last executing test programs: 11m45.137319457s ago: executing program 32 (id=96): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000100)=0xfefffff9, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000002c0)=[@timestamp, @sack_perm, @window={0x3, 0x9, 0x2}, @mss={0x2, 0x400}, @mss={0x2, 0xcb2}, @mss={0x2, 0x3}, @sack_perm, @sack_perm], 0x8) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) 9m54.279738249s ago: executing program 33 (id=752): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fdc000/0x18000)=nil, &(0x7f0000000340)=[@text32={0x20, 0x0}], 0x1, 0x30, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9m52.558760704s ago: executing program 34 (id=763): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f0000001380), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000880)="f2", &(0x7f0000000000)=""/10, 0x2}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 8m48.69229347s ago: executing program 35 (id=1178): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'lo\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x2070bd27, 0x25dfdbff, {0xa, 0x40, 0xc0, 0x0, r4}, [@IFA_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IFA_FLAGS={0x8, 0x8, 0x142}]}, 0x34}, 0x1, 0x0, 0x0, 0x2004c041}, 0x400c0c0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x8001, 0xd) 8m18.965362705s ago: executing program 36 (id=1365): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000300)={[{@delalloc}, {@mblk_io_submit}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@acl}, {@dioread_nolock}, {@data_err_ignore}, {@grpquota}, {@resuid}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x183042, 0x1e1) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0x8000c62) fallocate(r1, 0x20, 0x0, 0x8000) 7m21.22125264s ago: executing program 37 (id=1619): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) close(r0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000840)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x4, 0x4, 0x2, {0xa, 0x4e26, 0x8, @mcast2, 0x3}}}, 0x3a) ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f0000000140)) 6m30.874576072s ago: executing program 38 (id=2004): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)=0x3, 0x4) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}}) io_uring_enter(r0, 0x2c02, 0xb609, 0xc, 0x0, 0x0) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000012c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x9, &(0x7f0000001380)={0x0, 0x3938700}, 0x1, 0x20}) io_uring_enter(r0, 0x4866, 0x0, 0xb, 0x0, 0x0) 6m9.932998553s ago: executing program 39 (id=2100): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x20, 0x0, 0x4, {0x100, 0x28}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 3m42.636084211s ago: executing program 40 (id=3008): mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000340)={0x0, 0x1, 0x9ee, 0x7ac, 0x3, 0x8, 0x100, 0xfffffffffffffffc, 0x100fff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) 3m42.373173804s ago: executing program 41 (id=3010): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x0, 0x3}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x1, 0x3}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r0, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0) 3m19.830605354s ago: executing program 42 (id=3077): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000600)=0xdfc, 0x10) sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000440)="cebdd21fe03e57c108bd793965b579407c9962373117b122c45bf84c98a973ecb6b9ad663b6a07bdfb5c17a5a2cd48dc09da2f20c6ac72e6399874332704872ec2a432d22928522671038af0783ef04a2f8ef5bf4c1852cc25f1ab39b7c146d2cb25084504d5606202f9cd0b03dc17ed3d8964c92f494bcd7aa079dcdd22cd6701b6fa29649ba617e2b873818b2ad401d5aef13d5b0717df73f1bdda44cd11348950c5add667446dc94b9d29c5e0b3238c23b80ec9cfb83ed075fb6ec953272933770468e643005a235fbef87130152d3b6566d627f26edee7c271f5c614897964e6d1f3ac33c47658e4e44e891834dba9fef9b237b7ab464633d8bc17bcf72a8c7bb650f4f8fa8049b7dff02988e12cb21b4fffd713c3bb7c928ade3784813357b6", 0x122}, {&(0x7f0000000040)="dcf6c7a8594cbefed4f7b6af317a47ee47be6e2d4a61e5cc0a2a79081670698a39", 0x21}, {&(0x7f0000000580)="43b6624bcf70a4c826371a24e33c4d2bae5d7babbfb1ba2c6ecf970f9def87320ccb4fbbb31e12d8fd21d656ef864f17c24210eac6248dd40efb9b0ac8da179915840a5c9d2f213d47a7367669a3870626413286b92bd7b51f2b4f99eec1b6ff81751fb805f86ea434a7531f3c9878bdc2cadebaba4621", 0x77}, {&(0x7f0000000d40)="518d091c0e9f6c2c05550d880894aea3fd3718de3675e1f30ffff0ff511d8b6a90c94d442c509c6a01f65cad16374ea2e62749579d0000000000000000000000000000c691982d5010be49260288f8f9629ccc782d9acbdb9cba112648136045612cd4d67e00f5bb0e1ac16467a133dc1c16fb5f364f689e2cc053bd4230cfc69fc863967ffb3f2196c2b42fe3bfeea73ccd4e83d75afed8077204552c34fcf30b180b341707fa86712df21db64c1da4bec3dd8adec0e45f60fdc6fbd9417c6c7958ce970e54e96b81da444ccf90f7041e93f2fb061d2fe681fed67fc52841607461af044c7191", 0xe7}, {&(0x7f0000000740)="9f189b8d5e6ee068cce816de05698d4fe01cdb8e875eefe3db5e153722b1745423f726b35f80b980f8a7e6cab9983bc947924f6d30813d0899d80c2cb6a3cb80a16f14c194157b98c823780ea180f5f304f5694e0b90569c14c118c5896396f9c79d867b5026d66ae9eda462f1233702f941cf239ec1bfe8c9ca3c5faa4c0efa368def9717a2da7e0cde5146db635972858964020d656353a476e01071bc9367c8ab8ee6b5ff6cd25be88a2326b81df502c8b117250afb4a1b9f205eac48359e3c4323ff3e32f2be7c235dfb3613995f704263f6085512d9e267d49f43cb55255ecd5ddb42153df7b980f08cec8c0341a7c0b25c2215fbbb7c8fc128b9f0b6bc1bf061ffc5991d335691cd72902056876cba7dc2c619dd8eb75e387ed526407d774133fef0f6208bca52334a065c36f230170a8971287164653d2aaad9d2b4f2fd755c1cd890f6013943e8d4d80b915d5460", 0x152}, {&(0x7f0000000b40)="aa27de4a8cfe6fc7fd36ac634de0b7dce04f6ce3e3d452f1c75502b2cbb29fa999d2a372e83819556e792a18e17c128a1ee3a593fbac892cbb425705d6cdbb4a07ea786417aac814e03e5d80b297abe644830816977ccba1f493", 0x5a}], 0x6}}], 0x1, 0x8040) close_range(r0, 0xffffffffffffffff, 0x0) 3m16.456885791s ago: executing program 3 (id=3091): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @random="0000fc00", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x16, 0x7c, 0x0, @dev={0xac, 0x14, 0x14, 0x30}}}}}}, 0x0) 3m12.246606658s ago: executing program 3 (id=3100): r0 = epoll_create1(0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000340)={[0xfffffffffffffffd]}, 0x8, 0x800) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0xc0002000}) syz_mount_image$fuse(0x0, 0x0, 0x122206c, 0x0, 0x1, 0x0, 0x0) r3 = fcntl$dupfd(r2, 0x0, r0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)={0x20000001}) 3m11.841771298s ago: executing program 3 (id=3103): r0 = syz_create_resource$binfmt(&(0x7f0000000500)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x41, 0x1ff) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r1, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x800, 0x0) read$FUSE(r1, &(0x7f0000008340)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2041) syz_fuse_handle_req(r1, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb888defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c252074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63ddb2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede5f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0fdeed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d803be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4a96b47d4c8e3124f53bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589a05484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca365892a2b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b300", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000003140)={0x130, 0x0, 0x7, {0x0, 0xff, 0x0, '\x00', {0xfff, 0x1, 0x1, 0xdf, 0x0, r3, 0x1000, '\x00', 0x5, 0x1, 0x100b4e7, 0x2, {0x5, 0xfffffff9}, {0x7fff, 0x7f49}, {0xffffffffffffffff, 0x9}, {0x200000006, 0x5}, 0xed02, 0x4, 0x0, 0x9}}}}) write$FUSE_INIT(r1, &(0x7f0000000000)={0x50, 0x0, r2, {0x7, 0x29, 0x7c, 0xa0280, 0x1, 0x9, 0x1, 0x45, 0x0, 0x0, 0x4}}, 0x50) 3m11.476357106s ago: executing program 3 (id=3104): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18418, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) truncate(&(0x7f0000000100)='./file1\x00', 0x20fdfffffe) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) truncate(&(0x7f0000000080)='./file1\x00', 0x400000f003) 3m10.774562791s ago: executing program 3 (id=3107): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4) sendmsg$unix(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="3f1934cc8e", 0x5}], 0x1}, 0x4000000) sendmsg$inet(r1, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x20000800) recvmsg(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x2102) recvmsg(r0, &(0x7f0000000f40)={0x0, 0x0, 0x0}, 0x40010002) sendmsg$inet(r1, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x4) 3m9.631451697s ago: executing program 3 (id=3111): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff87}, &(0x7f0000000000)=0x40) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000000c0)=0xfe, 0x4) 3m9.115338593s ago: executing program 43 (id=3111): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff87}, &(0x7f0000000000)=0x40) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000000c0)=0xfe, 0x4) 2m58.652446538s ago: executing program 4 (id=3162): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000000000), 0xb97a, r2}, 0x38) 2m56.817236549s ago: executing program 4 (id=3165): r0 = gettid() timer_create(0x8, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0xffff, 0x5, r0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r1, 0x80) accept$netrom(r1, 0x0, 0x0) 2m55.614903217s ago: executing program 4 (id=3169): setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000200)={{}, {}, [], {}, [], {0x10, 0x1}}, 0x24, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000100)='./bus\x00', 0x20020, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@userxattr}]}) removexattr(&(0x7f00000002c0)='./file0/file1\x00', &(0x7f0000000300)=@known='system.posix_acl_access\x00') 2m53.872677873s ago: executing program 4 (id=3179): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000500)='./file0\x00', 0x2200810, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8, @ANYRESHEX, @ANYRESDEC, @ANYRES64], 0x5, 0x25d, &(0x7f0000000f40)="$eJzs2s9rnEUcB+Dvm6a0pqQbf9uCOOhBvbw0OXtokBTEBUEboQrSt+aNLnndDXmXwIrYnBQ89ezJs3j0IAjSo5dc/As86CmXHHsQX0k2adMY0WKzG/R5Ljsw82HmnZkd5jBbr9z6aGV5MpaLfkxkWUxcjo24k8VMTMS+jXj5xWs/PvvWtXden2+3F95M6cr81dm5lNL5535495Nvnr/dP/f2t+e/PxObM+9tbc/9svnU5oWt369+2KlTp07dXj8V6Uav1y9uVGVa6tQreUq3qrKoy9Tp1uXaffXLVW91dZCK7tL01OpaWdep6A7SSjlI/V7qrw1S8UHR6aY8z9P0VPBvLH59p2liuzl9PZqmeeSrOHc7pn+OVmSPpuzxy9mT17OnN7IL203TGvdQORbW///twKF+NqL6fH1xfXH4O6yfX45OVFHGpWjFb7GzTfYMy1deay9cSrtm4rPq5l7+5vriqd38F/v52WjFzNH52WE+3Z8/E1MH+5/77rF44s/5X0+1F+aOzJ+Nl144kM+jFT+9H72oYil2svf6/3Q2pVffaB/KX9xtBwDwX5Onu468v+X5X9UP8w9wPzx0v5qMi5Pj/XYi6sHHK0VVlWsjKezsqX/QuDeC8WR7E/D3jZ+ZGNn8jKfw5ckYxjEVhudY3F3vh9zFQ/0Tnd7bkPsH4zinbgyHESN3b9HHPRIAAAAAAAAAAAAexKFHf63jeHI47m8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOtj8CAAD//13bww4=") pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000ac0)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0xfff9, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0), 0x2004402, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) lstat(&(0x7f0000003080)='./file0\x00', 0x0) 2m53.238531475s ago: executing program 4 (id=3190): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0xffffffffffffffff}}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}]}}) newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x6000) 2m52.964791898s ago: executing program 4 (id=3183): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'veth0_vlan\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@private2, 0x0, r2}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000040)={@private2, r2}, 0x14) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x3e, 0x229, 0x0, 0xfffffffd, {0xa}}, 0x14}, 0x1, 0x6000000}, 0x0) 2m52.348385189s ago: executing program 44 (id=3183): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'veth0_vlan\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@private2, 0x0, r2}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000040)={@private2, r2}, 0x14) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x3e, 0x229, 0x0, 0xfffffffd, {0xa}}, 0x14}, 0x1, 0x6000000}, 0x0) 2m27.628610577s ago: executing program 0 (id=3290): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x2dc2d, &(0x7f0000000300)=ANY=[], 0x0) 2m27.506947093s ago: executing program 0 (id=3291): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x4000081, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x7, 0x0, 0x2, 0xffffffffffffffff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m26.997809588s ago: executing program 0 (id=3295): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40940, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x2) readv(r1, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/132, 0x84}], 0x1) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) 2m26.884054243s ago: executing program 6 (id=3297): syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') socket$kcm(0x2b, 0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x2, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 2m26.656779554s ago: executing program 0 (id=3298): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x800, &(0x7f0000000300)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d", @ANYRES32], 0xfd, 0xc2d, &(0x7f0000001100)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 2m26.479105283s ago: executing program 6 (id=3300): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000240)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000140)="0f30c402fd3eecae660f38800a66b80c010f00d0662e3646d87213460f09b98c0900000f32b8010000000f01c12e644c0fc72f", 0x33}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0xa, 0x46, 0x8000000000002000, 0x2d6c00000000000, 0x101, 0x7fffffffffffffff, 0xb3, 0x3, 0xb1d, 0x4000000000000008, 0x2000ffffffffff, 0x81, 0x3d9, 0x8, 0xe5, 0x9], 0x1000, 0x383fc2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m26.128599831s ago: executing program 6 (id=3303): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r1, 0x540a, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) write(r1, &(0x7f0000000480)="0e", 0x1) write(r1, 0x0, 0x0) 2m26.095520642s ago: executing program 0 (id=3304): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000ff4000/0x9000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) dup3(r0, r1, 0x0) 2m24.10877569s ago: executing program 0 (id=3309): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f0000000ac0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x14, 0x30, 0x9}, 0x14}}, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000240)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) fstat(r0, &(0x7f0000000340)) 2m23.454314652s ago: executing program 45 (id=3309): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f0000000ac0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x14, 0x30, 0x9}, 0x14}}, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000240)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) fstat(r0, &(0x7f0000000340)) 2m23.423553264s ago: executing program 6 (id=3313): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x800, &(0x7f0000000300)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d", @ANYRES32], 0xfd, 0xc2d, &(0x7f0000001100)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 2m22.924743748s ago: executing program 6 (id=3314): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000180)=0x101, 0x4) recvmmsg(r0, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x45833af92e4b38ff, 0x0) 2m20.955577125s ago: executing program 6 (id=3319): syz_usbip_server_init(0x3) syz_usbip_server_init(0x1) syz_usbip_server_init(0x2) syz_usbip_server_init(0x1) syz_usbip_server_init(0x1) syz_usbip_server_init(0x7) syz_usbip_server_init(0x0) syz_usbip_server_init(0x4) 2m20.45652106s ago: executing program 46 (id=3319): syz_usbip_server_init(0x3) syz_usbip_server_init(0x1) syz_usbip_server_init(0x2) syz_usbip_server_init(0x1) syz_usbip_server_init(0x1) syz_usbip_server_init(0x7) syz_usbip_server_init(0x0) syz_usbip_server_init(0x4) 1m47.435879007s ago: executing program 8 (id=3457): sendmmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000200)='\f', 0x1}], 0x1}}], 0x1, 0x4000800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r2, &(0x7f00000007c0)=[{{&(0x7f00000002c0)={0x2, 0x4e22, @local}, 0xffe3, 0x0}}], 0x400005c, 0x2400c8a0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) splice(r1, 0x0, r4, 0x0, 0x38f9, 0x0) splice(r3, 0x0, r2, 0x0, 0x7fffffffffffffff, 0x0) write(r0, &(0x7f0000000040), 0xffffff4a) 1m46.376121079s ago: executing program 8 (id=3462): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) r0 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) close(r0) r1 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f00000000c0)=0x27b2, 0x4) sendmmsg(r1, &(0x7f0000000bc0)=[{{&(0x7f0000000400)=@qipcrtr={0x2a, 0x1, 0x4001}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000040)="d479183d7d98d181a4b5f3e38100", 0xe}], 0x1}}], 0x1, 0x24044015) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x10044, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 1m46.120981492s ago: executing program 8 (id=3463): r0 = socket(0x200000000000011, 0x2, 0xd) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f0000000040)={0x11, 0x4, r4}, 0x14) syz_emit_ethernet(0x16, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaff00000000000000"], 0x0) 1m45.683362723s ago: executing program 8 (id=3467): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, 0x0, 0x0, 0x8b7848, 0x0) mount$bpf(0x200000000000, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x8b7848, 0x0) 1m45.385003688s ago: executing program 8 (id=3470): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg$sock(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)='j}', 0x2}], 0x1}}], 0x1, 0x40) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/203, 0xcb}, {0x0}], 0x2}, 0xffffffff}], 0x1, 0x0, 0x0) 1m44.959687489s ago: executing program 8 (id=3473): pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r2 = memfd_create(&(0x7f0000000380)='D\xa3\xd5Wj\x00\x00x0\xc1\xac*\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9\xd0\xc0\xa9\b\x98\xfc:\x1b\xc4\x80!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x00\x02\xdf\b~\xd5)\xa4\x80\xad\x97\'\x1b\xfd}\x96&\xd2\x0eGp\x8e\x1a\x19o\xf1\x14\xe2]J\xf2\xb5h\x9bt*\xd2\xfbT\x01ci\x87\x18\xc9\x13=\x1b\xadl;}\x9d\xbe\x9a\xee\x1a\xfc\x96 \x93\x12@\x19|f\x98\xdc,\x82SlA\x19\xcb\xfe\xccSKO}\xb2U\xd6\xc5\xa7=\xf8s\x1dp\xe0\x14\xe5\x92\xfd)\bB\xcd\xc2\xb6\x85$%nV\xd3*\x00`OE\x8e\xf0\xf9\xd2!KZ%\xad\xa1\x92b\x1e%\x9f!\xd8mV$\x1d?\xc2\f\xcc\xc5x\x9fJ#\xce\x90\xc5\x82\xfb\x97\xd2\xb7\xb5\xed\xb5\'J\xfc\xf4Z.\rS\x88\f\xd0zK\xc7\x81\xbe\xd5\xc2\xce\x89\xbc\x1e\xb78\xf6Z\xd5\x1b\xf1\x9bMD\f\xf6\xc5V\xe1\x12j\xdfW\x87\xf09\n\x1e\x1b\f\xe5p\xab\x9e\xe5}\x96\x9b\xea\x86\x0f\xca\xcf\x16\x96\x0e6\x8d\x11\xd2&\"eKKV\x8b?]<\xa7]\x93\xad\x1d\xfe\x13\xee\xca\xdc\x97\xa9\a\b\xac\xdd\xa0\xfe\x97\xa1?\xa2F\xae\xb7f\x85\xda', 0x0) write(r2, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) r3 = dup3(r1, r0, 0x0) fchdir(r3) creat(&(0x7f0000000040)='./bus\x00', 0x0) 1m44.304445882s ago: executing program 47 (id=3473): pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r2 = memfd_create(&(0x7f0000000380)='D\xa3\xd5Wj\x00\x00x0\xc1\xac*\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9\xd0\xc0\xa9\b\x98\xfc:\x1b\xc4\x80!