last executing test programs: 7.404080137s ago: executing program 1 (id=477): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./control\x00', 0x480, &(0x7f0000000000), 0x1, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe") r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_tos={0x0}}, 0x20) 6.310718493s ago: executing program 3 (id=482): syz_mount_image$cramfs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x2200409, &(0x7f0000000400)=ANY=[], 0xfe, 0x15e, &(0x7f0000000200)="$eJzs0E2LUmEYxvH/c87jUUixyECCUmhjSeALtYvwRJKQHSjatBLs9AKKkVDuUqJdC6Gti162EfQJdHQxzKCbmS8xG3cDs3Q4z3FmmJePcP92XvdzXzeexw8WOcWJR532h49+t+u/zj736tUXe+NxJcgd6P0/NQ/fTyrwDs1Ew3IAQTxLwJv3Ld9qdlrB72UFooB7yeQRIHl0z01pBhqKhPu5WzC9Zt5ZnM/8MhGzd12DmwyzArD65RAL+q6EWdC3D9iglLM+dsPmWy2fuaqgN8r/+7v9bL5Vu3vnof+9VB3ejqft/Bf4jatim7O3u/Z6azGvP/Xq3qIcLd0vF4oW93ZMYX+IfhL/BK8U6KDPwvQ5pG/ql/BVwQ9za7mhEsD054HXjh5/6/5nOwsqM2o20pE/jdRlCzung8mKC5iJ+ZNCCCGEEEIIIYQQQgghhBBCCCHEGYcBAAD//4rMUes=") r0 = open(&(0x7f0000000280)='.\x00', 0x2000, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000380)='./file1\x00', 0x29ca836, 0x0, 0x0, 0x0, &(0x7f0000000140)) openat(r0, &(0x7f0000000080)='./file2\x00', 0x30d080, 0x166) newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f00000003c0), 0x1000) 6.215173154s ago: executing program 1 (id=483): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000000000000094000040"]) 6.068915435s ago: executing program 3 (id=486): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000bc0)={0x0, 0x3, 0x0, [0xf, 0x200, 0x5, 0x1], [0x200, 0x7fffffffffffffff, 0xfffffffffffffff6, 0x2, 0x8, 0x7, 0xbc, 0x6, 0x6, 0x1000, 0x47, 0x3, 0x60000000, 0x9, 0x40, 0x9, 0x0, 0x100, 0x0, 0x4, 0x80000000, 0xc, 0x6, 0x2, 0x90, 0x8, 0xfffffffffffffff8, 0x1a7, 0x40, 0x0, 0x4, 0x0, 0x8837, 0x6, 0x3, 0x3, 0x1000, 0x9, 0x2, 0x5, 0x4, 0x0, 0x0, 0x6, 0x6, 0xfffffffffffffffd, 0xffffffff80000003, 0x5, 0x100000000, 0xfb3f, 0xb, 0xc, 0x0, 0x9, 0x2, 0xffffffffffffffe8, 0x135, 0x6, 0x2, 0x3, 0x7, 0x0, 0xffff, 0x1, 0x8, 0x1, 0x10, 0x8a, 0xffffffffffffff12, 0x9, 0x800, 0x4, 0x65, 0x0, 0x10, 0xd3ea, 0x6, 0xfffffffffffffffb, 0x1000, 0x8, 0x800, 0x280000, 0x200, 0x6, 0x15, 0x1, 0x7fffffffffffffff, 0xd57, 0x1ff, 0xffffffff, 0xfffffffffffffe00, 0x66d1ee76, 0x7, 0x8, 0x1, 0x6, 0x8000000000000000, 0x1000, 0x2, 0x400, 0xe2, 0x200000005, 0x8, 0x3cf, 0xffffffffffffffff, 0x4cbb, 0xfffffffffffffffd, 0x1, 0x10, 0x0, 0xffffffffffffff57, 0x4, 0xc58f, 0x8, 0x5, 0x40, 0xfffffffffffffffa, 0x3, 0x2, 0x5, 0x5]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_smc(0x2b, 0x1, 0x0) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001) mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') lseek(r5, 0x10000000005, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace', 0x400, 0x10) io_uring_enter(r6, 0x41bb, 0xb934, 0x42, &(0x7f0000000140)={[0x81]}, 0x8) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r7, 0x5423, 0x0) ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000000c0)=0xf9) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x7800, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1}, 0x4) 5.004898261s ago: executing program 3 (id=490): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000027c00000400c2800c00"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f0000000500)={0xe0, r3, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}, @TIPC_NLA_SOCK={0x68, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ee3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xc8e}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4a}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4db378e6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x50}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}]}]}, 0xe0}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10) r5 = dup2(r1, r0) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000080)={0x0, @initdev, @remote}, &(0x7f0000000180)=0xc) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @private=0xa010102}, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000000)="05000000010000", 0x7) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmmsg$inet6(r8, &(0x7f0000004280)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="12952a45c8c5fc", 0x7}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x800) r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x8c0483, 0x0) ioctl$AUTOFS_IOC_FAIL(r9, 0x4c81, 0x8) r10 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r11, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0x6}) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r13 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a00)=@bpf_ext={0x1c, 0x1, &(0x7f0000000780)=@raw=[@exit], &(0x7f00000007c0)='syzkaller\x00', 0x7, 0xef, &(0x7f0000000800)=""/239, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x8, 0x8000, 0xe3c6}, 0x10, 0x1c1ba, 0xffffffffffffffff, 0x0, &(0x7f00000009c0)=[r1], 0x0, 0x10, 0x1}, 0x94) write(r13, &(0x7f0000000ac0)="20901e953a0ab1fb10e3cae0bb7ad1476b5c7003d1986f02c4bc78fe98cc5d2f0927198e4ca50c0231ab6d7d3053d1c6bcf128bb17803d2b587f1223933bf3e684ea2b0de232b1464c1eb6732cdf9dffa626a4d048cc1f5b12e9213ed1c85287183d220a6c725924db734e52a12e3a5ccba509d09343", 0x76) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b80)={0x200000000000037a, &(0x7f0000000b40)=[{0x6, 0x9, 0x3, 0x3}, {0xff, 0x9, 0x40, 0x2}, {0x5, 0x7, 0x8, 0x6}, {0xfffe, 0xb, 0x8, 0x1}, {0x6, 0xa4, 0x9, 0x2e4}, {0x7f, 0xf, 0xf}]}) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43, 0x3}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) 4.740605542s ago: executing program 0 (id=491): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000040)={0x2, 0x0, [{0x7, 0x1, 0x2, 0x4a5, 0x319}, {0x80000001, 0xfffffff6, 0x9, 0x480000, 0x40}]}) 3.970411716s ago: executing program 1 (id=492): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000027c00000400c2800c0001800600060086dd"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f0000000500)={0xb4, r3, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}, @TIPC_NLA_SOCK={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ee3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xc8e}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}]}]}, 0xb4}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10) r5 = dup2(r1, r0) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000080)={0x0, @initdev, @remote}, &(0x7f0000000180)=0xc) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @private=0xa010102}, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000000)="05000000010000", 0x7) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmmsg$inet6(r8, &(0x7f0000004280)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="12952a45c8c5fc", 0x7}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x800) r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x8c0483, 0x0) ioctl$AUTOFS_IOC_FAIL(r9, 0x4c81, 0x8) r10 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r11, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0x6}) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r13 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a00)=@bpf_ext={0x1c, 0x1, &(0x7f0000000780)=@raw=[@exit], &(0x7f00000007c0)='syzkaller\x00', 0x7, 0xef, &(0x7f0000000800)=""/239, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x8, 0x8000, 0xe3c6}, 0x10, 0x1c1ba, 0xffffffffffffffff, 0x0, &(0x7f00000009c0)=[r1], 0x0, 0x10, 0x1}, 0x94) write(r13, &(0x7f0000000ac0)="20901e953a0ab1fb10e3cae0bb7ad1476b5c7003d1986f02c4bc78fe98cc5d2f0927198e4ca50c0231ab6d7d3053d1c6bcf128bb17803d2b587f1223933bf3e684ea2b0de232b1464c1eb6732cdf9dffa626a4d048cc1f5b12e9213ed1c85287183d220a6c725924db734e52a12e3a5ccba509d09343", 0x76) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b80)={0x200000000000037a, &(0x7f0000000b40)=[{0x6, 0x9, 0x3, 0x3}, {0xff, 0x9, 0x40, 0x2}, {0x5, 0x7, 0x8, 0x6}, {0xfffe, 0xb, 0x8, 0x1}, {0x6, 0xa4, 0x9, 0x2e4}, {0x7f, 0xf, 0xf}]}) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43, 0x3}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) 3.679869088s ago: executing program 2 (id=494): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80, 0xfd}, 'port1\x00', 0x7a, 0x11cfa, 0x0, 0x8080008, 0x3, 0x4, 0x1000001}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000080)={0x800100, 0xfffffffb, 0x2, 0x3, 0x2fca, 0xce0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) read(r0, &(0x7f0000000000)=""/107, 0x6b) 3.631751379s ago: executing program 0 (id=496): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000bc0)={0x0, 0x3, 0x0, [0xf, 0x200, 0x5, 0x1], [0x200, 0x7fffffffffffffff, 0xfffffffffffffff6, 0x2, 0x8, 0x7, 0xbc, 0x6, 0x6, 0x1000, 0x47, 0x3, 0x60000000, 0x9, 0x40, 0x9, 0x0, 0x100, 0x0, 0x4, 0x80000000, 0xc, 0x6, 0x2, 0x90, 0x8, 0xfffffffffffffff8, 0x1a7, 0x40, 0x0, 0x4, 0x0, 0x8837, 0x6, 0x3, 0x3, 0x1000, 0x9, 0x2, 0x5, 0x4, 0x0, 0x0, 0x6, 0x6, 0xfffffffffffffffd, 0xffffffff80000003, 0x5, 0x100000000, 0xfb3f, 0xb, 0xc, 0x0, 0x9, 0x2, 0xffffffffffffffe8, 0x135, 0x6, 0x2, 0x3, 0x7, 0x0, 0xffff, 0x1, 0x8, 0x1, 0x10, 0x8a, 0xffffffffffffff12, 0x9, 0x800, 0x4, 0x65, 0x0, 0x10, 0xd3ea, 0x6, 0xfffffffffffffffb, 0x1000, 0x8, 0x800, 0x280000, 0x200, 0x6, 0x15, 0x1, 0x7fffffffffffffff, 0xd57, 0x1ff, 0xffffffff, 0xfffffffffffffe00, 0x66d1ee76, 0x7, 0x8, 0x1, 0x6, 0x8000000000000000, 0x1000, 0x2, 0x400, 0xe2, 0x200000005, 0x8, 0x3cf, 0xffffffffffffffff, 0x4cbb, 0xfffffffffffffffd, 0x1, 0x10, 0x0, 0xffffffffffffff57, 0x4, 0xc58f, 0x8, 0x5, 0x40, 0xfffffffffffffffa, 0x3, 0x2, 0x5, 0x5]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_smc(0x2b, 0x1, 0x0) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001) mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') lseek(r5, 0x10000000005, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace', 0x400, 0x10) io_uring_enter(r6, 0x41bb, 0xb934, 0x42, &(0x7f0000000140)={[0x81]}, 0x8) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x7) ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000000c0)=0xf9) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1}, 0x4) 3.563102499s ago: executing program 3 (id=497): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 3.515801479s ago: executing program 4 (id=498): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@host}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000100)={{@host}, 0x0, 0x1}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000240)={0x0, 0x6}) 3.44155461s ago: executing program 2 (id=499): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x3) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) dup2(r2, r1) 3.41039209s ago: executing program 1 (id=500): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000bc0)={0x0, 0x3, 0x0, [0xf, 0x200, 0x5, 0x1], [0x200, 0x7fffffffffffffff, 0xfffffffffffffff6, 0x2, 0x8, 0x7, 