0x610 [ 250.500542][ C1] ? process_scheduled_works+0x957/0x15b0 [ 250.500559][ C1] process_scheduled_works+0xa45/0x15b0 [ 250.500593][ C1] ? assign_work+0x400/0x400 [ 250.500614][ C1] ? assign_work+0x39e/0x400 [ 250.500637][ C1] worker_thread+0xa55/0xfc0 [ 250.500663][ C1] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 250.500679][ C1] ? _raw_spin_unlock+0x40/0x40 [ 250.500692][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 250.500714][ C1] kthread+0x2fa/0x390 [ 250.500726][ C1] ? pr_cont_work+0x560/0x560 [ 250.500742][ C1] ? kthread_blkcg+0xd0/0xd0 [ 250.500754][ C1] ret_from_fork+0x48/0x80 [ 250.500772][ C1] ? kthread_blkcg+0xd0/0xd0 [ 250.500785][ C1] ret_from_fork_asm+0x11/0x20 [ 250.500812][ C1] [ 250.501166][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 250.768451][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 250.775658][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 250.785740][ T29] Call Trace: [ 250.789202][ T29] [ 250.792133][ T29] dump_stack_lvl+0x16c/0x230 [ 250.796820][ T29] ? show_regs_print_info+0x20/0x20 [ 250.802014][ T29] ? load_image+0x3b0/0x3b0 [ 250.806519][ T29] panic+0x2c0/0x710 [ 250.810404][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 250.816037][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 250.820531][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 250.826107][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 250.832272][ T29] watchdog+0xf80/0xf80 [ 250.836424][ T29] ? watchdog+0x1e1/0xf80 [ 250.840747][ T29] kthread+0x2fa/0x390 [ 250.844809][ T29] ? hungtask_pm_notify+0x90/0x90 [ 250.849845][ T29] ? kthread_blkcg+0xd0/0xd0 [ 250.854460][ T29] ret_from_fork+0x48/0x80 [ 250.858888][ T29] ? kthread_blkcg+0xd0/0xd0 [ 250.863474][ T29] ret_from_fork_asm+0x11/0x20 [ 250.868243][ T29] [ 250.871504][ T29] Kernel Offset: disabled [ 250.875818][ T29] Rebooting in 86400 seconds..