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x00\x02\xdf\b~\xd5)\xa4\x80\xad\x97\'\x1b\xfd}\x96&\xd2\x0eGp\x8e\x1a\x19o\xf1\x14\xe2]J\xf2\xb5h\x9bt*\xd2\xfbT\x01ci\x87\x18\xc9\x13=\x1b\xadl;}\x9d\xbe\x9a\xee\x1a\xfc\x96 \x93\x12@\x19|f\x98\xdc,\x82SlA\x19\xcb\xfe\xccSKO}\xb2U\xd6\xc5\xa7=\xf8s\x1dp\xe0\x14\xe5\x92\xfd)\bB\xcd\xc2\xb6\x85$%nV\xd3*\x00`OE\x8e\xf0\xf9\xd2!KZ%\xad\xa1\x92b\x1e%\x9f!\xd8mV$\x1d?\xc2\f\xcc\xc5x\x9fJ#\xce\x90\xc5\x82\xfb\x97\xd2\xb7\xb5\xed\xb5\'J\xfc\xf4Z.\rS\x88\f\xd0zK\xc7\x81\xbe\xd5\xc2\xce\x89\xbc\x1e\xb78\xf6Z\xd5\x1b\xf1\x9bMD\f\xf6\xc5V\xe1\x12j\xdfW\x87\xf09\n\x1e\x1b\f\xe5p\xab\x9e\xe5}\x96\x9b\xea\x86\x0f\xca\xcf\x16\x96\x0e6\x8d\x11\xd2&\"eKKV\x8b?]<\xa7]\x93\xad\x1d\xfe\x13\xee\xca\xdc\x97\xa9\a\b\xac\xdd\xa0\xfe\x97\xa1?\xa2F\xae\xb7f\x85\xda', 0x0) write(r2, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) r3 = dup3(r1, r0, 0x0) fchdir(r3) creat(&(0x7f0000000040)='./bus\x00', 0x0) 1m25.198265553s ago: executing program 5 (id=3558): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000001480)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x120a1620, 0x0, 0x2000, 0x25d, 0x0, 0x0, 0x0, 0x80, 0x806}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x103081, 0x34) ioctl$OCFS2_IOC_UNRESVSP(r2, 0x40305829, &(0x7f0000000000)={0x1, 0x0, 0x4, 0x3, 0x9, 0x8000}) umount2(&(0x7f0000000000)='./file0\x00', 0x9) 1m24.188679102s ago: executing program 5 (id=3559): bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000001ff0), 0x10) write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x48) splice(r0, 0x0, r2, 0x0, 0x3000, 0x100000000000000d) socketpair$unix(0x1, 0x2, 0x0, 0x0) 1m23.982394262s ago: executing program 5 (id=3560): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) readv(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000100)=""/62, 0x3e}], 0x2) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) keyctl$setperm(0x5, 0x0, 0x21081c22) keyctl$unlink(0x9, 0x0, 0x0) 1m23.642070109s ago: executing program 5 (id=3562): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141042, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) io_setup(0x5, &(0x7f0000000140)=0x0) r2 = eventfd2(0x0, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x10044, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) io_submit(r1, 0x1, &(0x7f0000000280)=[&(0x7f0000000300)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}]) shutdown(r0, 0x1) 1m22.539621653s ago: executing program 5 (id=3572): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101) mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x10, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount$afs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f00000002c0), 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000240)='./file0\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 1m22.301503635s ago: executing program 5 (id=3575): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x50) close(0x3) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0xfffffffc}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r1, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2, r0}, 0xc) 1m7.212717259s ago: executing program 48 (id=3575): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x50) close(0x3) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0xfffffffc}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r1, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2, r0}, 0xc) 6.656051272s ago: executing program 7 (id=3936): pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r3) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r4, @ANYBLOB="01000000000000000000010000000800050001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542080005000000000090000880"], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x105, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x14) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x200000000622c, 0x0) 5.646097992s ago: executing program 7 (id=3940): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x100809, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180) chdir(&(0x7f0000000140)='./file0/file0\x00') setpgid(r0, r0) setpgid(0x0, r0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) 5.375339015s ago: executing program 1 (id=3942): timer_create(0x7, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 5.28033574s ago: executing program 7 (id=3943): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x80000000, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x200448c0, 0xfffffffffffffffe, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x1144280, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x9, 0x5}, 0x28) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 4.758122946s ago: executing program 1 (id=3944): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$kcm(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x21, &(0x7f0000000000)=0xfffffffe, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000480)=0x17fe, 0x4) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4c, 0xf3, 0x8, [0x0, 0x0, 0x0, 0xc, 0x5, 0x0, 0x0, 0x40000002]}}) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600073582c137153e37080c18800dac0f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0x8100000}, 0x0) 3.794787653s ago: executing program 1 (id=3947): bpf$MAP_CREATE(0x0, 0x0, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f00000005c0), r3) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r4, @ANYBLOB="01000000000000000000010000000800050001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5420800050000000000900008808c"], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x240004c0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x200000000622c, 0x0) 2.718287127s ago: executing program 9 (id=3955): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x2, 0x0) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000340)='.\x00', 0xa50003d1) readv(r2, &(0x7f0000000140)=[{&(0x7f0000000040)=""/182, 0xb6}], 0x1) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 2.694288978s ago: executing program 1 (id=3956): socket$vsock_stream(0x28, 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x10000}, 0x28) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000b80000/0x3000)=nil, 0x0}, 0x68) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000140)=0x6, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f280, 0x0, 0x399}) io_uring_enter(r0, 0x8ae, 0xfbb9, 0x1f, 0x0, 0x0) 2.686328958s ago: executing program 7 (id=3957): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4682}, 0x1c) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002440)=@newlink={0x48, 0x10, 0x437, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, 0x51b0b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @mcast2}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010) sendto$packet(r0, &(0x7f0000000000)='o', 0x1, 0x4, &(0x7f0000000180)={0x11, 0x8100, r3, 0x1, 0xe9, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) 2.535498555s ago: executing program 2 (id=3958): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1810714, &(0x7f0000000080)={[{@test_dummy_encryption}, {@init_itable_val}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@nojournal_checksum}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0xa18}}, {@errors_remount}, {@lazytime}, {@test_dummy_encryption}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0xdf, 0x475, &(0x7f0000000780)="$eJzs289vFFUcAPDvTLeAgGxFREGQKpo0/mhpQeVgYjSaeNDERA94rG0hyEINrYmQRqsxeDQk3o1HE/8CT56MejLxikcTQ0KUmIheXDO7M6VddssubNna/XySoe/NvHk/dubNvn2PCaBvDWf/JBHbI+JSRJTr0ZUJhut/rl1dmPr76sJUEtXqG78ntXR/XV2YquaK87bleY6kEeknSV5IDC7Pdu7c+VOTlcrM2Tw+Nn/63bG5c+efOnl68sTMiZkzE0ePHjk8/uwzE083qfWvFztq5ED+d+8Hs/v2vPLWxdemjl18+4evs/ru3l8/lLWjozzbMJw1/I/6Z9N47LFuF9Zj/1avtzMp9bo2tCvrGqW8c16KcgzE9YtXjpc/7mnlgDWVPbM3tz68WAU2sCR6XQOgN4ov+uz3b7HdoaHHunDlhfoPoKzd1/KtfqQUaZ5mcA3LH46IY4v/fJFt0TAPUW0ybwAAcLu+zcY/TzYb/6Wxe1m6Hfna0FBE3BMROyPi3ojYFRH3RdTS3h8RD3RY/nBD/MbxZ3r5lhrWpmz891y+trVy/FeM/mJoII/dXWv/YHL8ZGXmUP6ZjMTg5iw+3izzIouXfv6sVfnLx3/ZlpVfjAXzTC6X6hN0W4o905Pzk90alF75KGJvqVn7k6WVgCQi9kTE3s6y3lEETj7+1b5WiW7e/lV0YZ2p+mWRycJiNLS/kKy+Pjm2JSozh8aKu+JGP/504fVW5d9W+7sgu/5bV97/DSnKfybL12vnlg48324ZF375tOVvylL79/+S7P7flLxZW7PelO97f3J+/ux4xKbk1Vp8xf6J6+cW8SJ91v6Rg837/878nKz9D0ZEdhPvj4iHIuJAfu0ejohHIuLgKu3//sVH32l1bD1c/+mmz7+l+39o5fXvPDBw6rtvWpXf3vPvSC00ku+pPf9uonV1isdotufY3K1+bgAAAPB/kkbE9kjS0aVwmo6O1v8P/67YmlZm5+afOD773pnp+jsCQzGYFjNd5WXzoePJYp5jPT6RzxUXxw/n88afD9xVi49OzVame9x26HfbWvT/zG8Dva4dsOa8rwX9q7H/pz2qB3Dn+f6H/qX/Q/+6of97IEDfaNbdP2yIWwuAjaha7vgUE4SwYRjuQ//S/6F/6f/Ql27nvf61CpRWeXtfoMeBrRFRC0S6LuqzbgIH1lFvKnWhd/f4wQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAl/wUAAP//xgL2dQ==") sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000100)={0x20, 0x0, 0x1, 0x70bd25, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x20}}, 0x24000044) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000100), 0x1, 0x2b, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 2.306493467s ago: executing program 1 (id=3959): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close_range(r0, 0xffffffffffffffff, 0x200000000000000) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000a40)=ANY=[@ANYRES64=0x0], 0x1, 0x550f, &(0x7f000000cf00)="$eJzs3E1vG1UXAODjpGn69faNEAt2HalCSqTaivNRwS5AKz5EqqjAghU4tmO5tT1R7DghKxYsEQv+CQKJFUt+AwvW7BALEDskkGcm0FAQlXBskj6PND5zr6/PnGtVlc5M5ACeWgvJzz+W4npcjojZiLgWkZ2XiiOzkYfnIuJGRMw8cpSK+d8nLkbElYi4Pkqe5ywVb316a3hz/Yc3fvrqm/kLVz/78tvp7RqYtucjorubnx9085i28vigmK8N21nsrg2LmL/RfViM0zweNLezDAe143W1LK628vXp7n5/FHc6tfootto72fxuL79gf9g6zpN94EFtLxs3mttZbPfTLLaO8roOj/L/2476gzxPo8j3QZY+BoPjmM83D5v5fnYfZrHeGxTzed600TwcxWERi8tFPe00sjq2/803/d/2Zru3f5gMm3v9dtpL1ivVFyrV2+XqXtpoDppr5Vq3cXstWWx1RsvKg2atu9FK01anWamn3aVksVWvl6vVZPFOc7td6yXVamW1slxeXyrObiWv3nsn6TSSxVF8ud3bH7Q7/WQn3UvyTywlK5XVF5eSm9Xkrc2tZOv+3bubW2+/d+fdey9tvv5KseixspLFleWVlXJ1ubxSXXp8T/Pndf8fFUX/w/5hYkrTLgDg7NH/A9Nwev3/3v2I0+//Q/8/Fmeq/33C/t/+YUL0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT63v5j5/LTtZyMdXi/n/FVPPFONSRMxExK9/YTYunsg5W+SZ+5v1c3+q4etSZBlG15gvjisRsVEcv/z/tL8FAAAAOL+++PDGJ3m3nr8sTLsgJim/aTNz7f0x5StFxNzC92PKNjN6eXZMybJ/3xficEzZshtYl8aUbD675XZhTNmezOyJcOmRUMrDzETLAQAAJuJkJzDZLgQAAIBJ+njaBTAdpTh+lHn8LDj7y/s/HghePjECAAAAzqDStAsAAAAATl3W//v9PwAAADjf8t//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnbnKWBuI4AP9b3r7gVyTGvVdxB8fwCC5dGg7gJTiAC7yCF+AMuPMIBgydEUG6MOm0jeZ5kjJMW37MELqYmWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgSN+a3frLxzef+uYcT/2U6Q0AAADQ5dDs1u2bZao/y+df5FOvcr2KiDoiusbus3i8yZzlnOb3/Z+v72/+aMPXiDbh/B3zfDyNiLf5+PFy6F8BAAAA/l/7zXaVRuvpZTl1gxhTmrSpn78rlFdFRLP8XiitPue9LhTW/r8f4kOhtHYCa1EoLE25PZRK+yvt436ZtVtcFVUq6s6PXRpZrO8AAMCIZjfFuKMQAAAAxvR+6gYwjSp+LWVelgLnqcjLe09uagAAAMA/qJq6AQAAAMDg2vH/SPv/nez/BwAAANNI+/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwpEOzW+8321XfnOPp3mO+1nHpTv+eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2Z93FAiBMAiDves7k7n/YaVBY0OTKhA+/sZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBif15SIASCIArmjP+d9P0PKwl6BhEioOFRRS0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBi535e46jiAIB/Z2Zna6pijJJDRBQ86MWm29ram3hQggf/BCGk2xq79Uebgy1FzMWb5NyL6FFEUOKt/0PPLfRSbz3soYJnZWZnstM24PprZpt8PvDmfXcY5n3fBEK+814WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnsaZ8VhcRKn1blb969tFP3th/rCjZ07K0Ur4qTNpB8PLzY/JMvdJQIAAMDhkdX1fUTczXfXij5dLOv/vL6mqPm/fXoS1/X8w3V/3de1f9F++fne83sDLU7GKW56bnM0PP5oKr3/b5bz7Zm/vKJXPvny3UsWC5FG+t72c+O8fJ7J1zdvvtMvwyNtZAsA/BPH6r4K6r+Hin7QZWIAHBq9RuFd1//ZYrc5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALRhvB1P1nESESu9aVy4ff/axn79jZ07K3U7ff36Tnw5vWdxizwizm2Ohsdbnc18u3zl6oX10Wh4qf3gpYjoavS3qulf+GCGiyM6eT6C/yhIqx/2vOTzeAQd/lICAOBAyqtW1PV389214lyyFPHHdw/W/6824pix/r/34elbzbGa9f+gtRnOv9Wti5+uXr5y9fXNi+vnh+eHH79xYvDm4OSZU6fOrJbvSla9MQEAAODf6VetWf+nS4+u/x9txDFj/f/ZN4MvmmNl6v99TRf9us4EAADgcHv25d9/S/Y5n/T78fn61talweS49/nE5NhBqn/bkao16/9sqeusAAAAgDaMt5MH1v/PNuKYcf3/qe9f+LF5zywiFqr1/2Mbn4zOtjedudbGvxN3PUcAAAC6tVC15vp/Xu7/T/e2PKQR8dork7j6GsCZ6v/s3a9+aI7V3P9/sr0pzqV0efI8yn45orfcdUYAAAAcZE9UrSj2f8131z766ej7ffv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANr2ZwAAAP//uCM2tw==") r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f00000003c0)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) fdatasync(r2) 2.176928543s ago: executing program 2 (id=3960): bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000036000000180100006420002500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(r0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={0x0}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000900)=@sack_info={r3, 0xfffffff8, 0xb}, &(0x7f0000000940)=0xc) 1.969481793s ago: executing program 2 (id=3961): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000001200)=0x81, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setreuid(0xffffffffffffffff, 0xee01) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x25) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x7}]}, 0x10) recvfrom$inet(r0, 0x0, 0x0, 0x720, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000040), 0x4) 1.748080024s ago: executing program 9 (id=3962): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) 1.6225144s ago: executing program 9 (id=3963): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) read(r0, &(0x7f00000002c0)=""/153, 0x99) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0xd0fb8000) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f00000006c0)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1}) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0) 1.335937105s ago: executing program 9 (id=3964): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000100)=0xc) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7, r1}) r3 = socket(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4) ioctl(r3, 0x8916, &(0x7f0000000000)) ioctl(r3, 0x8936, &(0x7f0000000000)) 1.161508823s ago: executing program 9 (id=3965): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8541, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xe, 0x0, &(0x7f00000000c0)="279a004c6588d5d6dc03d5cc2a00", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 919.300855ms ago: executing program 7 (id=3966): sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x4000054) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) syz_init_net_socket$rose(0xb, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x2000c154}, 0x4004815) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000009b80)=@newchain={0x24, 0x64, 0x300, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xf}, {0xa, 0x1ffe4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x600, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000004001a80180002"], 0x44}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 918.365565ms ago: executing program 2 (id=3967): mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) r0 = userfaultfd(0x80801) close(0x3) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f00000001c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x15) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}}) 620.22138ms ago: executing program 2 (id=3968): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f00000000c0)=0x1, 0x4) recvmmsg(r0, &(0x7f0000003dc0)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000140, 0x0) syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r1, 0xfff8, 0xa93d, 0x3) newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x400) creat(&(0x7f0000000000)='./file1\x00', 0x100) 511.653805ms ago: executing program 9 (id=3969): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "6947accc5a9d91a8", "698d7e4ff1fc054344b881598e00", "5483b130", "e11700"}, 0x28) sendto$inet6(r0, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000), 0x560c89bb) write$binfmt_aout(r0, 0x0, 0xfdef) 147.485193ms ago: executing program 1 (id=3970): bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x10, 0x4, 0x8, 0x1}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r4, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfef3, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x64, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x100004, "628e0960f6d6d3f6ee6d6b84b345dccac643e7df3e526ff07833b291322d4a74", "882ed6741e7632daeaec0c95f2ad1cd6", {"8fb3d9fd3efe8e4ea8b5ec7448ddd6a3", "215990e1b896120966af96b22cf049f0"}}}}}}}}, 0x0) 108.299005ms ago: executing program 7 (id=3971): r0 = syz_io_uring_setup(0x10e6, &(0x7f0000000b40)={0x0, 0xbdee, 0x10, 0x400001, 0x1ef}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0xfffffffd, 0x0, 0x1000}) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x414}, 0x1}) io_uring_enter(r0, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39) 0s ago: executing program 2 (id=3972): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x42, &(0x7f00000001c0)={r3, r4/1000+10000}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1, 0x0, 0x52}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): dv_slave_0 (retrying later): interface not active [ 589.911334][T16645] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 589.922309][T16645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.961510][T16645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 590.089043][T16637] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 590.127088][T16637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 590.238338][T16637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 590.331734][T16645] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 590.352492][T16645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 590.439530][T16645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 590.443061][T16722] loop3: detected capacity change from 0 to 262144 [ 590.461990][T16722] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 scanned by syz.3.3027 (16722) [ 590.501134][T16722] BTRFS info (device loop3): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 590.511685][T16722] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 590.521369][T16722] BTRFS info (device loop3): using free space tree [ 590.623858][T16722] BTRFS info (device loop3): enabling ssd optimizations [ 590.631041][T16722] BTRFS info (device loop3): auto enabling async discard [ 590.667166][T16637] hsr_slave_0: entered promiscuous mode [ 590.676193][T16637] hsr_slave_1: entered promiscuous mode [ 590.738440][T16645] hsr_slave_0: entered promiscuous mode [ 590.744283][ T5774] Bluetooth: hci0: command tx timeout [ 590.768402][T16645] hsr_slave_1: entered promiscuous mode [ 590.785079][T16645] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 590.792934][T16645] Cannot create hsr debugfs directory [ 590.817246][ T28] audit: type=1800 audit(1774077318.495:1335): pid=16722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3027" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 591.065697][ T5774] Bluetooth: hci3: command tx timeout [ 591.327783][T13293] BTRFS info (device loop3): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 591.990021][T16774] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3033'. [ 595.056517][T16645] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 595.082272][T16645] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 595.110925][T16645] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 595.154532][T16645] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 