0xbc, 0x6, 0x6, 0x1000, 0x47, 0x3, 0x60000000, 0x9, 0x40, 0x9, 0x0, 0x100, 0x0, 0x4, 0x80000000, 0xc, 0x6, 0x2, 0x90, 0x8, 0xfffffffffffffff8, 0x1a7, 0x40, 0x0, 0x4, 0x0, 0x8837, 0x6, 0x3, 0x3, 0x1000, 0x9, 0x2, 0x5, 0x4, 0x0, 0x0, 0x6, 0x6, 0xfffffffffffffffd, 0xffffffff80000003, 0x5, 0x100000000, 0xfb3f, 0xb, 0xc, 0x0, 0x9, 0x2, 0xffffffffffffffe8, 0x135, 0x6, 0x2, 0x3, 0x7, 0x0, 0xffff, 0x1, 0x8, 0x1, 0x10, 0x8a, 0xffffffffffffff12, 0x9, 0x800, 0x4, 0x65, 0x0, 0x10, 0xd3ea, 0x6, 0xfffffffffffffffb, 0x1000, 0x8, 0x800, 0x280000, 0x200, 0x6, 0x15, 0x1, 0x7fffffffffffffff, 0xd57, 0x1ff, 0xffffffff, 0xfffffffffffffe00, 0x66d1ee76, 0x7, 0x8, 0x1, 0x6, 0x8000000000000000, 0x1000, 0x2, 0x400, 0xe2, 0x200000005, 0x8, 0x3cf, 0xffffffffffffffff, 0x4cbb, 0xfffffffffffffffd, 0x1, 0x10, 0x0, 0xffffffffffffff57, 0x4, 0xc58f, 0x8, 0x5, 0x40, 0xfffffffffffffffa, 0x3, 0x2, 0x5, 0x5]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_smc(0x2b, 0x1, 0x0) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001) mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') lseek(r5, 0x10000000005, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace', 0x400, 0x10) io_uring_enter(r6, 0x41bb, 0xb934, 0x42, &(0x7f0000000140)={[0x81]}, 0x8) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x7) ioctl$TIOCSTI(r7, 0x5412, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x7800, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1}, 0x4) 2.685053124s ago: executing program 3 (id=501): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x22004002, &(0x7f0000000080)={[{@jqfmt_vfsold}, {@stripe={'stripe', 0x3d, 0xffff}}, {@sysvgroups}, {@jqfmt_vfsold}, {@nouid32}, {@grpjquota, 0x2e}]}, 0x84, 0x46c, &(0x7f00000004c0)="$eJzs3EtvG0UcAPD/rpP0RR6U8ugDaiiIiELSpAV64AICqRckJDjAMaShKnVb1ASJVhUtCJUj4hMARyQ+ASe4IOAE4gp3hFShXggckNHau40TO6njxHWDfz9pk5ndWc/Mzk4yu7PrAPpWOfuRRFQj4teIGK1Hlyco138t3rg8+/eNy7NJVKuv/pnU0v114/JskbTYb1ceGU8j0o+S2N8i3/mLl87MVCpzF/L45MLZdybnL1566vTZmVNzp+bOTR8/fuzo1LPPTD+9KfUczsq67/3zB/aeeOPTl2er8eYPX2XlvSvf3liPurEN51mO8vJjWTNU+/nYhj/9zjLcEE4GelgQ1qUUEVlzDdb6/2iUYqnxRuOlD3taOKCrqtVqdVvT2lIRuFoF/seS6HUJgN4o/tFn17/FchuHHz13/fn6BVBW78V8qW8ZiDT7tb1+xT7cpfzLEfH61X8+y5ZoeR8CAGBzfZONf55sNf4bSe5rSDeSzw2NRcThiNgdEfdExJ6IuDcisrT3R8QD68y/vCLePP75eUdHFWtTNv57Lp/bWj7+S4skY6U8Nlyr/2Dy1unK3JH8mIzH4LYsPrVGHt+++Msnq21rHP9lS5Z/MRbMy/HHwIobdCdnFmY2UudG1z+I2DfQqv7JzZmAJCL2RsS+Dj4/O2ann/jyQBYe2dW8/cAt67+GTZhnqn4R8Xi9/a/GivoXknpOq81PTm6PytyRyeKsaPbjT9deaYwPNoRv3f7dlbX/zpbnf17/ohsU87Xz68/j2m8fr3pN0+n5P5S8VgsP5evem1lYuDAVMZSvWLZ+emnfIl6kz+o/fqhV/UeS3RH/fp7vtz8/Vx+MiIci4mBe9ocj4pGIOLRG/b9/4dG31z5CvW3/k2u1f8RY0jhf30GgdOa7r1fLv732P1YLjedr2vn7124BN3LsAAAAYKtIa8/AJ+nEzXCaTkzUn+HfEzvTyvn5hcPlePfcyfqz8mMxmBZ3ukYb7odO5feGi/j0ivjRiLi79qTRjlp8YvZ8pVtz6kB7dq3S/zO/l3pdOqDr1jWP1vxGG7CFeV8T+pf+D/1L/4f+pf9D/2rV/69ELPagKMBt5v8/9C/9H/qX/g/9S/+HvtT8SnzxdSudvOm/FNh9YkO791Gg1KVPjsYv7ehCINKeH7rOA+mdUIyDeWBbRLS715WutunK8wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDr+y8AAP//BcXhGA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}}) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000180)=@v2={0x2, @adiantum, 0x0, '\x00', @c}) 2.662545924s ago: executing program 2 (id=502): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) fcntl$setpipe(r1, 0x407, 0x4) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101402, 0x0) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x20202, 0x0) writev(r3, &(0x7f00000013c0)=[{&(0x7f0000000180)="a044b2cfa90a", 0x6}], 0x1) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x10, 0xa, 0x0) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r5, &(0x7f00000001c0), 0x0, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @private2}, 0x1c) shutdown(r5, 0x1) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x5, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) r8 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x1071) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000180)=0xffffffffffffffff) r13 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x3, r13, 0x2, &(0x7f0000000280)) ioctl$vim2m_VIDIOC_PREPARE_BUF(r8, 0xc058565d, &(0x7f00000003c0)=@multiplanar_mmap={0xca, 0x1, 0x4, 0x100, 0x10, {r10, r11/1000+10000}, {0x3, 0x8, 0x9, 0x4, 0x7, 0x40, "6d0345c2"}, 0x9, 0x1, {&(0x7f0000000340)=[{0x6, 0x40000000, {0x9}, 0x8}, {0x0, 0x9, {0x28000000}, 0x2}]}, 0x1, 0x0, r12}) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001a40)=@newtfilter={0x38, 0x2c, 0xd2b, 0x800, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x10, 0xfff1}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xb, 0xfff2}}]}}]}, 0x38}}, 0x24044094) 2.661067804s ago: executing program 4 (id=503): r0 = syz_open_dev$dri(&(0x7f0000000340), 0x1ff, 0xc0000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x8, 0x40}) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x1, r2, 0xfffffffe, 0xfffd, 0x7ff, 0x1ff, 0x1}) 2.545275735s ago: executing program 0 (id=504): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) fcntl$setpipe(r1, 0x407, 0x4) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101402, 0x0) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x20202, 0x0) writev(r3, &(0x7f00000013c0)=[{&(0x7f0000000180)}], 0x1) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x10, 0xa, 0x0) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @private2}, 0x1c) shutdown(r5, 0x1) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x5, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) r8 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x1071) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000180)=0xffffffffffffffff) r13 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x3, r13, 0x2, &(0x7f0000000280)) ioctl$vim2m_VIDIOC_PREPARE_BUF(r8, 0xc058565d, &(0x7f00000003c0)=@multiplanar_mmap={0xca, 0x1, 0x4, 0x100, 0x10, {r10, r11/1000+10000}, {0x3, 0x8, 0x9, 0x4, 0x7, 0x40, "6d0345c2"}, 0x9, 0x1, {&(0x7f0000000340)=[{0x6, 0x40000000, {0x9}, 0x8}, {0x0, 0x9, {0x28000000}, 0x2}]}, 0x1, 0x0, r12}) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001a40)=@newtfilter={0x38, 0x2c, 0xd2b, 0x800, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x10, 0xfff1}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xb, 0xfff2}}]}}]}, 0x38}}, 0x24044094) 2.450437855s ago: executing program 4 (id=505): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f0000000500)={0xe0, r3, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}, @TIPC_NLA_SOCK={0x68, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ee3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xc8e}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4a}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4db378e6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x50}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}]}]}, 0xe0}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10) r5 = dup2(r1, r0) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000080)={0x0, @initdev, @remote}, &(0x7f0000000180)=0xc) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @private=0xa010102}, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000000)="05000000010000", 0x7) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmmsg$inet6(r8, &(0x7f0000004280)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="12952a45c8c5fc", 0x7}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x800) r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x8c0483, 0x0) ioctl$AUTOFS_IOC_FAIL(r9, 0x4c81, 0x8) r10 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r11, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0x6}) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r13 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a00)=@bpf_ext={0x1c, 0x1, &(0x7f0000000780)=@raw=[@exit], &(0x7f00000007c0)='syzkaller\x00', 0x7, 0xef, &(0x7f0000000800)=""/239, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x8, 0x8000, 0xe3c6}, 0x10, 0x1c1ba, 0xffffffffffffffff, 0x0, &(0x7f00000009c0)=[r1], 0x0, 0x10, 0x1}, 0x94) write(r13, &(0x7f0000000ac0)="20901e953a0ab1fb10e3cae0bb7ad1476b5c7003d1986f02c4bc78fe98cc5d2f0927198e4ca50c0231ab6d7d3053d1c6bcf128bb17803d2b587f1223933bf3e684ea2b0de232b1464c1eb6732cdf9dffa626a4d048cc1f5b12e9213ed1c85287183d220a6c725924db734e52a12e3a5ccba509d09343", 0x76) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b80)={0x200000000000037a, &(0x7f0000000b40)=[{0x6, 0x9, 0x3, 0x3}, {0xff, 0x9, 0x40, 0x2}, {0x5, 0x7, 0x8, 0x6}, {0xfffe, 0xb, 0x8, 0x1}, {0x6, 0xa4, 0x9, 0x2e4}, {0x7f, 0xf, 0xf}]}) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43, 0x3}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) 2.303167537s ago: executing program 1 (id=506): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1400, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) 1.232970883s ago: executing program 2 (id=507): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r0, &(0x7f0000000500)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd6067", 0x14}, {&(0x7f0000000200)="b700000006000000000000d1dd0fccd5de", 0x11}, {&(0x7f0000000540)="37a88dc41ed443abea1e522800b6e02a2724fd355159", 0x16}], 0x3) 724.390105ms ago: executing program 0 (id=508): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000027c00000400c2800c00"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f0000000500)={0xe0, r3, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}, @TIPC_NLA_SOCK={0x68, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ee3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xc8e}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4a}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4db378e6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x50}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}]}]}, 0xe0}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10) r5 = dup2(r1, r0) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000080)={0x0, @initdev, @remote}, &(0x7f0000000180)=0xc) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @private=0xa010102}, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000000)="05000000010000", 0x7) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmmsg$inet6(r8, &(0x7f0000004280)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="12952a45c8c5fc", 0x7}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x800) r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x8c0483, 0x0) ioctl$AUTOFS_IOC_FAIL(r9, 0x4c81, 0x8) r10 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r11, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0x6}) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r13 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a00)=@bpf_ext={0x1c, 0x1, &(0x7f0000000780)=@raw=[@exit], &(0x7f00000007c0)='syzkaller\x00', 0x7, 0xef, &(0x7f0000000800)=""/239, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x8, 