595.385977][T16637] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 595.415370][T16637] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 595.457487][T16637] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 595.530379][T16637] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 595.640649][T16645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 595.715534][T16645] 8021q: adding VLAN 0 to HW filter on device team0 [ 595.741105][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.748360][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 595.833715][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.840988][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 595.965001][T16637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 596.022667][T16637] 8021q: adding VLAN 0 to HW filter on device team0 [ 596.070362][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.077681][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 596.107134][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.114391][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 596.210550][T16863] loop7: detected capacity change from 0 to 16384 [ 596.264945][ T1086] wlan1: Trigger new scan to find an IBSS to join [ 596.266978][T16637] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 596.504437][T16867] loop7: detected capacity change from 16384 to 16383 [ 596.781002][T16645] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 596.981086][T16637] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 597.733150][T16645] veth0_vlan: entered promiscuous mode [ 597.783129][T16645] veth1_vlan: entered promiscuous mode [ 597.883320][T16645] veth0_macvtap: entered promiscuous mode [ 597.946599][T16645] veth1_macvtap: entered promiscuous mode [ 597.966869][T16637] veth0_vlan: entered promiscuous mode [ 598.019804][T16637] veth1_vlan: entered promiscuous mode [ 598.041737][T16645] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 598.076150][T16645] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 598.099283][T16645] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.125680][T16645] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.136137][T16645] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.145845][T16645] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.278642][T16637] veth0_macvtap: entered promiscuous mode [ 598.363628][T16637] veth1_macvtap: entered promiscuous mode [ 598.454233][ T7782] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 598.462487][ T7782] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.501565][T16637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 598.524083][T16637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.542688][T16637] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 598.621568][T16637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 598.636978][T16637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.641145][T16915] loop7: detected capacity change from 0 to 512 [ 598.660861][T16915] EXT4-fs: Ignoring removed bh option [ 598.661508][T16637] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 598.686641][T16915] EXT4-fs: Ignoring removed mblk_io_submit option [ 598.693319][T16915] EXT4-fs: Ignoring removed bh option [ 598.720374][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 598.730875][T16637] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.740475][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.748733][T16637] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.758644][T16637] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.761138][T16915] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 598.768553][T16637] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.900360][T16915] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 598.913553][T16915] ext4 filesystem being mounted at /451/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 599.276600][ T7782] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 599.314863][ T7782] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.451535][ T5784] udevd[5784]: incorrect ext4 checksum on /dev/loop7 [ 599.466787][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 599.492871][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.500932][T16915] EXT4-fs error (device loop7): ext4_dx_csum_verify:502: inode #2: comm syz.7.3052: dir seems corrupt? Run e2fsck -D. [ 599.577836][T16915] EXT4-fs error (device loop7): dx_probe:823: inode #2: comm syz.7.3052: Directory index failed checksum [ 599.732102][ T9792] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 600.734727][ T6754] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 600.914169][ T6754] usb 4-1: device descriptor read/64, error -71 [ 601.204204][ T6754] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 601.306923][ T2962] wlan1: Trigger new scan to find an IBSS to join [ 601.384601][ T6754] usb 4-1: device descriptor read/64, error -71 [ 601.514811][ T6754] usb usb4-port1: attempt power cycle [ 601.853884][T16980] loop5: detected capacity change from 0 to 32768 [ 601.871112][T16980] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 scanned by syz.5.3065 (16980) [ 601.934233][ T6754] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 602.005252][ T6754] usb 4-1: device descriptor read/8, error -71 [ 602.012242][T16980] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 602.034640][T16980] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 602.066660][T16980] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 602.088086][T16980] BTRFS info (device loop5): use zstd compression, level 3 [ 602.105419][T16980] BTRFS info (device loop5): using free space tree [ 602.248664][T16980] BTRFS info (device loop5): enabling ssd optimizations [ 602.268822][T16980] BTRFS info (device loop5): auto enabling async discard [ 602.278010][ T59] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 602.297511][ T6754] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 602.365718][ T6754] usb 4-1: device descriptor read/8, error -71 [ 602.507224][ T6754] usb usb4-port1: unable to enumerate USB device [ 602.507701][ T28] audit: type=1800 audit(1774077330.185:1336): pid=16980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3065" name="file1" dev="loop5" ino=260 res=0 errno=0 [ 603.141894][T16645] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 605.380703][ T5783] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 605.399248][ T5783] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 605.409452][ T5783] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 605.420224][ T5783] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 605.428637][ T5783] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 605.436418][ T5783] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 605.529904][T17076] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3084'. [ 605.853804][T17074] lo speed is unknown, defaulting to 1000 [ 606.720696][ T59] bond1: (slave gretap1): Releasing active interface [ 607.119222][T17102] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3088'. [ 607.335990][T17074] chnl_net:caif_netlink_parms(): no params data found [ 607.546263][ T5783] Bluetooth: hci1: command tx timeout [ 607.626318][ T59] hsr_slave_0: left promiscuous mode [ 607.641907][ T59] hsr_slave_1: left promiscuous mode [ 607.650868][ T59] batman_adv: batadv0: Removing interface: dummy0 [ 608.077368][ T59] bond1 (unregistering): Released all slaves [ 609.626498][ T5783] Bluetooth: hci1: command tx timeout [ 611.413639][ T59] bond0 (unregistering): Released all slaves [ 611.733924][ T5783] Bluetooth: hci1: command tx timeout [ 611.861595][T17074] bridge0: port 1(bridge_slave_0) entered blocking state [ 611.914554][T17074] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.921878][T17074] bridge_slave_0: entered allmulticast mode [ 611.973174][T17074] bridge_slave_0: entered promiscuous mode [ 612.008116][T17074] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.025164][T17074] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.052905][T17074] bridge_slave_1: entered allmulticast mode [ 612.105767][T17074] bridge_slave_1: entered promiscuous mode [ 612.235359][T17074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 612.287259][T17074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 612.443643][T17074] team0: Port device team_slave_0 added [ 612.507833][T17074] team0: Port device team_slave_1 added [ 612.617568][T17074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 612.633444][T17074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 612.635842][T17162] loop3: detected capacity change from 0 to 128 [ 612.694898][T17074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 612.715150][T17074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 612.722590][T17074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 612.759930][T17162] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 612.875187][T17074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 612.968938][ T59] IPVS: stop unused estimator thread 0... [ 613.037470][T17074] hsr_slave_0: entered promiscuous mode [ 613.045532][T17074] hsr_slave_1: entered promiscuous mode [ 613.054432][T17162] loop3: detected capacity change from 128 to 0 [ 613.075680][T17167] syz.3.3104: attempt to access beyond end of device [ 613.075680][T17167] loop3: rw=0, sector=115, nr_sectors = 1 limit=0 [ 613.105791][T17074] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 613.134835][T17074] Cannot create hsr debugfs directory [ 613.195724][T13293] syz-executor: attempt to access beyond end of device [ 613.195724][T13293] loop3: rw=0, sector=120, nr_sectors = 1 limit=0 [ 613.237511][T13293] syz-executor: attempt to access beyond end of device [ 613.237511][T13293] loop3: rw=0, sector=120, nr_sectors = 1 limit=0 [ 613.403008][T15602] syz.3.2674: attempt to access beyond end of device [ 613.403008][T15602] loop3: rw=2049, sector=83, nr_sectors = 1 limit=0 [ 613.434125][T15602] Buffer I/O error on dev loop3, logical block 83, lost sync page write [ 613.784094][ T5783] Bluetooth: hci1: command tx timeout [ 614.532682][ T59] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 614.589326][ T59] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.993285][ T59] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 615.021537][ T59] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.380508][ T59] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 615.391416][ T59] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.643502][ T59] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 615.661269][ T59] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.682999][ T5774] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 615.704625][ T5774] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 615.720264][ T5774] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 615.723876][T17219] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3117'. [ 615.744966][T17219] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 615.753379][T17219] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 615.762265][ T5774] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 615.774539][T17219] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 615.782518][T17219] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 615.785737][ T5774] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 615.797556][ T5774] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 616.081954][T17216] lo speed is unknown, defaulting to 1000 [ 616.279718][T17074] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 616.333289][T17074] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 616.401665][T17074] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 616.433694][T17074] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 617.664409][T17216] chnl_net:caif_netlink_parms(): no params data found [ 617.741599][T17074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 617.864883][ T5783] Bluetooth: hci2: command tx timeout [ 618.156762][T17260] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3132'. [ 618.202350][T17074] 8021q: adding VLAN 0 to HW filter on device team0 [ 618.388946][T17216] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.414183][T17216] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.421625][T17216] bridge_slave_0: entered allmulticast mode [ 618.446457][T17216] bridge_slave_0: entered promiscuous mode [ 618.466061][T17216] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.473245][T17216] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.494359][T17216] bridge_slave_1: entered allmulticast mode [ 618.501530][T17216] bridge_slave_1: entered promiscuous mode [ 618.536670][ C1] vkms_vblank_simulate: vblank timer overrun [ 618.669500][ C1] vkms_vblank_simulate: vblank timer overrun [ 618.827751][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.835107][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 618.873154][ T1086] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.880381][ T1086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 618.919910][T17216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 619.052501][T17272] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3137'. [ 619.067007][T17216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 619.271703][T17216] team0: Port device team_slave_0 added [ 619.323728][T17216] team0: Port device team_slave_1 added [ 619.378084][ T59] hsr_slave_0: left promiscuous mode [ 619.400182][ T59] hsr_slave_1: left promiscuous mode [ 619.446967][ T59] veth1_macvtap: left promiscuous mode [ 619.455692][ T59] veth0_macvtap: left promiscuous mode [ 619.461372][ T59] veth1_vlan: left promiscuous mode [ 619.469632][ T59] veth0_vlan: left promiscuous mode [ 619.626068][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 619.732512][ T59] bond1 (unregistering): (slave veth7): Releasing active interface [ 619.751573][ T59] bond1 (unregistering): (slave veth7): the permanent HWaddr of slave - ca:62:f5:f7:47:f3 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 619.769895][ C1] vkms_vblank_simulate: vblank timer overrun [ 619.787494][ T59] dummy0 (unregistering): entered promiscuous mode [ 619.954888][ T5783] Bluetooth: hci2: command tx timeout [ 620.164831][ T59] bond1 (unregistering): (slave dummy0): Releasing active interface [ 620.173146][ T59] dummy0 (unregistering): left promiscuous mode [ 620.182317][ T59] bond1 (unregistering): Released all slaves [ 620.219207][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.226510][ T6754] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 620.414244][ T6754] usb 6-1: Using ep0 maxpacket: 32 [ 620.423476][ T6754] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 620.433732][ T6754] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.443201][ T6754] usb 6-1: Product: syz [ 620.447996][ T6754] usb 6-1: Manufacturer: syz [ 620.452732][ T6754] usb 6-1: SerialNumber: syz [ 620.460917][ T6754] usb 6-1: config 0 descriptor?? [ 620.470606][ T6754] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 620.565712][T16911] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 620.812359][T16911] usb 5-1: Using ep0 maxpacket: 8 [ 620.821034][T16911] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 620.852714][T16911] usb 5-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 620.863957][T16911] usb 5-1: config 179 has no interface number 0 [ 620.871129][T16911] usb 5-1: config 179 interface 65 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 620.904449][T16911] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 620.913739][T16911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.187611][T16911] usb 5-1: USB disconnect, device number 11 [ 622.030178][ T5783] Bluetooth: hci2: command tx timeout [ 622.136085][ T6754] gspca_ov534_9: reg_w failed -71 [ 622.468095][ T6754] gspca_ov534_9: Unknown sensor 0000 [ 622.468199][ T6754] ov534_9: probe of 6-1:0.0 failed with error -22 [ 622.491976][ T6754] usb 6-1: USB disconnect, device number 9 [ 622.519607][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.204858][ T59] bond0 (unregistering): Released all slaves [ 623.523637][T17310] tipc: Started in network mode [ 623.529661][T17310] tipc: Node identity 4, cluster identity 4711 [ 623.538093][T17310] tipc: Node number set to 4 [ 623.549663][T17216] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 623.557813][T17216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 623.584236][T17216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 623.613114][T17216] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 623.620914][T17216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 623.659699][T17216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 623.880238][T17216] hsr_slave_0: entered promiscuous mode [ 623.925360][T17216] hsr_slave_1: entered promiscuous mode [ 624.029458][T17216] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 624.040169][T17216] Cannot create hsr debugfs directory [ 624.104548][ T5783] Bluetooth: hci2: command tx timeout [ 624.332129][ T59] IPVS: stop unused estimator thread 0... [ 624.754644][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.767176][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.823140][T17074] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 625.794938][T17074] veth0_vlan: entered promiscuous mode [ 625.873524][T17074] veth1_vlan: entered promiscuous mode [ 625.988340][T17216] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 626.010000][T17216] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 626.022773][T17216] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 626.050676][T17074] veth0_macvtap: entered promiscuous mode [ 626.065514][T17216] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 626.083669][T17074] veth1_macvtap: entered promiscuous mode [ 626.168855][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 626.193440][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 626.219256][T17074] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 626.301798][T17357] lo speed is unknown, defaulting to 1000 [ 626.387296][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 626.410093][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 626.436719][T17074] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 626.468167][T17074] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.489355][T17074] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.504366][T17074] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.524306][T17074] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 626.876597][T17216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 626.923939][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 626.947522][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 626.999881][T17216] 8021q: adding VLAN 0 to HW filter on device team0 [ 627.048304][ T131] bridge0: port 1(bridge_slave_0) entered blocking state [ 627.055548][ T131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 627.128915][ T131] bridge0: port 2(bridge_slave_1) entered blocking state [ 627.136892][ T131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 627.169085][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 627.201214][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 628.126374][T17216] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 628.316442][T17216] veth0_vlan: entered promiscuous mode [ 628.402235][T17216] veth1_vlan: entered promiscuous mode [ 628.519532][T17216] veth0_macvtap: entered promiscuous mode [ 628.551448][T17216] veth1_macvtap: entered promiscuous mode [ 628.634064][T17216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.674681][T17216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.704266][T17216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.729082][T17216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.761006][T17216] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 628.787139][ T28] audit: type=1326 audit(1774077356.470:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 628.796248][T17390] fuse: Bad value for 'fd' [ 628.829057][T17216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 628.851110][T17216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.864800][ T28] audit: type=1326 audit(1774077356.470:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 628.887633][T17216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 628.899000][T17216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.914062][ T28] audit: type=1326 audit(1774077356.470:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 628.943725][T17216] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 628.968523][T17216] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.005381][ T28] audit: type=1326 audit(1774077356.470:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 629.038730][T17216] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.053621][T17216] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.083540][ T28] audit: type=1326 audit(1774077356.470:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 629.107053][T17216] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.157657][ T28] audit: type=1326 audit(1774077356.470:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 629.195421][ T28] audit: type=1326 audit(1774077356.470:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 629.219247][ T28] audit: type=1326 audit(1774077356.470:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 629.404101][ T28] audit: type=1326 audit(1774077356.470:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 629.445619][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 629.474478][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 629.494528][ T28] audit: type=1326 audit(1774077356.470:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.5.3171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa7db39c799 code=0x7ffc0000 [ 629.585414][ T7782] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 629.622304][ T7782] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 630.237764][T17427] loop4: detected capacity change from 0 to 128 [ 630.605328][T16637] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 630.613754][T16637] FAT-fs (loop4): Filesystem has been set read-only [ 630.650539][T16637] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 631.308280][ T7782] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.544794][ T7782] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.729752][ T7782] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.852839][ T7782] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.974813][T14081] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 632.190801][T14081] usb 7-1: Using ep0 maxpacket: 32 [ 632.204619][T14081] usb 7-1: config 0 has an invalid interface number: 184 but max is 0 [ 632.233766][T14081] usb 7-1: config 0 has no interface number 0 [ 632.265143][T17473] veth1_to_bond: entered allmulticast mode [ 632.268256][T14081] usb 7-1: config 0 interface 184 has no altsetting 0 [ 632.309087][T14081] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 632.330974][T14081] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.382285][T14081] usb 7-1: Product: syz [ 632.403786][T14081] usb 7-1: Manufacturer: syz [ 632.412552][T14081] usb 7-1: SerialNumber: syz [ 632.452770][T14081] usb 7-1: config 0 descriptor?? [ 632.511462][T14081] smsc75xx v1.0.0 [ 632.638359][T17473] team0 (unregistering): Port device team_slave_0 removed [ 632.676601][ T5774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 632.695031][T17473] team0 (unregistering): Port device team_slave_1 removed [ 632.700312][ T5774] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 632.720407][ T5774] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 632.769662][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 632.780477][ T5774] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 632.788688][ T5774] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 632.872439][ T7782] tipc: Left network mode [ 632.987607][ C1] icmp: detected local route for 172.20.20.14 during ICMP sending, src 172.20.20.187 [ 633.120497][T17472] veth1_to_bond: left allmulticast mode [ 633.130232][T17479] lo speed is unknown, defaulting to 1000 [ 633.543237][T14081] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 633.560504][T14081] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 633.702701][T17495] IPv6: NLM_F_CREATE should be specified when creating new route [ 633.781075][T14081] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 633.827146][T14081] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 633.881316][T14081] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 633.899347][T14081] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 633.910026][T14081] smsc75xx: probe of 7-1:0.184 failed with error -71 [ 633.956134][T14081] usb 7-1: USB disconnect, device number 3 [ 634.492609][T17479] chnl_net:caif_netlink_parms(): no params data found [ 634.914571][ T5774] Bluetooth: hci0: command tx timeout [ 635.166161][T17479] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.170051][T17528] loop0: detected capacity change from 0 to 256 [ 635.173325][T17479] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.224471][T17479] bridge_slave_0: entered allmulticast mode [ 635.253862][T17479] bridge_slave_0: entered promiscuous mode [ 635.599785][T17479] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.667222][T17479] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.694351][T17479] bridge_slave_1: entered allmulticast mode [ 635.735962][T17479] bridge_slave_1: entered promiscuous mode [ 635.975309][ T7782] hsr_slave_0: left promiscuous mode [ 636.006465][ T7782] hsr_slave_1: left promiscuous mode [ 636.055973][ T7782] bridge_slave_1: left allmulticast mode [ 636.061711][ T7782] bridge_slave_1: left promiscuous mode [ 636.101190][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.140831][ T7782] bridge_slave_0: left allmulticast mode [ 636.151675][ T7782] bridge_slave_0: left promiscuous mode [ 636.159622][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state [ 636.296673][ T7782] veth1_macvtap: left promiscuous mode [ 636.314716][ T7782] veth0_macvtap: left promiscuous mode [ 636.335410][ T7782] veth1_vlan: left promiscuous mode [ 636.351518][ T7782] veth0_vlan: left promiscuous mode [ 636.984098][ T5774] Bluetooth: hci0: command tx timeout [ 637.364239][T14081] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 637.604305][T14081] usb 7-1: Using ep0 maxpacket: 32 [ 637.635424][T14081] usb 7-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 637.654136][T14081] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.677771][T14081] usb 7-1: config 0 descriptor?? [ 637.716924][T14081] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 639.073158][ T5774] Bluetooth: hci0: command tx timeout [ 639.319807][T14081] gspca_vc032x: reg_w err -71 [ 639.326432][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.336683][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.366964][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.372676][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.378226][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.383689][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.402860][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.408504][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.443513][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.449093][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.465339][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.470705][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.514101][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.519470][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.534124][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.539683][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.545578][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.550916][T14081] gspca_vc032x: I2c Bus Busy Wait 00 [ 639.556432][T14081] gspca_vc032x: Unknown sensor... [ 639.561677][T14081] vc032x: probe of 7-1:0.0 failed with error -22 [ 639.576586][T14081] usb 7-1: USB disconnect, device number 4 [ 639.840742][ T7782] team0 (unregistering): Port device team_slave_1 removed [ 640.121500][ T7782] team0 (unregistering): Port device team_slave_0 removed [ 640.321907][ T7782] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 640.468050][ T7782] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 640.878442][ T6728] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 641.112135][ T6728] usb 1-1: Using ep0 maxpacket: 16 [ 641.117556][ T5843] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 641.137520][ T6728] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 641.144132][ T5774] Bluetooth: hci0: command tx timeout [ 641.153832][ T6728] usb 1-1: config 0 has no interface number 0 [ 641.179077][ T6728] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 641.227312][ T6728] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.240715][ T6728] usb 1-1: Product: syz [ 641.270746][ T6728] usb 1-1: Manufacturer: syz [ 641.275544][ T6728] usb 1-1: SerialNumber: syz [ 641.292249][ T6728] usb 1-1: config 0 descriptor?? [ 641.314458][ T6728] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 641.371595][ T5843] usb 7-1: config 0 has no interfaces? [ 641.380890][ T5843] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 641.395488][ T5843] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.431668][ T5843] usb 7-1: Product: syz [ 641.436365][ T5843] usb 7-1: Manufacturer: syz [ 641.441132][ T5843] usb 7-1: SerialNumber: syz [ 641.470199][ T5843] usb 7-1: config 0 descriptor?? [ 641.823695][ T7782] bond0 (unregistering): Released all slaves [ 642.090787][T17589] lo speed is unknown, defaulting to 1000 [ 642.143076][T17479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 642.193927][T17479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 642.350818][T17479] team0: Port device team_slave_0 added [ 642.400568][T17479] team0: Port device team_slave_1 added [ 642.655209][T17479] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 642.713181][T17479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 642.761835][T17479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 642.780856][T17479] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 642.790262][T17479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 642.797927][T14081] usb 7-1: USB disconnect, device number 5 [ 642.861897][T17479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 642.975843][ T6728] gspca_spca1528: reg_r err -71 [ 642.980933][ T6728] spca1528: probe of 1-1:0.1 failed with error -71 [ 642.996802][ T6728] usb 1-1: USB disconnect, device number 17 [ 643.043882][T17479] hsr_slave_0: entered promiscuous mode [ 643.051172][T17479] hsr_slave_1: entered promiscuous mode [ 644.017426][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 644.017444][ T28] audit: type=1804 audit(1774077371.700:1370): pid=17614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.3220" name="file1" dev="ramfs" ino=52452 res=1 errno=0 [ 644.912084][T17630] netlink: 'syz.5.3225': attribute type 1 has an invalid length. [ 644.955362][T17630] netlink: 'syz.5.3225': attribute type 4 has an invalid length. [ 644.963172][T17630] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.3225'. [ 646.036084][T17649] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.047029][T17649] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.194563][T17675] loop2: detected capacity change from 0 to 7 [ 646.222962][ T5784] loop2: [ 646.232864][ T5784] loop2: partition table partially beyond EOD, truncated [ 646.282245][T17675] loop2: [ 646.294320][T17675] loop2: partition table partially beyond EOD, truncated [ 646.329594][ T5138] loop2: [ 646.332628][ T5138] loop2: partition table partially beyond EOD, truncated [ 646.898020][T17649] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 647.005042][T17649] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 647.381345][T17649] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.392028][T17649] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.401426][T17649] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.410503][T17649] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.913337][T17692] lo speed is unknown, defaulting to 1000 [ 647.991863][T17479] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 648.032599][T17479] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 648.062172][T17479] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 648.074672][ T5834] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 648.148360][T17479] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 648.291669][ T5834] usb 1-1: config 0 has no interfaces? [ 648.306906][ T5834] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 648.329867][ T5834] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.345429][ T5834] usb 1-1: Product: syz [ 648.349783][ T5834] usb 1-1: Manufacturer: syz [ 648.354870][ T5834] usb 1-1: SerialNumber: syz [ 648.362717][ T5834] usb 1-1: config 0 descriptor?? [ 648.574258][T17479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 648.634785][T17709] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3242'. [ 648.715670][T17709] 8021q: adding VLAN 0 to HW filter on device bond1 [ 648.750069][T17712] bond1: (slave syz_tun): Enslaving as an active interface with an up link [ 648.794360][T16911] usb 1-1: USB disconnect, device number 18 [ 648.829730][T17479] 8021q: adding VLAN 0 to HW filter on device team0 [ 648.854798][ T3001] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.862059][ T3001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.485437][T17709] bond1 (unregistering): (slave syz_tun): Releasing backup interface [ 649.514796][T17709] bond1 (unregistering): Released all slaves [ 649.572266][ T131] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.579914][ T131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.762711][T17479] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 650.394887][T17479] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 650.413801][T17751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3247'. [ 650.466516][T17751] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 651.357625][T17778] loop0: detected capacity change from 0 to 1024 [ 651.371393][T17479] veth0_vlan: entered promiscuous mode [ 651.428572][T17479] veth1_vlan: entered promiscuous mode [ 651.440257][T17778] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 651.474277][T17778] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 651.519291][T17778] EXT4-fs error (device loop0): ext4_free_blocks:6690: comm syz.0.3253: Freeing blocks not in datazone - block = 0, count = 16 [ 651.625329][ T131] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 651.639153][T17479] veth0_macvtap: entered promiscuous mode [ 651.687522][ T2903] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm kworker/u4:7: bg 0: block 112: padding at end of block bitmap is not set [ 651.698210][T17479] veth1_macvtap: entered promiscuous mode [ 651.714559][ T2903] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8191 with max blocks 65 with error 28 [ 651.730046][ T2903] EXT4-fs (loop0): This should not happen!! Data will be lost [ 651.730046][ T2903] [ 651.762868][T17479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 651.793645][T17479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.794183][ T2903] EXT4-fs (loop0): Total free blocks count 0 [ 651.804906][T17479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 651.822028][ T2903] EXT4-fs (loop0): Free/Dirty block details [ 651.845576][T17479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.864291][ T2903] EXT4-fs (loop0): free_blocks=0 [ 651.869405][ T2903] EXT4-fs (loop0): dirty_blocks=80 [ 651.873130][T17479] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 651.881068][ T2903] EXT4-fs (loop0): Block reservation details [ 651.911358][ T2903] EXT4-fs (loop0): i_reserved_data_blocks=5 [ 651.936374][T17479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 651.961459][T17479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.987065][T17216] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 651.996321][T17479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 652.018544][T17479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.048674][T17479] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 652.085235][T17479] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.105958][T17479] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.144651][T17479] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.153427][T17479] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.303903][T17804] loop0: detected capacity change from 0 to 1024 [ 652.321686][T17804] EXT4-fs: Ignoring removed oldalloc option [ 652.339991][T17804] EXT4-fs: Ignoring removed bh option [ 652.423581][T17804] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 652.502289][ T2903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 652.516286][T17804] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 652.554696][ T2903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 652.651829][ T28] audit: type=1804 audit(1774077380.330:1371): pid=17802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3257" name="/newroot/26/file1/bus" dev="loop0" ino=18 res=1 errno=0 [ 652.770083][T17818] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3262'. [ 652.784223][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 652.814940][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 653.136466][T17825] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3186'. [ 653.159597][T17825] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3186'. [ 653.488218][T17216] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 653.513866][T17832] overlayfs: upper fs does not support file handles, falling back to index=off. [ 653.757313][T17835] netlink: 264 bytes leftover after parsing attributes in process `syz.0.3266'. [ 654.483645][T17841] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 656.161615][T17908] loop9: detected capacity change from 0 to 512 [ 656.234434][T17908] EXT4-fs error (device loop9): ext4_orphan_get:1398: inode #15: comm syz.9.3288: inode has both inline data and extents flags [ 656.273052][T17912] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3289'. [ 656.320972][T17908] EXT4-fs error (device loop9): ext4_orphan_get:1403: comm syz.9.3288: couldn't read orphan inode 15 (err -117) [ 656.370642][T17908] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 656.840148][T17479] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 657.094387][T17938] serio: Serial port ttyS3 [ 657.325139][T16911] kernel read not supported for file /swradio3 (pid: 16911 comm: kworker/0:0) [ 657.475362][T17950] loop0: detected capacity change from 0 to 2048 [ 657.560673][T17950] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 657.924274][T17216] UDF-fs: error (device loop0): udf_read_inode: (ino 1317) failed !bh [ 657.961109][T17216] UDF-fs: error (device loop0): udf_read_inode: (ino 1317) failed !bh [ 658.524173][T14081] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 658.763349][T14081] usb 10-1: Using ep0 maxpacket: 8 [ 658.785631][T14081] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 658.807526][T14081] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.840585][T14081] usb 10-1: Product: syz [ 658.847598][T14081] usb 10-1: Manufacturer: syz [ 658.872842][T14081] usb 10-1: SerialNumber: syz [ 658.906109][T14081] usb 10-1: config 0 descriptor?? [ 659.124918][T14081] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 659.269639][T17990] syzkaller0: entered allmulticast mode [ 659.324248][T17990] syzkaller0: entered promiscuous mode [ 659.358212][T17994] syzkaller0 (unregistering): left promiscuous mode [ 659.404726][T17994] syzkaller0 (unregistering): left allmulticast mode [ 659.634362][T14081] dvb_usb_rtl28xxu: probe of 10-1:0.0 failed with error -71 [ 659.655805][T14081] usb 10-1: USB disconnect, device number 5 [ 660.697774][T18011] loop6: detected capacity change from 0 to 2048 [ 660.745312][T18011] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 661.127306][T17074] UDF-fs: error (device loop6): udf_read_inode: (ino 1317) failed !bh [ 661.160901][T17074] UDF-fs: error (device loop6): udf_read_inode: (ino 1317) failed !bh [ 661.396046][ T5783] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 661.410377][ T5783] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 661.423420][ T5783] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 661.433935][ T5783] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 661.441883][ T5783] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 661.468945][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 661.483171][T18014] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.491624][T18014] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.998570][T18014] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 662.041325][T18014] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 662.379542][T18014] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.390122][T18014] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.399822][T18014] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.409036][T18014] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.941234][T18023] lo speed is unknown, defaulting to 1000 [ 663.128937][T18041] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3320'. [ 663.490690][ T7782] hsr_slave_0: left promiscuous mode [ 663.515774][ T7782] hsr_slave_1: left promiscuous mode [ 663.532063][ T7782] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 663.563003][ T7782] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 663.612041][ T7782] bridge_slave_1: left allmulticast mode [ 663.618804][ T7782] bridge_slave_1: left promiscuous mode [ 663.625128][ T5783] Bluetooth: hci2: command tx timeout [ 663.643692][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.668154][T18036] loop9: detected capacity change from 0 to 32768 [ 663.683623][T18036] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 scanned by syz.9.3318 (18036) [ 663.698009][ T7782] bridge_slave_0: left allmulticast mode [ 663.704145][ T7782] bridge_slave_0: left promiscuous mode [ 663.710030][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.774543][T18036] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 663.795978][T18036] BTRFS info (device loop9): using crc32c (crc32c-intel) checksum algorithm [ 663.833171][T18036] BTRFS info (device loop9): setting nodatasum [ 663.860428][T18036] BTRFS info (device loop9): force zlib compression, level 3 [ 663.890917][T18036] BTRFS info (device loop9): setting incompat feature flag for COMPRESS_LZO (0x8) [ 663.945755][T18036] BTRFS info (device loop9): use lzo compression, level 0 [ 663.953155][T18036] BTRFS info (device loop9): turning on flush-on-commit [ 663.994263][T18036] BTRFS info (device loop9): enabling auto defrag [ 664.000923][T18036] BTRFS info (device loop9): max_inline at 4096 [ 664.040392][T18036] BTRFS info (device loop9): using free space tree [ 664.233486][ T28] audit: type=1326 audit(1774077391.910:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18065 comm="syz.5.3324" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7db39c799 code=0x0 [ 664.284776][T18036] BTRFS info (device loop9): enabling ssd optimizations [ 664.390147][ T5774] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 664.424220][ T5774] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 664.443138][ T5774] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 664.461705][ T5774] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 664.499777][ T5774] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 664.507506][ T5774] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 664.881453][T17479] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 665.708854][ T5783] Bluetooth: hci2: command tx timeout [ 666.536454][ T7782] team0 (unregistering): Port device team_slave_1 removed [ 666.584207][ T5783] Bluetooth: hci1: command tx timeout [ 666.703599][ T7782] team0 (unregistering): Port device team_slave_0 removed [ 666.816131][ T7782] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 666.910371][ T7782] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 667.667542][ T7782] bond0 (unregistering): Released all slaves [ 667.784195][ T5783] Bluetooth: hci2: command tx timeout [ 667.824549][T18116] smc: net device wlan0 applied user defined pnetid SYZ0 [ 667.857140][T18129] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3332'. [ 668.041993][T18078] lo speed is unknown, defaulting to 1000 [ 668.191541][T18023] chnl_net:caif_netlink_parms(): no params data found [ 668.475434][T18023] bridge0: port 1(bridge_slave_0) entered blocking state [ 668.483022][T18023] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.492011][T18023] bridge_slave_0: entered allmulticast mode [ 668.493765][T18153] xt_hashlimit: max too large, truncated to 1048576 [ 668.550862][T18023] bridge_slave_0: entered promiscuous mode [ 668.664133][ T5783] Bluetooth: hci1: command tx timeout [ 668.694520][T18023] bridge0: port 2(bridge_slave_1) entered blocking state [ 668.701815][T18023] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.750772][T18023] bridge_slave_1: entered allmulticast mode [ 668.777832][T18023] bridge_slave_1: entered promiscuous mode [ 668.947248][T18023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 669.000305][T18023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 669.153363][T18023] team0: Port device team_slave_0 added [ 669.175527][T18078] chnl_net:caif_netlink_parms(): no params data found [ 669.333729][ T7782] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.369582][T18023] team0: Port device team_slave_1 added [ 669.566930][ T7782] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.589359][T18023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 669.599147][T18023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.637272][T18023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 669.674620][T18023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 669.690682][T18023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.730998][T18023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 669.840962][ T7782] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.864136][ T5783] Bluetooth: hci2: command tx timeout [ 670.180775][ T7782] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.280090][T18023] hsr_slave_0: entered promiscuous mode [ 670.295359][T18023] hsr_slave_1: entered promiscuous mode [ 670.301876][T18023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 670.317478][T18023] Cannot create hsr debugfs directory [ 670.450077][T18078] bridge0: port 1(bridge_slave_0) entered blocking state [ 670.496644][T18078] bridge0: port 1(bridge_slave_0) entered disabled state [ 670.515316][T18078] bridge_slave_0: entered allmulticast mode [ 670.523058][T18078] bridge_slave_0: entered promiscuous mode [ 670.576007][T18078] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.583424][T18078] bridge0: port 2(bridge_slave_1) entered disabled state [ 670.600098][T18078] bridge_slave_1: entered allmulticast mode [ 670.625479][T18078] bridge_slave_1: entered promiscuous mode [ 670.744507][ T5783] Bluetooth: hci1: command tx timeout [ 670.842809][T18214] fuse: Bad value for 'fd' [ 670.989205][T18078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 671.030305][T18078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 671.304766][T18078] team0: Port device team_slave_0 added [ 671.351415][T18078] team0: Port device team_slave_1 added [ 672.047528][T18078] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 672.094114][T18078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 672.194135][T18078] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 672.503568][T18078] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 672.510886][T18078] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 672.538845][T18078] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 672.763872][T18078] hsr_slave_0: entered promiscuous mode [ 672.778672][T18078] hsr_slave_1: entered promiscuous mode [ 672.786910][T18078] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 672.795397][T18078] Cannot create hsr debugfs directory [ 672.824207][ T5783] Bluetooth: hci1: command tx timeout [ 674.090587][T18023] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 674.335915][T18023] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 674.485120][T18023] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 674.500607][T18023] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 674.706576][ T7782] hsr_slave_0: left promiscuous mode [ 674.775576][ T7782] hsr_slave_1: left promiscuous mode [ 674.798929][ T7782] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 674.835313][ T7782] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 674.845623][ T7782] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 674.864127][ T7782] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 674.884868][ T7782] bridge_slave_1: left allmulticast mode [ 674.890605][ T7782] bridge_slave_1: left promiscuous mode [ 674.904685][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.950662][ T7782] bridge_slave_0: left allmulticast mode [ 674.964897][ T7782] bridge_slave_0: left promiscuous mode [ 674.970801][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.105952][ T7782] veth1_macvtap: left promiscuous mode [ 675.121549][ T7782] veth0_macvtap: left promiscuous mode [ 675.138619][ T7782] veth1_vlan: left promiscuous mode [ 675.148442][ T7782] veth0_vlan: left promiscuous mode [ 676.710162][ T7782] team0 (unregistering): Port device team_slave_1 removed [ 676.802033][ T7782] team0 (unregistering): Port device team_slave_0 removed [ 676.885419][ T7782] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 676.973579][ T7782] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 677.693458][ T7782] bond0 (unregistering): Released all slaves [ 678.336326][T18023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 678.483625][T18023] 8021q: adding VLAN 0 to HW filter on device team0 [ 678.536662][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.544040][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 678.555388][ T1086] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.562692][ T1086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 678.779688][T18078] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 678.800884][T18078] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 678.812826][T18078] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 678.837061][T18078] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 679.051203][T18078] 8021q: adding VLAN 0 to HW filter on device bond0 [ 679.102201][T18078] 8021q: adding VLAN 0 to HW filter on device team0 [ 679.132056][ T2903] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.139322][ T2903] bridge0: port 1(bridge_slave_0) entered forwarding state [ 679.176291][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.183455][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 679.289986][T18023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 679.334181][T18319] netlink: 'syz.5.3361': attribute type 12 has an invalid length. [ 679.343796][T18319] netlink: 'syz.5.3361': attribute type 29 has an invalid length. [ 679.356461][T18319] netlink: 148 bytes leftover after parsing attributes in process `syz.5.3361'. [ 679.373595][T18319] netlink: 'syz.5.3361': attribute type 3 has an invalid length. [ 679.506386][T18023] veth0_vlan: entered promiscuous mode [ 679.536066][T18023] veth1_vlan: entered promiscuous mode [ 679.639718][T18023] veth0_macvtap: entered promiscuous mode [ 679.660735][T18023] veth1_macvtap: entered promiscuous mode [ 679.728680][T18023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.754272][T18023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.776078][T18023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.843196][T18023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.861608][T18023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.885996][T18023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 679.916790][T18023] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.927317][T18023] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.940968][T18023] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.951546][T18023] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.116589][T18078] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 680.197908][ T7782] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.221754][ T7782] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.326488][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.352631][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.878964][T18078] veth0_vlan: entered promiscuous mode [ 680.898716][T18078] veth1_vlan: entered promiscuous mode [ 680.972869][T18078] veth0_macvtap: entered promiscuous mode [ 681.012093][T18078] veth1_macvtap: entered promiscuous mode [ 681.054697][T18078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 681.085068][T18078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 681.124024][T18078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 681.154096][T18078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 681.185818][T18078] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 681.242405][T18078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 681.273487][T18078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 681.304217][T18078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 681.325447][T18078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 681.349709][T18078] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 681.363118][T18369] binder: 18368:18369 ioctl 4018620d 0 returned -22 [ 681.412657][T18078] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.434156][T18078] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.442933][T18078] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.474470][T18078] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.759833][ T7782] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 681.803299][ T7782] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 681.918376][ T7782] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 681.947132][ T7782] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 682.670023][T18399] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3373'. [ 683.626767][ T7782] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 684.124725][T18433] block device autoloading is deprecated and will be removed. [ 684.901979][T18459] netlink: 'syz.5.3389': attribute type 10 has an invalid length. [ 685.027034][T18459] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 685.394692][T18474] fuse: Bad value for 'fd' [ 685.472412][T18476] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3395'. [ 685.524678][T18476] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 685.533674][T18476] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 685.542735][T18476] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 685.551905][T18476] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 685.571498][T18476] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3395'. [ 685.864943][ T5850] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 686.078783][ T5850] usb 9-1: config 0 has no interfaces? [ 686.097543][ T5850] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 686.116322][ T5850] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.143855][ T5850] usb 9-1: config 0 descriptor?? [ 686.200026][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.214378][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.396124][ T5815] usb 9-1: USB disconnect, device number 7 [ 687.473773][T18541] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3409'. [ 687.497661][T18541] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3409'. [ 687.554431][ T5850] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 687.764754][ T5850] usb 9-1: Using ep0 maxpacket: 16 [ 687.774761][ T5850] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 687.794628][ T5850] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 687.817106][ T5850] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 687.834114][ T5850] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.849016][ T5850] usb 9-1: Product: syz [ 687.856750][ T5850] usb 9-1: Manufacturer: syz [ 687.861428][ T5850] usb 9-1: SerialNumber: syz [ 688.124728][ T5850] usb 9-1: 0:2 : does not exist [ 688.146589][ T5850] usb 9-1: 5:0: failed to get current value for ch 0 (-22) [ 688.172788][T18567] fuse: Bad value for 'fd' [ 688.215184][ T5850] usb 9-1: USB disconnect, device number 8 [ 688.307978][ T5784] udevd[5784]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 689.563302][ T28] audit: type=1326 audit(1774077417.240:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 689.627832][ T28] audit: type=1326 audit(1774077417.240:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 689.711207][ T28] audit: type=1326 audit(1774077417.270:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 689.722304][T18613] lo speed is unknown, defaulting to 1000 [ 689.753165][T18616] loop9: detected capacity change from 0 to 2048 [ 689.778204][ T28] audit: type=1326 audit(1774077417.270:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 689.813873][ T28] audit: type=1326 audit(1774077417.280:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 689.918674][ T28] audit: type=1326 audit(1774077417.340:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 690.019516][ T28] audit: type=1326 audit(1774077417.340:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb48af9c502 code=0x7ffc0000 [ 690.121191][ T28] audit: type=1326 audit(1774077417.340:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fb48af9c597 code=0x7ffc0000 [ 690.144060][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.240124][ T28] audit: type=1326 audit(1774077417.340:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fb48af59491 code=0x7ffc0000 [ 690.323227][ T28] audit: type=1326 audit(1774077417.340:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18612 comm="syz.9.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fb48af9d589 code=0x7ffc0000 [ 690.434790][ T5783] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 691.213029][T18646] loop9: detected capacity change from 0 to 128 [ 691.286433][T18646] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 691.411666][T18646] ext4 filesystem being mounted at /50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 691.443924][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.861902][T18664] loop1: detected capacity change from 0 to 512 [ 691.927662][T17479] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 692.023696][T18664] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 692.114344][T18664] ext4 filesystem being mounted at /16/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 692.949059][T18023] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 693.145605][T18699] IPVS: set_ctl: invalid protocol: 46 224.0.0.2:20001 [ 693.818428][T18707] netlink: 'syz.1.3446': attribute type 10 has an invalid length. [ 693.940676][T18707] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 694.368344][T18714] loop1: detected capacity change from 0 to 512 [ 697.189353][T18761] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3458'. [ 698.104738][T18785] fuse: Bad value for 'fd' [ 699.311823][ T59] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.609343][ T59] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.929650][ T59] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.196829][ T59] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.783263][ T5774] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 700.815444][ T5774] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 700.828222][ T5774] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 700.836611][ T5774] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 700.854398][ T5774] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 700.862021][ T5774] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 700.982558][T18838] lo speed is unknown, defaulting to 1000 [ 702.650696][T18838] chnl_net:caif_netlink_parms(): no params data found [ 702.784438][T18869] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3486'. [ 702.904403][ T5783] Bluetooth: hci1: command tx timeout [ 703.605823][T18838] bridge0: port 1(bridge_slave_0) entered blocking state [ 703.631761][T18838] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.655439][T18838] bridge_slave_0: entered allmulticast mode [ 703.679639][T18838] bridge_slave_0: entered promiscuous mode [ 703.796088][T18838] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.813612][T18838] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.832877][T18838] bridge_slave_1: entered allmulticast mode [ 703.854687][T18838] bridge_slave_1: entered promiscuous mode [ 703.915604][ T59] hsr_slave_0: left promiscuous mode [ 703.922048][ T59] hsr_slave_1: left promiscuous mode [ 703.933640][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 703.963836][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 703.986425][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 704.011541][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 704.032092][ T59] bridge_slave_1: left allmulticast mode [ 704.043645][ T59] bridge_slave_1: left promiscuous mode [ 704.055493][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.081695][ T59] bridge_slave_0: left allmulticast mode [ 704.092651][ T59] bridge_slave_0: left promiscuous mode [ 704.109452][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 704.225042][ T59] veth1_macvtap: left promiscuous mode [ 704.230826][ T59] veth0_macvtap: left promiscuous mode [ 704.244876][ T59] veth1_vlan: left promiscuous mode [ 704.261540][ T59] veth0_vlan: left promiscuous mode [ 704.999968][ T5783] Bluetooth: hci1: command tx timeout [ 706.857523][ T59] team0 (unregistering): Port device team_slave_1 removed [ 706.966541][ T59] team0 (unregistering): Port device team_slave_0 removed [ 707.057668][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 707.066382][ T5774] Bluetooth: hci1: command tx timeout [ 707.149943][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 707.888066][ T59] bond0 (unregistering): Released all slaves [ 708.064693][T18838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 708.090705][T18838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 708.257973][T18838] team0: Port device team_slave_0 added [ 708.305796][T18838] team0: Port device team_slave_1 added [ 708.415684][T18838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 708.423478][T18838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 708.504655][T18838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 708.539257][T18838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 708.558451][T18838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 708.643558][T18838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 708.752326][ T5774] Bluetooth: hci3: command 0x0406 tx timeout [ 708.952755][T18838] hsr_slave_0: entered promiscuous mode [ 708.999835][T18838] hsr_slave_1: entered promiscuous mode [ 709.021543][T18838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 709.043328][T18838] Cannot create hsr debugfs directory [ 709.144330][ T5783] Bluetooth: hci1: command tx timeout [ 709.624316][T18973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 709.671911][T18973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 709.722216][T18838] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 709.817726][T18838] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 709.917232][T18838] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 709.978929][T18983] netlink: 'syz.1.3507': attribute type 4 has an invalid length. [ 710.092672][T18838] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 710.124198][T18983] netlink: 'syz.1.3507': attribute type 4 has an invalid length. [ 710.569365][T18838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 710.619048][T18838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 710.687988][T18838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 710.726843][T18838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 711.033525][T18838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 711.091786][T18838] 8021q: adding VLAN 0 to HW filter on device team0 [ 711.137369][ T3001] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.144737][ T3001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 711.231195][T19021] loop1: detected capacity change from 0 to 128 [ 711.245936][ T1086] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.253186][ T1086] bridge0: port 2(bridge_slave_1) entered forwarding state [ 711.255812][T19021] EXT4-fs: Ignoring removed nobh option [ 711.360384][T19021] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 711.462735][T19029] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3520'. [ 711.480677][T19021] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 711.751690][T18023] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 712.281322][T18838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 712.459090][T18838] veth0_vlan: entered promiscuous mode [ 712.508352][T18838] veth1_vlan: entered promiscuous mode [ 712.642536][T18838] veth0_macvtap: entered promiscuous mode [ 712.663820][T18838] veth1_macvtap: entered promiscuous mode [ 712.740497][T18838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 712.777158][T18838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.807583][T18838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 712.839782][T18838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.856214][T18838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 712.868900][T18838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 712.916647][T18838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.947257][T18838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 712.995712][T18838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 713.033892][T18838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 713.071743][T18838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.103267][T18838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.122623][T18838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.144588][T18838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.421677][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.449973][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.559732][ T3001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.587411][ T3001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 714.441742][T19104] netlink: 'syz.9.3536': attribute type 1 has an invalid length. [ 714.603494][T19112] loop2: detected capacity change from 0 to 512 [ 714.617781][T19109] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 714.660925][T19109] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 714.704400][T19109] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 714.725954][T19109] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 714.749566][T19109] bond1: (slave geneve2): making interface the new active one [ 714.752014][T19112] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 714.767930][T19109] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 714.804439][T19104] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3536'. [ 714.835933][T19104] bond1 (unregistering): (slave geneve2): Releasing active interface [ 714.866304][T19104] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 714.914114][T19104] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 714.935604][T19104] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 714.964048][T19104] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 715.031406][T19104] bond1 (unregistering): Released all slaves [ 715.228312][T19091] loop1: detected capacity change from 0 to 40427 [ 715.261917][T19091] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 715.299909][T19091] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 715.332173][T18838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 715.394642][T19091] F2FS-fs (loop1): Found nat_bits in checkpoint [ 715.494979][T19091] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 715.544216][T19091] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 715.644839][ T3001] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 715.882387][T19134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3541'. [ 718.904805][T19205] fuse: Bad value for 'fd' [ 720.853516][T19247] loop2: detected capacity change from 0 to 7 [ 720.872013][ T5784] loop2: p1 [ 720.879560][ T5784] loop2: partition table partially beyond EOD, truncated [ 720.892386][ T5784] loop2: p1 size 1952408940 extends beyond EOD, truncated [ 720.935837][T19247] loop2: p1 [ 720.942162][T19247] loop2: partition table partially beyond EOD, truncated [ 720.962516][T19247] loop2: p1 size 1952408940 extends beyond EOD, truncated [ 721.055976][ T5784] udevd[5784]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 721.173854][ T5784] udevd[5784]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 721.721765][T19279] ref_ctr_offset mismatch. inode: 0x4d offset: 0x0 ref_ctr_offset(old): 0x2000000000c0 ref_ctr_offset(new): 0x1000000008 [ 723.060093][T19321] loop2: detected capacity change from 0 to 512 [ 723.090990][T19321] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 723.160988][T19321] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 723.183819][T19321] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 723.334436][ T6730] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 723.382537][T19321] EXT4-fs warning (device loop2): dx_probe:893: inode #2: comm syz.2.3583: dx entry: limit 0 != root limit 252 [ 723.402953][ T5784] udevd[5784]: incorrect ext4 checksum on /dev/loop2 [ 723.435156][T19321] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.3583: Corrupt directory, running e2fsck is recommended [ 723.549280][ T6730] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 723.563138][ T5784] udevd[5784]: incorrect ext4 checksum on /dev/loop2 [ 723.568560][ T6730] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 723.582626][T18838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 723.603675][ T6730] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 723.627736][ T6730] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.670267][ T6730] usb 2-1: Product: syz [ 723.692427][ T6730] usb 2-1: Manufacturer: syz [ 723.699651][ T6730] usb 2-1: SerialNumber: syz [ 723.737826][ T6730] cdc_mbim 2-1:1.0: skipping garbage [ 723.980696][T19322] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 724.614570][T19322] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 724.634637][ T6730] cdc_mbim 2-1:1.0: setting tx_max = 184 [ 724.642235][ T6730] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device [ 724.664912][ T6730] wwan wwan0: port wwan0mbim0 attached [ 724.688358][ T6730] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 1a:33:62:11:c5:62 [ 724.813775][ T28] kauditd_printk_skb: 66 callbacks suppressed [ 724.813791][ T28] audit: type=1326 audit(1774077452.490:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e8cb9c799 code=0x7ffc0000 [ 724.884078][ T28] audit: type=1326 audit(1774077452.490:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e8cb9c799 code=0x7ffc0000 [ 724.944128][ T28] audit: type=1326 audit(1774077452.520:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f9e8cb9c799 code=0x7ffc0000 [ 724.947698][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 724.973924][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 724.983218][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 724.990102][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 724.996538][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 725.003269][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 725.009920][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 725.014158][ T28] audit: type=1326 audit(1774077452.530:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e8cb9c799 code=0x7ffc0000 [ 725.016619][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 725.017810][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 725.052281][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 725.064426][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 725.071186][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 725.084061][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 725.090985][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 725.104075][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 725.110835][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 725.114350][ T28] audit: type=1326 audit(1774077452.530:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e8cb9c799 code=0x7ffc0000 [ 725.124430][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 725.146430][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 725.153350][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 725.160095][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 725.174238][ T28] audit: type=1326 audit(1774077452.540:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9e8cb9c799 code=0x7ffc0000 [ 725.199056][ T28] audit: type=1326 audit(1774077452.550:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e8cb9c799 code=0x7ffc0000 [ 725.242971][ T28] audit: type=1326 audit(1774077452.550:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9e8cb9c799 code=0x7ffc0000 [ 725.284186][ T28] audit: type=1326 audit(1774077452.550:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9e8cb96517 code=0x7ffc0000 [ 725.317786][ T5815] usb 2-1: USB disconnect, device number 2 [ 725.321658][ T28] audit: type=1326 audit(1774077452.550:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19357 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9e8cb3db19 code=0x7ffc0000 [ 725.329199][ T5815] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 725.497245][ T5815] wwan wwan0: port wwan0mbim0 disconnected [ 729.749866][T19475] netlink: 'syz.9.3615': attribute type 1 has an invalid length. [ 729.778444][T19475] netlink: 63743 bytes leftover after parsing attributes in process `syz.9.3615'. [ 729.960393][T19482] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 730.264174][ C1] icmp: detected local route for 172.20.20.14 during ICMP sending, src 172.20.20.187 [ 730.954727][T19508] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3621'. [ 731.392529][T19478] loop2: detected capacity change from 0 to 40427 [ 731.444306][T19478] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 731.454270][T19478] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 731.482225][T19478] F2FS-fs (loop2): invalid crc value [ 731.776220][T19478] F2FS-fs (loop2): sanity_check_inode: inode (ino=3) is with extra_attr, but extra_attr feature is off [ 731.791942][T19525] lo speed is unknown, defaulting to 1000 [ 731.811093][T19478] F2FS-fs (loop2): Failed to read root inode [ 732.335678][T19538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3626'. [ 732.629663][T19547] tipc: Enabling of bearer rejected, failed to enable media [ 733.729609][T19578] loop2: detected capacity change from 0 to 256 [ 733.803757][T19578] FAT-fs (loop2): Directory bread(block 64) failed [ 733.823847][T19578] FAT-fs (loop2): Directory bread(block 65) failed [ 733.874315][T19578] FAT-fs (loop2): Directory bread(block 66) failed [ 733.881138][T19578] FAT-fs (loop2): Directory bread(block 67) failed [ 733.915029][T19578] FAT-fs (loop2): Directory bread(block 68) failed [ 733.936251][T19578] FAT-fs (loop2): Directory bread(block 69) failed [ 733.943128][T19578] FAT-fs (loop2): Directory bread(block 70) failed [ 733.998310][T19578] FAT-fs (loop2): Directory bread(block 71) failed [ 734.033658][T19578] FAT-fs (loop2): Directory bread(block 72) failed [ 734.054651][T19578] FAT-fs (loop2): Directory bread(block 73) failed [ 734.465711][T19597] loop1: detected capacity change from 0 to 128 [ 734.683279][T19601] tipc: Started in network mode [ 734.688423][T19601] tipc: Node identity 4, cluster identity 4711 [ 734.704086][T19601] tipc: Node number set to 4 [ 734.871863][T19606] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3644'. [ 737.448358][T19667] bond1: entered promiscuous mode [ 737.517914][T19670] vcan1: entered promiscuous mode [ 737.566321][T19670] vcan1: entered allmulticast mode [ 737.602725][T19670] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 737.662154][T19670] bond1: (slave vcan1): Error -95 calling set_mac_address [ 738.097249][ T5774] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 738.110917][ T5774] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 738.154638][ T5774] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 738.169520][ T5774] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 738.179055][ T5774] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 738.187317][ T5774] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 738.351929][T19678] lo speed is unknown, defaulting to 1000 [ 738.942236][T19694] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3661'. [ 739.487288][ T3001] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.591479][T19678] chnl_net:caif_netlink_parms(): no params data found [ 739.624673][T19714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3664'. [ 739.865503][ T6730] IPVS: starting estimator thread 0... [ 739.905646][ T3001] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.965221][T19718] IPVS: using max 15 ests per chain, 36000 per kthread [ 740.228553][ T3001] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.264884][ T5774] Bluetooth: hci4: command tx timeout [ 740.378308][T19734] netlink: 'syz.2.3668': attribute type 1 has an invalid length. [ 740.494354][ T6752] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 740.523238][T19734] 8021q: adding VLAN 0 to HW filter on device bond2 [ 740.702448][ T3001] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.721062][ T6752] usb 2-1: Using ep0 maxpacket: 8 [ 740.729712][ T6752] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 740.748597][ T6752] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 740.771642][ T6752] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 740.801730][T19738] ip6erspan0: entered promiscuous mode [ 740.812832][ T6752] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 740.853180][T19738] bond2: (slave ip6erspan0): making interface the new active one [ 740.871657][ T6752] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 740.895121][T19738] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link [ 740.911925][ T6752] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 740.926390][T19745] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 740.934849][ T6752] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.984390][T19678] bridge0: port 1(bridge_slave_0) entered blocking state [ 740.991659][T19678] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.009465][T19678] bridge_slave_0: entered allmulticast mode [ 741.022127][T19678] bridge_slave_0: entered promiscuous mode [ 741.033723][T19678] bridge0: port 2(bridge_slave_1) entered blocking state [ 741.044652][T19678] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.052495][T19678] bridge_slave_1: entered allmulticast mode [ 741.061485][T19678] bridge_slave_1: entered promiscuous mode [ 741.218190][T19678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 741.274733][ T6752] usb 2-1: GET_CAPABILITIES returned 0 [ 741.280420][ T6752] usbtmc 2-1:16.0: can't read capabilities [ 741.302803][T19678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 741.352314][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 741.352365][ T28] audit: type=1326 audit(1774077469.030:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 741.818614][ T28] audit: type=1326 audit(1774077469.070:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 742.328782][ T28] audit: type=1326 audit(1774077469.070:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 742.355791][ T5774] Bluetooth: hci4: command tx timeout [ 742.407086][T19678] team0: Port device team_slave_0 added [ 742.414413][ T28] audit: type=1326 audit(1774077469.080:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 742.471778][T19678] team0: Port device team_slave_1 added [ 742.502675][ T28] audit: type=1326 audit(1774077469.310:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 742.585437][ T28] audit: type=1326 audit(1774077469.310:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 742.608450][ T28] audit: type=1326 audit(1774077469.320:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb48af9c799 code=0x7ffc0000 [ 742.634504][T19678] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 742.641510][T19678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.669302][ T28] audit: type=1326 audit(1774077469.390:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb48af5cfce code=0x7ffc0000 [ 742.713053][ T28] audit: type=1326 audit(1774077469.410:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb48af5cfce code=0x7ffc0000 [ 742.741508][T19678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 742.766586][T19678] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 742.773593][T19678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 742.814107][ T28] audit: type=1326 audit(1774077469.420:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19757 comm="syz.9.3670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb48af5cfce code=0x7ffc0000 [ 742.864690][T19678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 743.077074][ T5850] usb 2-1: USB disconnect, device number 3 [ 743.343345][T19678] hsr_slave_0: entered promiscuous mode [ 743.362841][T19678] hsr_slave_1: entered promiscuous mode [ 743.393377][T19678] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 743.406205][T19678] Cannot create hsr debugfs directory [ 744.165298][T19806] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 744.442421][ T5774] Bluetooth: hci4: command tx timeout [ 744.914566][T19818] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3681'. [ 745.182103][ T3001] bond0: (slave wlan1): Releasing backup interface [ 745.622232][ T3001] hsr_slave_0: left promiscuous mode [ 745.641429][ T3001] hsr_slave_1: left promiscuous mode [ 745.658136][ T3001] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 745.674208][ T3001] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 745.683517][ T3001] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 745.699988][ T3001] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 745.712053][ T3001] bridge_slave_1: left allmulticast mode [ 745.725225][ T3001] bridge_slave_1: left promiscuous mode [ 745.744678][ T3001] bridge0: port 2(bridge_slave_1) entered disabled state [ 745.783597][ T3001] bridge_slave_0: left allmulticast mode [ 745.790138][ T3001] bridge_slave_0: left promiscuous mode [ 745.810671][ T3001] bridge0: port 1(bridge_slave_0) entered disabled state [ 745.877365][ T3001] veth1_macvtap: left promiscuous mode [ 745.883257][ T3001] veth0_macvtap: left promiscuous mode [ 745.893473][ T3001] veth1_vlan: left promiscuous mode [ 745.904891][ T3001] veth0_vlan: left promiscuous mode [ 746.513436][ T5774] Bluetooth: hci4: command tx timeout [ 747.631238][ T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 747.631808][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.649127][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 749.527658][ T3001] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 749.673705][ T3001] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 750.359579][ T3001] bond0 (unregistering): Released all slaves [ 751.083419][T19678] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 751.831136][T19678] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 751.904986][T19678] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 752.833614][T19678] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 753.280210][T19678] 8021q: adding VLAN 0 to HW filter on device bond0 [ 753.339747][T19678] 8021q: adding VLAN 0 to HW filter on device team0 [ 753.409463][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.416854][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 753.495420][T19765] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.502683][T19765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 753.667114][T19678] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 754.156153][T19964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3716'. [ 754.410012][T19678] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 754.746800][T19989] netlink: 'syz.2.3718': attribute type 27 has an invalid length. [ 755.349962][T19989] bridge0: port 2(bridge_slave_1) entered disabled state [ 755.357785][T19989] bridge0: port 1(bridge_slave_0) entered disabled state [ 755.458727][T20005] loop1: detected capacity change from 0 to 164 [ 755.514454][T20005] ISOFS: Logical zone size(0) < hardware blocksize(1024) [ 756.242073][T19989] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 756.280118][T19989] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 756.754313][T19989] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.770589][T19989] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.779889][T19989] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.792875][T19989] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.975185][T19989] ip6erspan0: left promiscuous mode [ 757.348643][T19678] veth0_vlan: entered promiscuous mode [ 757.401674][T19678] veth1_vlan: entered promiscuous mode [ 757.547399][T19678] veth0_macvtap: entered promiscuous mode [ 757.582828][T19678] veth1_macvtap: entered promiscuous mode [ 757.672210][T19678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 757.726714][T19678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.756746][T19678] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 757.777375][T19678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 757.808932][T19678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 757.845662][T19678] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 757.903235][T19678] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.941911][T19678] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.963997][T19678] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.972981][T19678] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 758.224051][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 758.270611][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 758.378825][T19765] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 758.408586][T19765] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 758.654520][T20063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3740'. [ 758.692451][T20063] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3740'. [ 759.855659][T20092] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3746'. [ 759.944434][ T5783] Bluetooth: hci0: command 0x0406 tx timeout [ 761.078579][T20129] loop1: detected capacity change from 0 to 128 [ 761.171046][T20131] loop2: detected capacity change from 0 to 8 [ 761.382628][T20131] SQUASHFS error: Unable to read inode 0x11f [ 761.994323][T20152] tipc: Enabling of bearer rejected, failed to enable media [ 764.010744][T20226] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3783'. [ 765.334119][ T5850] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 765.539626][ T5850] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 765.554524][ T5850] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.582977][ T5850] usb 3-1: Product: syz [ 765.588009][ T5850] usb 3-1: Manufacturer: syz [ 765.592662][ T5850] usb 3-1: SerialNumber: syz [ 765.851853][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 765.914850][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 767.172453][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 767.204094][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -71 [ 767.234472][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -71 [ 767.291955][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001004. ret = -71 [ 767.354415][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001008. ret = -71 [ 767.383695][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -71 [ 767.400632][T20323] loop7: detected capacity change from 0 to 164 [ 767.437776][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001028. ret = -71 [ 767.450365][T20323] ISOFS: Logical zone size(0) < hardware blocksize(1024) [ 767.479745][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001030. ret = -71 [ 767.541370][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 767.586155][ T5850] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 767.646154][ T5850] lan78xx: probe of 3-1:1.0 failed with error -71 [ 767.694509][ T5850] usb 3-1: USB disconnect, device number 8 [ 769.616941][T20358] loop2: detected capacity change from 0 to 32768 [ 769.669036][T20358] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.3813 (20358) [ 769.741705][T20358] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 769.774205][T20358] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 769.783148][T20358] BTRFS info (device loop2): setting nodatasum [ 769.798219][T20389] netlink: 228 bytes leftover after parsing attributes in process `syz.7.3821'. [ 769.826026][T20358] BTRFS info (device loop2): force zlib compression, level 3 [ 769.840435][T20358] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 769.891215][T20358] BTRFS info (device loop2): use lzo compression, level 0 [ 769.928297][T20358] BTRFS info (device loop2): turning on flush-on-commit [ 769.944382][T20358] BTRFS info (device loop2): enabling auto defrag [ 769.951893][T20358] BTRFS info (device loop2): max_inline at 4096 [ 770.001673][T20358] BTRFS info (device loop2): using free space tree [ 770.214160][T20358] BTRFS info (device loop2): enabling ssd optimizations [ 770.721203][T18838] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 772.784658][ T5774] Bluetooth: hci0: unexpected event for opcode 0x080f [ 773.166429][T20488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3840'. [ 773.264609][T20491] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3840'. [ 773.397037][T20494] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3841'. [ 773.481292][T20495] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 773.488646][T20495] IPv6: NLM_F_CREATE should be set when creating new route [ 773.566912][T20494] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 773.574296][T20494] IPv6: NLM_F_CREATE should be set when creating new route [ 773.657572][ T5783] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 773.670036][ T5783] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 773.679873][ T5783] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 773.738325][ T5783] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 773.793990][ T5783] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 773.805815][ T49] tipc: Left network mode [ 773.810350][ T5783] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 774.190709][T20509] tipc: Failed to remove unknown binding: 66,1,1/0:164324280/164324282 [ 774.199526][T20509] tipc: Failed to remove unknown binding: 66,1,1/0:164324280/164324282 [ 774.212081][ T49] bond2: (slave ip6erspan0): Releasing active interface [ 774.255782][T20499] lo speed is unknown, defaulting to 1000 [ 774.377958][T20514] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3853'. [ 775.228871][T20499] chnl_net:caif_netlink_parms(): no params data found [ 775.733161][T20499] bridge0: port 1(bridge_slave_0) entered blocking state [ 775.744322][T20499] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.751707][T20499] bridge_slave_0: entered allmulticast mode [ 775.770416][T20499] bridge_slave_0: entered promiscuous mode [ 775.860689][T20499] bridge0: port 2(bridge_slave_1) entered blocking state [ 775.874156][T20499] bridge0: port 2(bridge_slave_1) entered disabled state [ 775.885171][T20499] bridge_slave_1: entered allmulticast mode [ 775.894577][T20499] bridge_slave_1: entered promiscuous mode [ 775.945243][ T5783] Bluetooth: hci1: command tx timeout [ 775.960637][ T49] hsr_slave_0: left promiscuous mode [ 775.991289][ T49] hsr_slave_1: left promiscuous mode [ 776.027979][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 776.045222][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 776.064596][ T49] bridge_slave_1: left allmulticast mode [ 776.070311][ T49] bridge_slave_1: left promiscuous mode [ 776.085180][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.105338][ T49] bridge_slave_0: left allmulticast mode [ 776.120660][ T49] bridge_slave_0: left promiscuous mode [ 776.131840][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 777.098805][ T49] bond2 (unregistering): Released all slaves [ 777.465887][ T49] bond1 (unregistering): Released all slaves [ 778.052339][ T5783] Bluetooth: hci1: command tx timeout [ 779.333199][ T49] team0 (unregistering): Port device team_slave_1 removed [ 779.449106][ T49] team0 (unregistering): Port device team_slave_0 removed [ 779.557406][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 779.642676][ T59] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 779.708047][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 780.104099][ T5783] Bluetooth: hci1: command tx timeout [ 780.743407][ T49] bond0 (unregistering): Released all slaves [ 780.973618][T20499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 781.056264][T20499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 781.160515][T20572] IPv6: sit1: Disabled Multicast RS [ 781.362384][T20499] team0: Port device team_slave_0 added [ 781.442220][T20499] team0: Port device team_slave_1 added [ 781.503302][T20586] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.521050][T20586] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.733557][T20499] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 781.748713][T20499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 781.794258][T20499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 781.807580][T20590] netlink: 'syz.1.3860': attribute type 16 has an invalid length. [ 781.816356][T20590] netlink: 'syz.1.3860': attribute type 17 has an invalid length. [ 781.859385][T20590] net_ratelimit: 2 callbacks suppressed [ 781.859395][T20590] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 781.960554][T20499] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 781.968855][T20499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 782.014119][T20499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 782.055973][ T49] IPVS: stop unused estimator thread 0... [ 782.109131][T20600] vlan3: entered promiscuous mode [ 782.120610][T20600] syz_tun: entered promiscuous mode [ 782.185171][ T5783] Bluetooth: hci1: command tx timeout [ 782.312949][T20499] hsr_slave_0: entered promiscuous mode [ 782.324843][T20499] hsr_slave_1: entered promiscuous mode [ 782.353353][T20499] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 782.363971][T20499] Cannot create hsr debugfs directory [ 783.621622][T20499] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 783.640984][T20499] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 783.657676][T20499] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 783.682886][T20499] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 783.926015][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 783.926032][ T28] audit: type=1800 audit(1774077511.600:1541): pid=20622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.3873" name="/" dev="fuse" ino=1 res=0 errno=0 [ 783.958876][T20499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 784.032421][T20499] 8021q: adding VLAN 0 to HW filter on device team0 [ 784.068892][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 784.076205][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 784.153774][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 784.161066][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 784.846811][T20499] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 784.976387][T20499] veth0_vlan: entered promiscuous mode [ 785.049084][T20499] veth1_vlan: entered promiscuous mode [ 785.145236][T20499] veth0_macvtap: entered promiscuous mode [ 785.181038][T20499] veth1_macvtap: entered promiscuous mode [ 785.256872][T20499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 785.286037][T20499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 785.312607][T20499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 785.342160][T20499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 785.373682][T20499] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 785.407591][T20499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 785.434541][T20499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 785.464725][T20499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 785.494123][T20499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 785.536277][T20499] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 785.554074][ T5783] Bluetooth: hci2: command 0x0406 tx timeout [ 785.602120][T20499] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.654119][T20499] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.694074][T20499] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.712526][T20499] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.021204][ T3001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.075288][ T3001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.114094][ T3001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.129239][ T3001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 792.566619][T20781] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3904'. [ 792.602299][T20781] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3904'. [ 794.016612][T20828] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3915'. [ 794.074411][T20828] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3915'. [ 794.624195][T20843] syz.2.3918: attempt to access beyond end of device [ 794.624195][T20843] loop5: rw=0, sector=0, nr_sectors = 1 limit=0 [ 794.676288][T20843] FAT-fs (loop5): unable to read boot sector [ 795.078655][T20853] netlink: 14 bytes leftover after parsing attributes in process `syz.7.3920'. [ 795.113760][T20854] loop5: detected capacity change from 0 to 7 [ 795.162005][T20854] loop5: [ 795.188171][T20854] loop5: partition table partially beyond EOD, truncated [ 795.425947][T20853] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 795.485961][T20853] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 795.523770][T20853] bond0 (unregistering): Released all slaves [ 795.572982][T20859] netlink: 'syz.1.3922': attribute type 39 has an invalid length. [ 796.961755][T20904] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3932'. [ 799.422355][T20962] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.3944'. [ 800.424108][ C0] icmp: detected local route for 172.20.20.11 during ICMP sending, src 172.20.20.170 [ 801.482867][T21014] loop2: detected capacity change from 0 to 512 [ 801.522717][T21014] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 801.564301][T21014] EXT4-fs (loop2): Test dummy encryption mode enabled [ 801.605391][T21014] EXT4-fs (loop2): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 801.800599][T20499] EXT4-fs (loop2): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 802.912147][T21048] ip6gre1: entered promiscuous mode [ 802.917754][T21048] ip6gre1: entered allmulticast mode [ 803.324828][T21053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 803.370822][T21053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.411759][T21053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 803.452100][T21053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.486430][T21059] loop2: detected capacity change from 0 to 16 [ 803.490952][T21053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 803.506695][T21053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.516384][T21059] erofs: (device loop2): mounted with root inode @ nid 36. [ 803.554098][T21053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 803.567539][T21059] syz.2.3968: attempt to access beyond end of device [ 803.567539][T21059] loop2: rw=0, sector=8, nr_sectors = 32 limit=16 [ 803.580051][T21053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.658065][T21059] erofs: (device loop2): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 803.684481][T21059] erofs: (device loop2): z_erofs_readahead: readahead error at folio 16 @ nid 36 [ 803.705044][T21059] syz.2.3968: attempt to access beyond end of device [ 803.705044][T21059] loop2: rw=524288, sector=1049272, nr_sectors = 32 limit=16 [ 803.741454][T21059] syz.2.3968: attempt to access beyond end of device [ 803.741454][T21059] loop2: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 803.788227][T21059] syz.2.3968: attempt to access beyond end of device [ 803.788227][T21059] loop2: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 803.817815][T21059] syz.2.3968: attempt to access beyond end of device [ 803.817815][T21059] loop2: rw=524288, sector=376, nr_sectors = 32 limit=16 [ 803.962160][T20499] BUG: Bad page state in process syz-executor pfn:657be [ 803.970880][T20499] page:ffffea000195ef80 refcount:0 mapcount:0 mapping:ffff888058e807c8 index:0x2 pfn:0x657be [ 803.981553][T20499] aops:z_erofs_cache_aops ino:0 [ 803.987035][T20499] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 803.995009][T20499] page_type: 0xffffffff() [ 803.999407][T20499] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff888058e807c8 [ 804.008130][T20499] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 804.016846][T20499] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 804.024247][T20499] page_owner tracks the page as allocated [ 804.031037][T20499] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 21059, tgid 21058 (syz.2.3968), ts 803566742652, free_ts 803560232113 [ 804.053354][T20499] post_alloc_hook+0x1c1/0x200 [ 804.058743][T20499] get_page_from_freelist+0x1951/0x19e0 [ 804.064936][T20499] __alloc_pages+0x1f0/0x460 [ 804.070469][T20499] z_erofs_do_read_page+0x2181/0x36b0 [ 804.076667][T20499] z_erofs_pcluster_readmore+0x2cf/0x450 [ 804.082353][T20499] z_erofs_read_folio+0x237/0x5c0 [ 804.087572][T20499] filemap_read_folio+0x172/0x760 [ 804.092663][T20499] do_read_cache_folio+0x468/0x7d0 [ 804.098686][T20499] erofs_bread+0x16f/0x630 [ 804.103152][T20499] erofs_namei+0x2ae/0xf50 [ 804.107698][T20499] erofs_lookup+0x135/0x310 [ 804.112247][T20499] path_openat+0x10e4/0x3230 [ 804.116949][T20499] do_filp_open+0x1f5/0x430 [ 804.121490][T20499] do_sys_openat2+0x134/0x1d0 [ 804.126313][T20499] __x64_sys_open+0x11f/0x140 [ 804.131037][T20499] do_syscall_64+0x55/0xa0 [ 804.135574][T20499] page last free stack trace: [ 804.140287][T20499] free_unref_page_prepare+0x7b2/0x8c0 [ 804.146083][T20499] free_unref_page_list+0xbe/0x860 [ 804.151344][T20499] release_pages+0x1f7a/0x2200 [ 804.156237][T20499] tlb_flush_mmu+0x379/0x510 [ 804.160984][T20499] tlb_finish_mmu+0xf9/0x220 [ 804.166277][T20499] exit_mmap+0x428/0xb90 [ 804.170577][T20499] __mmput+0x118/0x3c0 [ 804.175189][T20499] exit_mm+0x1f2/0x2c0 [ 804.179330][T20499] do_exit+0x8dd/0x2460 [ 804.183547][T20499] do_group_exit+0x21b/0x2d0 [ 804.188327][T20499] __x64_sys_exit_group+0x3f/0x40 [ 804.193402][T20499] do_syscall_64+0x55/0xa0 [ 804.197970][T20499] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 804.204171][T20499] Modules linked in: [ 804.208402][T20499] CPU: 1 PID: 20499 Comm: syz-executor Not tainted syzkaller #0 [ 804.216095][T20499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 804.226203][T20499] Call Trace: [ 804.229640][T20499] [ 804.232619][T20499] dump_stack_lvl+0x18c/0x250 [ 804.237358][T20499] ? show_regs_print_info+0x20/0x20 [ 804.242713][T20499] ? swiotlb_print_info+0x70/0x70 [ 804.247806][T20499] bad_page+0x14b/0x170 [ 804.252007][T20499] free_unref_page_prepare+0x85f/0x8c0 [ 804.257505][T20499] free_unref_page+0x32/0x2e0 [ 804.262190][T20499] ? __folio_put+0xef/0x210 [ 804.266727][T20499] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 804.273219][T20499] erofs_shrink_workstation+0x11f/0x290 [ 804.279006][T20499] ? erofs_shrinker_unregister+0x170/0x170 [ 804.284860][T20499] ? io_schedule+0xd0/0xd0 [ 804.289521][T20499] ? kobject_put+0x428/0x460 [ 804.294247][T20499] erofs_shrinker_unregister+0x5d/0x170 [ 804.299844][T20499] erofs_put_super+0x4e/0x150 [ 804.304573][T20499] ? erofs_free_inode+0xb0/0xb0 [ 804.309561][T20499] generic_shutdown_super+0x134/0x2b0 [ 804.314983][T20499] kill_block_super+0x44/0x90 [ 804.319743][T20499] erofs_kill_sb+0x4c/0x140 [ 804.324301][T20499] deactivate_locked_super+0x97/0x100 [ 804.329815][T20499] cleanup_mnt+0x43b/0x4d0 [ 804.334293][T20499] task_work_run+0x1d4/0x260 [ 804.338950][T20499] ? task_work_cancel+0x220/0x220 [ 804.344022][T20499] ? exit_to_user_mode_loop+0x3b/0x110 [ 804.349617][T20499] exit_to_user_mode_loop+0xe6/0x110 [ 804.354961][T20499] exit_to_user_mode_prepare+0xee/0x180 [ 804.360650][T20499] syscall_exit_to_user_mode+0x1a/0x50 [ 804.366156][T20499] do_syscall_64+0x61/0xa0 [ 804.370627][T20499] ? clear_bhb_loop+0x40/0x90 [ 804.375421][T20499] ? clear_bhb_loop+0x40/0x90 [ 804.380121][T20499] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 804.386114][T20499] RIP: 0033:0x7f455b79d9d7 [ 804.390707][T20499] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 804.410349][T20499] RSP: 002b:00007ffe040a6ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 804.418895][T20499] RAX: 0000000000000000 RBX: 00007f455b832050 RCX: 00007f455b79d9d7 [ 804.426901][T20499] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe040a6fb0 [ 804.434892][T20499] RBP: 00007ffe040a6fb0 R08: 00007ffe040a7fb0 R09: 00000000ffffffff [ 804.442874][T20499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe040a8040 [ 804.450860][T20499] R13: 00007f455b832050 R14: 00000000000c4409 R15: 00007ffe040a8080 [ 804.458947][T20499] [ 804.463212][T20499] Disabling lock debugging due to kernel taint [ 804.469497][T20499] BUG: Bad page state in process syz-executor pfn:657bd [ 804.477089][T20499] page:ffffea000195ef40 refcount:0 mapcount:0 mapping:ffff888058e807c8 index:0x3 pfn:0x657bd [ 804.487371][T20499] aops:z_erofs_cache_aops ino:0 [ 804.492301][T20499] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 804.500111][T20499] page_type: 0xffffffff() [ 804.504635][T20499] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff888058e807c8 [ 804.513310][T20499] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 804.522067][T20499] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 804.529472][T20499] page_owner tracks the page as allocated [ 804.535278][T20499] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 21059, tgid 21058 (syz.2.3968), ts 803566762035, free_ts 803560219263 [ 804.557568][T20499] post_alloc_hook+0x1c1/0x200 [ 804.562385][T20499] get_page_from_freelist+0x1951/0x19e0 [ 804.568018][T20499] __alloc_pages+0x1f0/0x460 [ 804.572644][T20499] z_erofs_do_read_page+0x2181/0x36b0 [ 804.578637][T20499] z_erofs_pcluster_readmore+0x2cf/0x450 [ 804.584615][T20499] z_erofs_read_folio+0x237/0x5c0 [ 804.589684][T20499] filemap_read_folio+0x172/0x760 [ 804.594843][T20499] do_read_cache_folio+0x468/0x7d0 [ 804.599987][T20499] erofs_bread+0x16f/0x630 [ 804.604480][T20499] erofs_namei+0x2ae/0xf50 [ 804.608932][T20499] erofs_lookup+0x135/0x310 [ 804.613464][T20499] path_openat+0x10e4/0x3230 [ 804.618176][T20499] do_filp_open+0x1f5/0x430 [ 804.622797][T20499] do_sys_openat2+0x134/0x1d0 [ 804.627557][T20499] __x64_sys_open+0x11f/0x140 [ 804.632264][T20499] do_syscall_64+0x55/0xa0 [ 804.636827][T20499] page last free stack trace: [ 804.641521][T20499] free_unref_page_prepare+0x7b2/0x8c0 [ 804.647141][T20499] free_unref_page_list+0xbe/0x860 [ 804.652456][T20499] release_pages+0x1f7a/0x2200 [ 804.657309][T20499] tlb_flush_mmu+0x379/0x510 [ 804.661937][T20499] tlb_finish_mmu+0xf9/0x220 [ 804.666657][T20499] exit_mmap+0x428/0xb90 [ 804.671037][T20499] __mmput+0x118/0x3c0 [ 804.675228][T20499] exit_mm+0x1f2/0x2c0 [ 804.680389][T20499] do_exit+0x8dd/0x2460 [ 804.684705][T20499] do_group_exit+0x21b/0x2d0 [ 804.689343][T20499] __x64_sys_exit_group+0x3f/0x40 [ 804.694465][T20499] do_syscall_64+0x55/0xa0 [ 804.699092][T20499] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 804.705070][T20499] Modules linked in: [ 804.708981][T20499] CPU: 1 PID: 20499 Comm: syz-executor Tainted: G B syzkaller #0 [ 804.718086][T20499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 804.728141][T20499] Call Trace: [ 804.731417][T20499] [ 804.734360][T20499] dump_stack_lvl+0x18c/0x250 [ 804.739046][T20499] ? show_regs_print_info+0x20/0x20 [ 804.744244][T20499] ? swiotlb_print_info+0x70/0x70 [ 804.749266][T20499] bad_page+0x14b/0x170 [ 804.753417][T20499] free_unref_page_prepare+0x85f/0x8c0 [ 804.758875][T20499] free_unref_page+0x32/0x2e0 [ 804.763553][T20499] ? __folio_put+0xef/0x210 [ 804.768062][T20499] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 804.774493][T20499] erofs_shrink_workstation+0x11f/0x290 [ 804.780051][T20499] ? erofs_shrinker_unregister+0x170/0x170 [ 804.785863][T20499] ? io_schedule+0xd0/0xd0 [ 804.790289][T20499] ? kobject_put+0x428/0x460 [ 804.795172][T20499] erofs_shrinker_unregister+0x5d/0x170 [ 804.800812][T20499] erofs_put_super+0x4e/0x150 [ 804.805497][T20499] ? erofs_free_inode+0xb0/0xb0 [ 804.810444][T20499] generic_shutdown_super+0x134/0x2b0 [ 804.815825][T20499] kill_block_super+0x44/0x90 [ 804.820505][T20499] erofs_kill_sb+0x4c/0x140 [ 804.825016][T20499] deactivate_locked_super+0x97/0x100 [ 804.830391][T20499] cleanup_mnt+0x43b/0x4d0 [ 804.834905][T20499] task_work_run+0x1d4/0x260 [ 804.839516][T20499] ? task_work_cancel+0x220/0x220 [ 804.844600][T20499] ? exit_to_user_mode_loop+0x3b/0x110 [ 804.850069][T20499] exit_to_user_mode_loop+0xe6/0x110 [ 804.855366][T20499] exit_to_user_mode_prepare+0xee/0x180 [ 804.860921][T20499] syscall_exit_to_user_mode+0x1a/0x50 [ 804.866385][T20499] do_syscall_64+0x61/0xa0 [ 804.870812][T20499] ? clear_bhb_loop+0x40/0x90 [ 804.875496][T20499] ? clear_bhb_loop+0x40/0x90 [ 804.880271][T20499] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 804.886180][T20499] RIP: 0033:0x7f455b79d9d7 [ 804.890696][T20499] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 804.910397][T20499] RSP: 002b:00007ffe040a6ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 804.918818][T20499] RAX: 0000000000000000 RBX: 00007f455b832050 RCX: 00007f455b79d9d7 [ 804.926794][T20499] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe040a6fb0 [ 804.934854][T20499] RBP: 00007ffe040a6fb0 R08: 00007ffe040a7fb0 R09: 00000000ffffffff [ 804.942830][T20499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe040a8040 [ 804.950889][T20499] R13: 00007f455b832050 R14: 00000000000c4409 R15: 00007ffe040a8080 [ 804.958966][T20499] [ 804.963162][T20499] BUG: Bad page state in process syz-executor pfn:314b9 [ 804.970587][T20499] page:ffffea0000c52e40 refcount:0 mapcount:0 mapping:ffff888058e807c8 index:0x4 pfn:0x314b9 [ 804.980908][T20499] aops:z_erofs_cache_aops ino:0 [ 804.986174][T20499] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 804.994029][T20499] page_type: 0xffffffff() [ 804.998374][T20499] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff888058e807c8 [ 805.007105][T20499] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 805.015744][T20499] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 805.023018][T20499] page_owner tracks the page as allocated [ 805.028854][T20499] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 21059, tgid 21058 (syz.2.3968), ts 803566780498, free_ts 803560205260 [ 805.051337][T20499] post_alloc_hook+0x1c1/0x200 [ 805.056308][T20499] get_page_from_freelist+0x1951/0x19e0 [ 805.061893][T20499] __alloc_pages+0x1f0/0x460 [ 805.066632][T20499] z_erofs_do_read_page+0x2181/0x36b0 [ 805.072047][T20499] z_erofs_pcluster_readmore+0x2cf/0x450 [ 805.077775][T20499] z_erofs_read_folio+0x237/0x5c0 [ 805.082836][T20499] filemap_read_folio+0x172/0x760 [ 805.088465][T20499] do_read_cache_folio+0x468/0x7d0 [ 805.093682][T20499] erofs_bread+0x16f/0x630 [ 805.098282][T20499] erofs_namei+0x2ae/0xf50 [ 805.102744][T20499] erofs_lookup+0x135/0x310 [ 805.107691][T20499] path_openat+0x10e4/0x3230 [ 805.112322][T20499] do_filp_open+0x1f5/0x430 [ 805.116932][T20499] do_sys_openat2+0x134/0x1d0 [ 805.121670][T20499] __x64_sys_open+0x11f/0x140 [ 805.126445][T20499] do_syscall_64+0x55/0xa0 [ 805.130904][T20499] page last free stack trace: [ 805.135672][T20499] free_unref_page_prepare+0x7b2/0x8c0 [ 805.141256][T20499] free_unref_page_list+0xbe/0x860 [ 805.146515][T20499] release_pages+0x1f7a/0x2200 [ 805.151313][T20499] tlb_flush_mmu+0x379/0x510 [ 805.156007][T20499] tlb_finish_mmu+0xf9/0x220 [ 805.160630][T20499] exit_mmap+0x428/0xb90 [ 805.165075][T20499] __mmput+0x118/0x3c0 [ 805.169179][T20499] exit_mm+0x1f2/0x2c0 [ 805.173417][T20499] do_exit+0x8dd/0x2460 [ 805.177667][T20499] do_group_exit+0x21b/0x2d0 [ 805.182390][T20499] __x64_sys_exit_group+0x3f/0x40 [ 805.188030][T20499] do_syscall_64+0x55/0xa0 [ 805.192492][T20499] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 805.198629][T20499] Modules linked in: [ 805.202558][T20499] CPU: 1 PID: 20499 Comm: syz-executor Tainted: G B syzkaller #0 [ 805.211776][T20499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 805.221925][T20499] Call Trace: [ 805.225219][T20499] [ 805.228240][T20499] dump_stack_lvl+0x18c/0x250 [ 805.232938][T20499] ? show_regs_print_info+0x20/0x20 [ 805.238192][T20499] ? swiotlb_print_info+0x70/0x70 [ 805.243233][T20499] bad_page+0x14b/0x170 [ 805.247400][T20499] free_unref_page_prepare+0x85f/0x8c0 [ 805.253043][T20499] free_unref_page+0x32/0x2e0 [ 805.257790][T20499] ? __folio_put+0xef/0x210 [ 805.262294][T20499] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 805.268808][T20499] erofs_shrink_workstation+0x11f/0x290 [ 805.274445][T20499] ? erofs_shrinker_unregister+0x170/0x170 [ 805.280446][T20499] ? io_schedule+0xd0/0xd0 [ 805.284890][T20499] ? kobject_put+0x428/0x460 [ 805.289508][T20499] erofs_shrinker_unregister+0x5d/0x170 [ 805.295075][T20499] erofs_put_super+0x4e/0x150 [ 805.299785][T20499] ? erofs_free_inode+0xb0/0xb0 [ 805.304663][T20499] generic_shutdown_super+0x134/0x2b0 [ 805.310082][T20499] kill_block_super+0x44/0x90 [ 805.314807][T20499] erofs_kill_sb+0x4c/0x140 [ 805.319422][T20499] deactivate_locked_super+0x97/0x100 [ 805.324893][T20499] cleanup_mnt+0x43b/0x4d0 [ 805.329407][T20499] task_work_run+0x1d4/0x260 [ 805.334005][T20499] ? task_work_cancel+0x220/0x220 [ 805.339040][T20499] ? exit_to_user_mode_loop+0x3b/0x110 [ 805.344536][T20499] exit_to_user_mode_loop+0xe6/0x110 [ 805.349869][T20499] exit_to_user_mode_prepare+0xee/0x180 [ 805.355463][T20499] syscall_exit_to_user_mode+0x1a/0x50 [ 805.360946][T20499] do_syscall_64+0x61/0xa0 [ 805.365480][T20499] ? clear_bhb_loop+0x40/0x90 [ 805.370448][T20499] ? clear_bhb_loop+0x40/0x90 [ 805.375141][T20499] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 805.381050][T20499] RIP: 0033:0x7f455b79d9d7 [ 805.385559][T20499] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 805.405344][T20499] RSP: 002b:00007ffe040a6ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 805.413936][T20499] RAX: 0000000000000000 RBX: 00007f455b832050 RCX: 00007f455b79d9d7 [ 805.421914][T20499] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe040a6fb0 [ 805.429890][T20499] RBP: 00007ffe040a6fb0 R08: 00007ffe040a7fb0 R09: 00000000ffffffff [ 805.437952][T20499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe040a8040 [ 805.445924][T20499] R13: 00007f455b832050 R14: 00000000000c4409 R15: 00007ffe040a8080 [ 805.453917][T20499] [ 809.071603][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.078296][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.635035][ T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)