0x8000, 0xe3c6}, 0x10, 0x1c1ba, 0xffffffffffffffff, 0x0, &(0x7f00000009c0)=[r1], 0x0, 0x10, 0x1}, 0x94) write(r13, &(0x7f0000000ac0)="20901e953a0ab1fb10e3cae0bb7ad1476b5c7003d1986f02c4bc78fe98cc5d2f0927198e4ca50c0231ab6d7d3053d1c6bcf128bb17803d2b587f1223933bf3e684ea2b0de232b1464c1eb6732cdf9dffa626a4d048cc1f5b12e9213ed1c85287183d220a6c725924db734e52a12e3a5ccba509d09343", 0x76) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b80)={0x200000000000037a, &(0x7f0000000b40)=[{0x6, 0x9, 0x3, 0x3}, {0xff, 0x9, 0x40, 0x2}, {0x5, 0x7, 0x8, 0x6}, {0xfffe, 0xb, 0x8, 0x1}, {0x6, 0xa4, 0x9, 0x2e4}, {0x7f, 0xf, 0xf}]}) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43, 0x3}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) 625.277876ms ago: executing program 3 (id=509): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf502, 0x5) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) 545.795357ms ago: executing program 2 (id=510): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000027c00000400c2800c0001800600060086dd"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000700)={&(0x7f0000000500)={0xb4, r3, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}, @TIPC_NLA_SOCK={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ee3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xc8e}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}]}]}, 0xb4}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10) r5 = dup2(r1, r0) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000080)={0x0, @initdev, @remote}, &(0x7f0000000180)=0xc) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @private=0xa010102}, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000000)="05000000010000", 0x7) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmmsg$inet6(r8, &(0x7f0000004280)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="12952a45c8c5fc", 0x7}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x800) r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x8c0483, 0x0) ioctl$AUTOFS_IOC_FAIL(r9, 0x4c81, 0x8) r10 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r11, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0x6}) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r13 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a00)=@bpf_ext={0x1c, 0x1, &(0x7f0000000780)=@raw=[@exit], &(0x7f00000007c0)='syzkaller\x00', 0x7, 0xef, &(0x7f0000000800)=""/239, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x2, 0x8, 0x8000, 0xe3c6}, 0x10, 0x1c1ba, 0xffffffffffffffff, 0x0, &(0x7f00000009c0)=[r1], 0x0, 0x10, 0x1}, 0x94) write(r13, &(0x7f0000000ac0)="20901e953a0ab1fb10e3cae0bb7ad1476b5c7003d1986f02c4bc78fe98cc5d2f0927198e4ca50c0231ab6d7d3053d1c6bcf128bb17803d2b587f1223933bf3e684ea2b0de232b1464c1eb6732cdf9dffa626a4d048cc1f5b12e9213ed1c85287183d220a6c725924db734e52a12e3a5ccba509d09343", 0x76) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000b80)={0x200000000000037a, &(0x7f0000000b40)=[{0x6, 0x9, 0x3, 0x3}, {0xff, 0x9, 0x40, 0x2}, {0x5, 0x7, 0x8, 0x6}, {0xfffe, 0xb, 0x8, 0x1}, {0x6, 0xa4, 0x9, 0x2e4}, {0x7f, 0xf, 0xf}]}) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43, 0x3}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) 393.745118ms ago: executing program 4 (id=511): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0) setpriority(0x2, 0x0, 0xffffffffffffffd0) 338.914627ms ago: executing program 1 (id=512): syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000400)='./file1\x00', 0xa08007, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0xfe, 0x68d, &(0x7f00000006c0)="$eJzs3c1vHGcdB/DvrNdvQUrdNkkLqoTVSAVhkfhFKZhLAwfkQ4WqcKiQuFiN01jZuJXtIrdCYN6vHPoHlIMPSFxA4h6pSBwQcKu4WRxQJSQuPfkWNLOz9jp+yXrjlxg+H2t2n9nndX4788zOrqwJ8H9rbiLNBykyN/H6Wrm+uTHT2tyYGa6zW0nKdCNplk/DSbGUFB8nN9Ne8vkkRV2+OKifDxdnb33y2ean7bVmvVTlG4fV6816vWQ8yUD9vNdgX+29dWB7h5vfThXbW1gG7GoncHDWHu6xfpTqT3jcAk+Don3e3GMsuZBkpP4ckHp2aJzu6I7fkWY5AAAAOKee2cpW1nLxrMcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA50l9//+iXhqd9HiKzv3/h+rXUqdvNc54zE/iwVkPAAAAAAAAAACOwRe3spW1XEz94/7D9i/7L1ePl6rHz+W9rGQhy7mWtcxnNatZzlSSsa6GhtbmV1eXp3qoOb1vzen+xv/7/qoBAAAAAAAAwP+an2au/fs/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LYpkoP1ULZc66bE0mklGkgyV5daTv3fS50Sx34sPTn8cAAAA8ERG+qjzzFa2spaLnfWHRXXNf6W6Xh7Je1nKahazmlYWcru+hi6v+hubGzOtzY2Z+5sbM1XH33/Y1m7nm/850jCqFtP+7mH/nl+sSozmTharV67lraLs93YaVc3Si/V4tpfdnfykHNPoa7UeR3a7fi63/NcHfYtwHBpHrTBWVRrcjshkPbayoWcPj8Rj353moT1NpbH9zc+lQ3rqbFJxxJhf6NRL8stHYv7av377vR6bOQHbkWikisR019535fCYJ1/64+/evNtaunf3zsrEie1Gp+XRfWKmKxIv9BSJ4dMfdE+aRyw/WUXi8vb6XL6d72Yi43kjy1nMDzKf1SyknhkzX+/P5eNYV5SSPZG6uWvtjceNZKh+X9qzaC9jGs9wlZrPy1Xdi1lMkXdyOwt5tfqbzlS+lht1i513+PKB73C1bdVM2zjaUX/1y9k51H9VztS91Uv+3GvBo2ufUsu4PtsV1+45d6zK635lJ0rP9XA+OuLc2PxCnSj7+Fk/p40T82gkproi8fzhkfhNdWystJbuLd+df/eA9tcfWX9lcCf9i77OzCc1CZf7y3MZqWeS3XtHmff89iyzO15D9S8u7bzGnrzLVV5RdI7U7+xzpJYRn61KX9m3pekq74W9eQP1yP/xz668XZ+38s5fTyhgAByvC1+5MDT679G/jX40+vPRu6Ovj3xr+OvDLw1l8E+D32hODrzSeKn4Qz7Kj3au/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP6tvP/BvflWa2F5/0Tj4KzjTRT1bXkOKtPMaE5hGKeZKJL1Y285Z79dPSQ6NxF80nbevPlUbM65TgwkqV/5cbKz/9RvUT83FwXOheur99+9vvL+B19dvD//9sLbC0uDN27MTs7eeHXm+p3F1sJk+/GsRwmchJ3PAz1WGDzhAQEAAAAAAAAAAACPtd8/BvzlmP/ToKu78TPcVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCcmptIczBFpiavTZbrmxszrXLppHdKNpM0Gknxw6T4OLmZ9pKxruaKg/r5cHH21iefbX6601azU75xWL3erNdLxpMM1M97DPXX3vpB7fWs2N7CMmBXO4GDs/bfAAAA//+VJAQ5") r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000000)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0xc0085504, &(0x7f0000000080)) 252.151838ms ago: executing program 0 (id=513): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0x26, 0x6a, 0x46, 0x3, 0x0, 0x85, 0x6, 0x21, 0xe6, 0x0, 0x81, 0x4c, 0x2, 0x3}, 0xe) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @local}}}, 0x84) 193.607249ms ago: executing program 4 (id=514): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000002480)={0x68, r1, 0x1, 0x20000002, 0x25dfdc02, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @key_params=[@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}], @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @key_params=[@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "0dffe68c53cce86218c6429c9b"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}]]}, 0x68}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) 135.531019ms ago: executing program 2 (id=515): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000bc0)={0x0, 0x3, 0x0, [0xf, 0x200, 0x5, 0x1], [0x200, 0x7fffffffffffffff, 0xfffffffffffffff6, 0x2, 0x8, 0x7, 0xbc, 0x6, 0x6, 0x1000, 0x47, 0x3, 0x60000000, 0x9, 0x40, 0x9, 0x0, 0x100, 0x0, 0x4, 0x80000000, 0xc, 0x6, 0x2, 0x90, 0x8, 0xfffffffffffffff8, 0x1a7, 0x40, 0x0, 0x4, 0x0, 0x8837, 0x6, 0x3, 0x3, 0x1000, 0x9, 0x2, 0x5, 0x4, 0x0, 0x0, 0x6, 0x6, 0xfffffffffffffffd, 0xffffffff80000003, 0x5, 0x100000000, 0xfb3f, 0xb, 0xc, 0x0, 0x9, 0x2, 0xffffffffffffffe8, 0x135, 0x6, 0x2, 0x3, 0x7, 0x0, 0xffff, 0x1, 0x8, 0x1, 0x10, 0x8a, 0xffffffffffffff12, 0x9, 0x800, 0x4, 0x65, 0x0, 0x10, 0xd3ea, 0x6, 0xfffffffffffffffb, 0x1000, 0x8, 0x800, 0x280000, 0x200, 0x6, 0x15, 0x1, 0x7fffffffffffffff, 0xd57, 0x1ff, 0xffffffff, 0xfffffffffffffe00, 0x66d1ee76, 0x7, 0x8, 0x1, 0x6, 0x8000000000000000, 0x1000, 0x2, 0x400, 0xe2, 0x200000005, 0x8, 0x3cf, 0xffffffffffffffff, 0x4cbb, 0xfffffffffffffffd, 0x1, 0x10, 0x0, 0xffffffffffffff57, 0x4, 0xc58f, 0x8, 0x5, 0x40, 0xfffffffffffffffa, 0x3, 0x2, 0x5, 0x5]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_smc(0x2b, 0x1, 0x0) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001) mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') lseek(r5, 0x10000000005, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace', 0x400, 0x10) io_uring_enter(r6, 0x41bb, 0xb934, 0x42, &(0x7f0000000140)={[0x81]}, 0x8) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x7) ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000000c0)=0xf9) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1}, 0x4) 70.57381ms ago: executing program 0 (id=516): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000bc0)={0x0, 0x3, 0x0, [0xf, 0x200, 0x5, 0x1], [0x200, 0x7fffffffffffffff, 0xfffffffffffffff6, 0x2, 0x8, 0x7, 0xbc, 0x6, 0x6, 0x1000, 0x47, 0x3, 0x60000000, 0x9, 0x40, 0x9, 0x0, 0x100, 0x0, 0x4, 0x80000000, 0xc, 0x6, 0x2, 0x90, 0x8, 0xfffffffffffffff8, 0x1a7, 0x40, 0x0, 0x4, 0x0, 0x8837, 0x6, 0x3, 0x3, 0x1000, 0x9, 0x2, 0x5, 0x4, 0x0, 0x0, 0x6, 0x6, 0xfffffffffffffffd, 0xffffffff80000003, 0x5, 0x100000000, 0xfb3f, 0xb, 0xc, 0x0, 0x9, 0x2, 0xffffffffffffffe8, 0x135, 0x6, 0x2, 0x3, 0x7, 0x0, 0xffff, 0x1, 0x8, 0x1, 0x10, 0x8a, 0xffffffffffffff12, 0x9, 0x800, 0x4, 0x65, 0x0, 0x10, 0xd3ea, 0x6, 0xfffffffffffffffb, 0x1000, 0x8, 0x800, 0x280000, 0x200, 0x6, 0x15, 0x1, 0x7fffffffffffffff, 0xd57, 0x1ff, 0xffffffff, 0xfffffffffffffe00, 0x66d1ee76, 0x7, 0x8, 0x1, 0x6, 0x8000000000000000, 0x1000, 0x2, 0x400, 0xe2, 0x200000005, 0x8, 0x3cf, 0xffffffffffffffff, 0x4cbb, 0xfffffffffffffffd, 0x1, 0x10, 0x0, 0xffffffffffffff57, 0x4, 0xc58f, 0x8, 0x5, 0x40, 0xfffffffffffffffa, 0x3, 0x2, 0x5, 0x5]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_smc(0x2b, 0x1, 0x0) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001) mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') lseek(r5, 0x10000000005, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace', 0x400, 0x10) io_uring_enter(r6, 0x41bb, 0xb934, 0x42, &(0x7f0000000140)={[0x81]}, 0x8) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x7) ioctl$TIOCSTI(r7, 0x5412, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x7800, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1}, 0x4) 0s ago: executing program 4 (id=517): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000001300000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c230000) ioctl$TUNSETOFFLOAD(r1, 0x4004743c, 0xf0ff1f00000000) kernel console output (not intermixed with test programs): 7] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.554226][ T4267] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.562374][ T4267] device bridge_slave_1 entered promiscuous mode [ 55.571807][ T4265] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.578877][ T4265] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.586632][ T4265] device bridge_slave_1 entered promiscuous mode [ 55.599604][ T4266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.629481][ T4266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.673470][ T4267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.690856][ T4265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.702234][ T4265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.725315][ T4267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.750638][ T4266] team0: Port device team_slave_0 added [ 55.770903][ T4268] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.778165][ T4268] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.785920][ T4268] device bridge_slave_0 entered promiscuous mode [ 55.794289][ T4268] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.801757][ T4268] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.811055][ T4268] device bridge_slave_1 entered promiscuous mode [ 55.826864][ T4266] team0: Port device team_slave_1 added [ 55.832838][ T4272] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.839915][ T4272] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.848244][ T4272] device bridge_slave_0 entered promiscuous mode [ 55.871105][ T4265] team0: Port device team_slave_0 added [ 55.883134][ T4272] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.890253][ T4272] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.898577][ T4272] device bridge_slave_1 entered promiscuous mode [ 55.908224][ T4267] team0: Port device team_slave_0 added [ 55.924333][ T4265] team0: Port device team_slave_1 added [ 55.932027][ T4268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.957373][ T4267] team0: Port device team_slave_1 added [ 55.969972][ T4268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.979966][ T4266] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.987108][ T4266] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.013330][ T4266] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.035600][ T4272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.064673][ T4266] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.071908][ T4266] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.097957][ T4266] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.110351][ T4272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.135097][ T4265] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.142106][ T4265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.168226][ T4265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.196124][ T4267] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.203505][ T4267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.229720][ T4267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.241435][ T4265] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.248384][ T4265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.274415][ T4265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.287890][ T4268] team0: Port device team_slave_0 added [ 56.295550][ T4268] team0: Port device team_slave_1 added [ 56.316377][ T4267] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.323503][ T4267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.349606][ T4267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.379783][ T4272] team0: Port device team_slave_0 added [ 56.397764][ T4268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.404823][ T4268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.431438][ T4268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.443637][ T4268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.450584][ T4268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.477027][ T4268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.490370][ T4266] device hsr_slave_0 entered promiscuous mode [ 56.497647][ T4266] device hsr_slave_1 entered promiscuous mode [ 56.505879][ T4272] team0: Port device team_slave_1 added [ 56.563909][ T4272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.570889][ T4272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.596940][ T4272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.608813][ T4272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.616167][ T4272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.642543][ T4272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.655451][ T4267] device hsr_slave_0 entered promiscuous mode [ 56.662549][ T4267] device hsr_slave_1 entered promiscuous mode [ 56.669151][ T4267] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.676950][ T4267] Cannot create hsr debugfs directory [ 56.685380][ T4265] device hsr_slave_0 entered promiscuous mode [ 56.692666][ T4265] device hsr_slave_1 entered promiscuous mode [ 56.699093][ T4265] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.706730][ T4265] Cannot create hsr debugfs directory [ 56.781879][ T4281] Bluetooth: hci0: command 0x0409 tx timeout [ 56.796893][ T4268] device hsr_slave_0 entered promiscuous mode [ 56.804848][ T4268] device hsr_slave_1 entered promiscuous mode [ 56.811469][ T4268] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.819025][ T4268] Cannot create hsr debugfs directory [ 56.839125][ T4272] device hsr_slave_0 entered promiscuous mode [ 56.845882][ T4272] device hsr_slave_1 entered promiscuous mode [ 56.852137][ T4281] Bluetooth: hci4: command 0x0409 tx timeout [ 56.852851][ T4283] Bluetooth: hci1: command 0x0409 tx timeout [ 56.858730][ T4282] Bluetooth: hci2: command 0x0409 tx timeout [ 56.864702][ T4283] Bluetooth: hci3: command 0x0409 tx timeout [ 56.876744][ T4272] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.884349][ T4272] Cannot create hsr debugfs directory [ 57.144458][ T4266] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 57.159511][ T4266] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 57.178141][ T4266] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 57.190567][ T4266] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 57.215602][ T4268] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 57.235360][ T4268] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 57.249879][ T4268] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 57.265149][ T4268] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 57.343732][ T4265] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.355876][ T4265] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.378261][ T4265] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.404673][ T4265] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.426382][ T4266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.453619][ T4267] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 57.467269][ T4267] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 57.495339][ T4267] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 57.507466][ T4267] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 57.517064][ T4272] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 57.527916][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.537659][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.554829][ T4272] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 57.573748][ T4268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.583247][ T4266] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.592629][ T4272] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 57.607046][ T4272] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 57.629266][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.638407][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.647602][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.654898][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.664402][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.674053][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.682900][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.689956][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.708245][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.758023][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.766211][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.775318][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.784308][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.793144][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.801922][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.810193][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.818976][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.827871][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.836342][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.844753][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.856519][ T4268] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.884768][ T4266] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.896034][ T4266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.906720][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.916956][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.926185][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.935444][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.944926][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.952048][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.959607][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.968567][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.977539][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.984639][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.992581][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.021988][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.030667][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.040025][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.052724][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.061042][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.096546][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.109728][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.120965][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.135327][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.145301][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.154953][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.175105][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.197235][ T4265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.219708][ T4267] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.238049][ T4272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.250021][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.260145][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.279710][ T4265] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.289769][ T4267] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.300976][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.313166][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.346926][ T4272] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.381050][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.390765][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.399668][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.407167][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.420864][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.430637][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.444904][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.452042][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.462539][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.470412][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.478849][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.488096][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.496850][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.503927][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.512482][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.520988][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.529689][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.536796][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.544775][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.553608][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.587717][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.600578][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.608705][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.624893][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.638907][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.649606][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.659415][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.668875][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.677716][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.687254][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.700571][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.709038][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.717419][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.726507][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.752866][ T4266] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.762921][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.783333][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.792898][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.800614][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.809796][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.820559][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.828940][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.837555][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.846009][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.851481][ T4283] Bluetooth: hci0: command 0x041b tx timeout [ 58.854579][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.867295][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.874959][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.883888][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.892869][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.899920][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.908290][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.917198][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.925924][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.933065][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.940776][ T4283] Bluetooth: hci3: command 0x041b tx timeout [ 58.941383][ T4279] Bluetooth: hci4: command 0x041b tx timeout [ 58.947094][ T4283] Bluetooth: hci2: command 0x041b tx timeout [ 58.953123][ T4281] Bluetooth: hci1: command 0x041b tx timeout [ 58.962965][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.996811][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.006763][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.018725][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.028978][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.037692][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.050714][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.060682][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.076813][ T4268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.113070][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.128530][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.138246][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.153670][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.166597][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.224325][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.240737][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.250625][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.266426][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.281441][ T4266] device veth0_vlan entered promiscuous mode [ 59.295674][ T4272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.318299][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.342429][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.351906][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.363382][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.377518][ T4266] device veth1_vlan entered promiscuous mode [ 59.395774][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.407891][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.430998][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.464555][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.478153][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.503766][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.528718][ T4268] device veth0_vlan entered promiscuous mode [ 59.556158][ T4265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.564975][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.578684][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.587674][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.596650][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.606410][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.615193][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.626309][ T4268] device veth1_vlan entered promiscuous mode [ 59.636211][ T4266] device veth0_macvtap entered promiscuous mode [ 59.648709][ T4266] device veth1_macvtap entered promiscuous mode [ 59.686006][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.701035][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.710259][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.724170][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.736173][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.747989][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.782135][ T4268] device veth0_macvtap entered promiscuous mode [ 59.790076][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.798465][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.808416][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.818549][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.826359][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.840593][ T4266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.856655][ T4266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.866849][ T4266] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.875776][ T4266] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.884995][ T4266] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.894418][ T4266] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.906685][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.915760][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.925921][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.934658][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.943662][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.951044][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.958665][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.967155][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.976228][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.984369][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.992225][ T4265] device veth0_vlan entered promiscuous mode [ 60.000602][ T4268] device veth1_macvtap entered promiscuous mode [ 60.017435][ T4267] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.030441][ T4272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.042399][ T4265] device veth1_vlan entered promiscuous mode [ 60.108120][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 60.118413][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 60.128669][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 60.137288][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 60.147237][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.166961][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.178792][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.190085][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.199731][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.210370][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.225424][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.243275][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.252286][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.268513][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.278419][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.298665][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 60.313183][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.333737][ T4268] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.344323][ T4268] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.355155][ T4268] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.365052][ T4268] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.396374][ T4267] device veth0_vlan entered promiscuous mode [ 60.410224][ T4265] device veth0_macvtap entered promiscuous mode [ 60.428292][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 60.437966][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 60.454257][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.480768][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.493373][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.508964][ T4267] device veth1_vlan entered promiscuous mode [ 60.516817][ T4265] device veth1_macvtap entered promiscuous mode [ 60.578539][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.588630][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.637449][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 60.649589][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 60.659399][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.667824][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 60.676598][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.696786][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.708102][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.718366][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.729075][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.740442][ T4265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.765502][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 60.775005][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.783854][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.794216][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.803824][ T4267] device veth0_macvtap entered promiscuous mode [ 60.812828][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.823887][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.834048][ T4265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.845231][ T4265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.857190][ T4265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.867870][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.867967][ T4265] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.885229][ T4265] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.887008][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.894194][ T4265] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.894220][ T4265] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.924613][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.934156][ T4279] Bluetooth: hci0: command 0x040f tx timeout [ 60.939286][ T4267] device veth1_macvtap entered promiscuous mode [ 60.947426][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.955568][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 60.964090][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 60.972443][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.980346][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.989594][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.004218][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.011342][ T4279] Bluetooth: hci1: command 0x040f tx timeout [ 61.017453][ T4279] Bluetooth: hci4: command 0x040f tx timeout [ 61.021806][ T4281] Bluetooth: hci2: command 0x040f tx timeout [ 61.023616][ T4282] Bluetooth: hci3: command 0x040f tx timeout [ 61.087371][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.098484][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.109232][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.120034][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.130071][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.141230][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.153196][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.161838][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 61.170378][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 61.179885][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.191100][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.200580][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 61.208996][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 61.217111][ T4272] device veth0_vlan entered promiscuous mode [ 61.237678][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.250662][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.263998][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.276022][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.306571][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.313746][ T4374] random: crng reseeded on system resumption [ 61.318593][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.343827][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.361983][ T4359] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.363562][ T4272] device veth1_vlan entered promiscuous mode [ 61.376443][ T4359] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.396442][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 61.410122][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 61.436717][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.447607][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.474329][ T4267] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.489594][ T4267] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.509427][ T4267] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.524087][ T4267] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.618172][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.635533][ T4272] device veth0_macvtap entered promiscuous mode [ 61.651824][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.678412][ T4272] device veth1_macvtap entered promiscuous mode [ 61.692386][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.702300][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.722085][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.741374][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.782233][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.799114][ T4359] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.839514][ T4272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.853035][ T4359] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.861610][ T4272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.874709][ T4272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.911230][ T4272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.936458][ T4272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.949342][ T4272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.959617][ T4272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.970631][ T4272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.989900][ T4272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.004349][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.018260][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.027492][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.063185][ T4272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.091354][ T4272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.120436][ T4272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.151362][ T4272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.165441][ T4272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.173369][ T4378] loop1: detected capacity change from 0 to 32768 [ 62.176887][ T4272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.195670][ T4378] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.2 (4378) [ 62.230301][ T4272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.241492][ T4272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.246564][ T4378] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 62.263135][ T4272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.270543][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.286277][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.302019][ T4378] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 62.330525][ T4272] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.332327][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.371600][ T4378] BTRFS info (device loop1): using free space tree [ 62.394327][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.395665][ T4272] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.447743][ T4272] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.487523][ T4272] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.551487][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 62.619031][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.651066][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.663833][ T4405] loop0: detected capacity change from 0 to 1024 [ 62.729406][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.737195][ T4378] BTRFS info (device loop1): enabling ssd optimizations [ 62.809360][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.846611][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.877983][ T4386] loop3: detected capacity change from 0 to 32768 [ 62.889328][ T52] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 62.961796][ T4386] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.8 (4386) [ 62.993566][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.012745][ T4282] Bluetooth: hci0: command 0x0419 tx timeout [ 63.063107][ T9] hfsplus: b-tree write err: -5, ino 4 [ 63.092417][ T4282] Bluetooth: hci4: command 0x0419 tx timeout [ 63.098494][ T4282] Bluetooth: hci2: command 0x0419 tx timeout [ 63.104718][ T4279] Bluetooth: hci3: command 0x0419 tx timeout [ 63.104735][ T4283] Bluetooth: hci1: command 0x0419 tx timeout [ 63.120800][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.223578][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.328626][ T4415] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 63.395302][ T4268] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 63.429718][ T4259] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by udevd (4259) [ 63.503824][ T4420] loop2: detected capacity change from 0 to 2048 [ 63.757677][ T4435] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.871754][ T27] audit: type=1800 audit(1761774756.383:2): pid=4420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.12" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 63.939547][ T4420] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 63.976245][ T4420] Remounting filesystem read-only [ 64.004325][ T4446] netlink: 36 bytes leftover after parsing attributes in process `syz.0.15'. [ 64.034781][ T4446] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15'. [ 64.558874][ T4462] netlink: 'syz.3.21': attribute type 1 has an invalid length. [ 64.586493][ T4443] loop1: detected capacity change from 0 to 32768 [ 64.607693][ T4462] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.21'. [ 64.635246][ T4443] ======================================================= [ 64.635246][ T4443] WARNING: The mand mount option has been deprecated and [ 64.635246][ T4443] and is ignored by this kernel. Remove the mand [ 64.635246][ T4443] option from the mount to silence this warning. [ 64.635246][ T4443] ======================================================= [ 64.795310][ T4462] Bluetooth: MGMT ver 1.22 [ 64.807072][ T4472] netlink: 'syz.4.25': attribute type 1 has an invalid length. [ 64.814768][ T4472] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.25'. [ 64.890917][ T4473] sp0: Synchronizing with TNC [ 65.078637][ T4443] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 65.329940][ T4268] ocfs2: Unmounting device (7,1) on (node local) [ 65.995595][ T4512] netlink: 'syz.2.38': attribute type 1 has an invalid length. [ 66.003452][ T4512] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.38'. [ 66.229253][ T4518] loop1: detected capacity change from 0 to 512 [ 66.297614][ T4518] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 66.328403][ T4524] netlink: 'syz.2.40': attribute type 1 has an invalid length. [ 66.336907][ T4518] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.365034][ T4524] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.40'. [ 66.397928][ T4518] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz.1.39: iget: bad i_size value: 2533274857506816 [ 66.516067][ T4268] EXT4-fs (loop1): unmounting filesystem. [ 66.936335][ T4540] binder: 4533:4540 ioctl c0306201 0 returned -14 [ 66.965954][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 66.976477][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 67.343465][ T4544] loop1: detected capacity change from 0 to 1024 [ 67.663044][ T4552] sp0: Synchronizing with TNC [ 67.867844][ T4558] netlink: 'syz.4.51': attribute type 1 has an invalid length. [ 67.875572][ T4558] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.51'. [ 68.088744][ T4568] netlink: 'syz.1.53': attribute type 1 has an invalid length. [ 68.105995][ T4568] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.53'. [ 68.582049][ T4587] netlink: 'syz.0.58': attribute type 1 has an invalid length. [ 68.589816][ T4587] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.58'. [ 68.603091][ T4587] syz.0.58[4587] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 68.603185][ T4587] syz.0.58[4587] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 68.708573][ T4589] sp0: Synchronizing with TNC [ 69.198534][ T4593] binder: 4583:4593 ioctl c0306201 0 returned -14 [ 69.447415][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 69.455692][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 69.491849][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 69.504517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 69.766720][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 69.775428][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.791450][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.799770][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.808070][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 69.816751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.892520][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 69.898791][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 70.379614][ T4610] netlink: 'syz.4.65': attribute type 1 has an invalid length. [ 70.427307][ T4610] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.65'. [ 70.712795][ T4623] sp0: Synchronizing with TNC [ 70.954929][ T4438] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 71.177133][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.183698][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.305043][ T4438] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 71.390383][ T4438] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 71.584910][ T4438] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 71.717871][ T4438] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 71.742317][ T4438] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 71.802818][ T4438] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 71.805420][ T4632] sp0: Synchronizing with TNC [ 71.975078][ T4438] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 71.996393][ T4438] usb 3-1: Product: syz [ 72.012240][ T4438] usb 3-1: Manufacturer: syz [ 72.241010][ T4650] binder: 4643:4650 ioctl c0306201 0 returned -14 [ 72.531861][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 72.538290][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 72.686114][ T4438] cdc_wdm 3-1:1.0: skipping garbage [ 72.709885][ T4647] loop3: detected capacity change from 0 to 2048 [ 72.729041][ T4438] cdc_wdm 3-1:1.0: skipping garbage [ 72.750975][ T4438] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 72.761406][ T4656] netlink: 'syz.4.77': attribute type 1 has an invalid length. [ 72.770273][ T4438] cdc_wdm 3-1:1.0: Unknown control protocol [ 72.784709][ T4657] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 72.785031][ T4656] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.77'. [ 72.854807][ T4256] usb 3-1: USB disconnect, device number 2 [ 72.996335][ T4657] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 73.023693][ T4663] netlink: 'syz.0.78': attribute type 1 has an invalid length. [ 73.044487][ T4657] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4) [ 73.050317][ T4663] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.78'. [ 73.069403][ T4657] Remounting filesystem read-only [ 73.076662][ T4663] syz.0.78[4663] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.076748][ T4663] syz.0.78[4663] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.174053][ T4266] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 73.378626][ T4673] program syz.3.83 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 73.473489][ T4677] loop4: detected capacity change from 0 to 256 [ 73.607565][ T27] audit: type=1800 audit(1761774766.123:3): pid=4677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.85" name="file1" dev="loop4" ino=1048595 res=0 errno=0 [ 73.801143][ T4690] netlink: 'syz.3.91': attribute type 1 has an invalid length. [ 73.809317][ T4690] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.91'. [ 73.849658][ T4691] loop4: detected capacity change from 0 to 128 [ 73.903484][ T4691] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 73.948358][ T4687] loop2: detected capacity change from 0 to 4096 [ 73.993625][ T4689] loop0: detected capacity change from 0 to 32768 [ 73.998939][ T4691] hpfs: filesystem error: improperly stopped [ 74.003938][ T4687] EXT4-fs: Ignoring removed bh option [ 74.015234][ T4689] (syz.0.90,4689,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 74.029175][ T4689] (syz.0.90,4689,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 74.040836][ T4691] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 74.116137][ T4689] JBD2: Ignoring recovery information on journal [ 74.171358][ T4691] hpfs: You really don't want any checks? You are crazy... [ 74.179065][ T4689] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 74.190646][ T4691] hpfs: hpfs_map_sector(): read error [ 74.196316][ T4691] hpfs: code page support is disabled [ 74.203223][ T4691] hpfs: hpfs_map_4sectors(): unaligned read [ 74.209597][ T4691] hpfs: hpfs_map_4sectors(): unaligned read [ 74.215839][ T4691] hpfs: filesystem error: unable to find root dir [ 74.241942][ T4689] (syz.0.90,4689,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC. [ 74.254816][ T4687] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 74.368543][ T4689] (syz.0.90,4689,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x1cec3d0f, computed 0xd2ffbdfe. Applying ECC. [ 74.402927][ T4689] (syz.0.90,4689,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0xb8c23ae4. Applying ECC. [ 74.416381][ T4689] (syz.0.90,4689,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x2acb7e3c [ 74.428789][ T4689] (syz.0.90,4689,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 74.437359][ T4689] (syz.0.90,4689,1):ocfs2_quota_read:201 ERROR: status = -5 [ 74.444719][ T4689] Quota error (device loop0): find_block_dqentry: Can't read quota tree block 6 [ 74.453982][ T4689] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 74.463424][ T4689] (syz.0.90,4689,1):ocfs2_acquire_dquot:878 ERROR: status = -5 [ 74.472277][ T4689] (syz.0.90,4689,1):ocfs2_mknod:314 ERROR: status = -5 [ 74.479257][ T4689] (syz.0.90,4689,1):ocfs2_mknod:502 ERROR: status = -5 [ 74.486414][ T4689] (syz.0.90,4689,1):ocfs2_mkdir:659 ERROR: status = -5 [ 74.511842][ T4687] EXT4-fs error (device loop2): ext4_empty_dir:3154: inode #12: block 80: comm syz.2.89: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 74.660681][ T4687] EXT4-fs (loop2): Remounting filesystem read-only [ 74.691386][ T4687] EXT4-fs warning (device loop2): ext4_empty_dir:3156: inode #12: comm syz.2.89: directory missing '..' [ 74.717103][ T4683] loop1: detected capacity change from 0 to 32768 [ 74.738336][ T4265] ocfs2: Unmounting device (7,0) on (node local) [ 74.746084][ T4683] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.88 (4683) [ 74.833139][ T4683] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 74.909923][ T4683] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 74.934541][ T4683] BTRFS info (device loop1): using free space tree [ 74.936109][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 74.947267][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 74.953348][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 74.973957][ T4709] netlink: 40 bytes leftover after parsing attributes in process `syz.3.97'. [ 75.207797][ T4712] syz.0.95 (4712) used greatest stack depth: 20776 bytes left [ 75.291449][ T4683] BTRFS info (device loop1): enabling ssd optimizations [ 75.494554][ T4268] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 75.513477][ T4741] netlink: 'syz.3.104': attribute type 1 has an invalid length. [ 75.521145][ T4741] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.104'. [ 76.163462][ T4732] loop4: detected capacity change from 0 to 32768 [ 76.202806][ T4732] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.100 (4732) [ 76.242043][ T4732] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 76.263122][ T4738] loop0: detected capacity change from 0 to 32768 [ 76.293078][ T14] cfg80211: failed to load regulatory.db [ 76.320617][ T4732] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 76.381730][ T4732] BTRFS info (device loop4): using free space tree [ 76.427813][ T4763] loop3: detected capacity change from 0 to 512 [ 76.464192][ T4763] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 76.677431][ T4763] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 76.741288][ T4732] BTRFS info (device loop4): enabling ssd optimizations [ 76.786361][ T4763] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.110: inode has both inline data and extents flags [ 76.854286][ T4763] EXT4-fs (loop3): Remounting filesystem read-only [ 76.860898][ T4763] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.110: couldn't read orphan inode 15 (err -117) [ 76.921289][ T4763] EXT4-fs (loop3): Remounting filesystem read-only [ 76.939233][ T4732] BTRFS error (device loop4): balance: mixed groups data and metadata options must be the same [ 76.955375][ T4785] loop2: detected capacity change from 0 to 256 [ 76.981553][ T4763] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 77.062345][ T4763] EXT4-fs error (device loop3): ext4_read_inline_dir:1601: inode #12: block 7: comm syz.3.110: path /24/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0 [ 77.150199][ T4787] loop0: detected capacity change from 0 to 128 [ 77.191259][ T4763] EXT4-fs (loop3): Remounting filesystem read-only [ 77.279912][ T4272] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 77.286840][ T4756] loop1: detected capacity change from 0 to 32768 [ 77.324933][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 77.351771][ T4756] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.106 (4756) [ 77.535713][ T4756] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 77.594771][ T4756] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 77.655879][ T4756] BTRFS info (device loop1): enabling auto defrag [ 77.690655][ T4756] BTRFS info (device loop1): use no compression [ 77.721375][ T4798] netlink: 24 bytes leftover after parsing attributes in process `syz.4.114'. [ 77.731413][ T4282] Bluetooth: hci0: command 0x0c1a tx timeout [ 77.737493][ T4279] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 77.760118][ T4756] BTRFS info (device loop1): max_inline at 4096 [ 77.766640][ T4756] BTRFS info (device loop1): using free space tree [ 77.970681][ T4802] netlink: 'syz.0.119': attribute type 1 has an invalid length. [ 78.032374][ T4802] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.119'. [ 78.141886][ T4818] device ip6gretap1 entered promiscuous mode [ 78.193751][ T4826] netlink: 'syz.3.123': attribute type 1 has an invalid length. [ 78.221337][ T4756] BTRFS info (device loop1): enabling ssd optimizations [ 78.265229][ T4826] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.123'. [ 78.475751][ T4268] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 78.523114][ T4835] netlink: 12 bytes leftover after parsing attributes in process `syz.0.126'. [ 78.552228][ T4835] netlink: 24 bytes leftover after parsing attributes in process `syz.0.126'. [ 78.646411][ T4257] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop1 scanned by udevd (4257) [ 78.853168][ T4846] netlink: 'syz.2.128': attribute type 1 has an invalid length. [ 78.898992][ T4846] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.128'. [ 78.923527][ T4846] syz.2.128[4846] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.923619][ T4846] syz.2.128[4846] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.094729][ T4856] loop3: detected capacity change from 0 to 256 [ 79.192982][ T4856] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbbba8adb, utbl_chksum : 0xe619d30d) [ 79.969581][ T4863] Falling back ldisc for ptm0. [ 80.099767][ T4872] netlink: 'syz.3.137': attribute type 1 has an invalid length. [ 80.137262][ T4872] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.137'. [ 80.151407][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 80.157474][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 80.452095][ T4882] netlink: 'syz.4.140': attribute type 1 has an invalid length. [ 80.459777][ T4882] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.140'. [ 80.688750][ T4895] netlink: 'syz.0.147': attribute type 1 has an invalid length. [ 80.711282][ T4895] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.147'. [ 80.760126][ T4895] syz.0.147[4895] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.760226][ T4895] syz.0.147[4895] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.257535][ T4903] loop1: detected capacity change from 0 to 512 [ 81.740900][ T4908] sp0: Synchronizing with TNC [ 81.827357][ T4903] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 81.858134][ T4903] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 81.926084][ T4903] EXT4-fs (loop1): 1 truncate cleaned up [ 81.938323][ T4903] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 82.014506][ T4914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.151'. [ 82.039493][ T4916] loop3: detected capacity change from 0 to 16 [ 82.086409][ T4916] erofs: (device loop3): mounted with root inode @ nid 36. [ 82.211546][ T4282] Bluetooth: hci0: command 0x0c1a tx timeout [ 82.217655][ T4279] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 82.245539][ T4266] erofs: (device loop3): erofs_fill_dentries: bogus dirent @ nid 46 [ 82.287254][ T4266] erofs: (device loop3): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 82.343545][ T4266] erofs: (device loop3): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 82.347707][ T4268] EXT4-fs (loop1): unmounting filesystem. [ 82.432387][ T4922] netlink: 'syz.0.155': attribute type 1 has an invalid length. [ 82.440079][ T4922] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.155'. [ 82.852048][ T4439] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 82.864534][ T4944] netlink: 'syz.3.162': attribute type 1 has an invalid length. [ 82.886813][ T4944] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.162'. [ 82.926053][ T4944] syz.3.162[4944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.926143][ T4944] syz.3.162[4944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.064228][ T4439] usb 3-1: Using ep0 maxpacket: 32 [ 83.118432][ T4439] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 83.157336][ T4439] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.164658][ T4952] netlink: 'syz.0.167': attribute type 1 has an invalid length. [ 83.175811][ T4439] usb 3-1: Product: syz [ 83.185436][ T4952] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.167'. [ 83.191201][ T4439] usb 3-1: Manufacturer: syz [ 83.219443][ T4439] usb 3-1: SerialNumber: syz [ 83.243496][ T4439] usb 3-1: config 0 descriptor?? [ 83.305771][ T4960] loop3: detected capacity change from 0 to 2048 [ 83.355134][ T4962] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.544316][ T4966] loop0: detected capacity change from 0 to 512 [ 83.687838][ T4439] airspy 3-1:0.0: Board ID: 00 [ 83.696284][ T4439] airspy 3-1:0.0: Firmware version: [ 83.710093][ T4966] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 83.731482][ T4966] ext4 filesystem being mounted at /34/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.890699][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 84.092432][ T4984] netlink: 'syz.3.176': attribute type 2 has an invalid length. [ 84.101109][ T4439] airspy 3-1:0.0: usb_control_msg() failed -71 request 0e [ 84.122924][ T4439] airspy 3-1:0.0: Registered as swradio24 [ 84.128688][ T4439] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 84.146551][ T4981] loop4: detected capacity change from 0 to 1024 [ 84.179682][ T4439] usb 3-1: USB disconnect, device number 3 [ 84.212959][ T4981] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 84.235754][ T4987] loop1: detected capacity change from 0 to 512 [ 84.264971][ T4987] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.334384][ T4990] netlink: 'syz.3.178': attribute type 1 has an invalid length. [ 84.348033][ T4981] EXT4-fs error (device loop4): ext4_get_journal_inode:5730: inode #32: comm syz.4.175: iget: special inode unallocated [ 84.352976][ T4987] EXT4-fs error (device loop1): __ext4_fill_super:5397: inode #2: comm syz.1.177: inode has both inline data and extents flags [ 84.380808][ T4990] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.178'. [ 84.403675][ T4987] EXT4-fs (loop1): get root inode failed [ 84.409371][ T4987] EXT4-fs (loop1): mount failed [ 84.432304][ T4990] syz.3.178[4990] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.432392][ T4990] syz.3.178[4990] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.464539][ T4981] EXT4-fs (loop4): no journal found [ 84.492566][ T4981] EXT4-fs (loop4): can't get journal size [ 84.500520][ T4981] EXT4-fs (loop4): filesystem is read-only [ 84.539825][ T4981] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 84.557355][ T4981] EXT4-fs (loop4): unmounting filesystem. [ 84.691396][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 84.697707][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 84.913165][ T5003] netlink: 'syz.3.181': attribute type 1 has an invalid length. [ 84.985973][ T5003] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.181'. [ 85.154472][ T5013] netpci0: tun_chr_ioctl cmd 35111 [ 85.571070][ T5020] loop3: detected capacity change from 0 to 8192 [ 85.619526][ T5020] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 85.702618][ T5020] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 85.717712][ T5020] REISERFS (device loop3): using ordered data mode [ 85.725440][ T5020] reiserfs: using flush barriers [ 85.772949][ T5020] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 85.791740][ T5031] netlink: 'syz.0.192': attribute type 1 has an invalid length. [ 85.799401][ T5031] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.192'. [ 85.809736][ T5020] REISERFS (device loop3): checking transaction log (loop3) [ 85.821028][ T5031] syz.0.192[5031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 85.821110][ T5031] syz.0.192[5031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 85.836819][ T5020] REISERFS (device loop3): Using r5 hash to sort names [ 85.879216][ T5020] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 86.015665][ T5037] loop1: detected capacity change from 0 to 128 [ 86.917508][ T5049] netlink: 'syz.2.199': attribute type 1 has an invalid length. [ 87.047231][ T5049] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.199'. [ 87.091320][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 87.091319][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 87.544855][ T5062] syz.1.203[5062] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 87.544946][ T5062] syz.1.203[5062] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 87.717327][ T5039] loop4: detected capacity change from 0 to 32768 [ 87.761296][ T5072] netlink: 'syz.3.206': attribute type 1 has an invalid length. [ 87.769608][ T5072] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.206'. [ 87.782456][ T5072] syz.3.206[5072] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 87.782542][ T5072] syz.3.206[5072] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 87.809107][ T5068] sp0: Synchronizing with TNC [ 87.832813][ T5039] XFS (loop4): Mounting V5 Filesystem [ 87.871825][ T4439] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 87.949013][ T5039] XFS (loop4): Ending clean mount [ 88.003457][ T27] audit: type=1800 audit(1761774780.523:4): pid=5039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.194" name="file1" dev="loop4" ino=6150 res=0 errno=0 [ 88.128390][ T4439] usb 3-1: config index 0 descriptor too short (expected 39, got 27) [ 88.142768][ T4439] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 88.158699][ T4439] usb 3-1: config 0 interface 0 has no altsetting 0 [ 88.181331][ T4272] XFS (loop4): Unmounting Filesystem [ 88.194015][ T4439] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 88.219684][ T4439] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 88.237588][ T4439] usb 3-1: Product: syz [ 88.247192][ T4439] usb 3-1: Manufacturer: syz [ 88.263770][ T4439] usb 3-1: SerialNumber: syz [ 88.272491][ T4440] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 88.318994][ T4439] usb 3-1: config 0 descriptor?? [ 88.360340][ T4439] hub 3-1:0.0: bad descriptor, ignoring hub [ 88.386446][ T4439] hub: probe of 3-1:0.0 failed with error -5 [ 88.476451][ T4439] usb 3-1: selecting invalid altsetting 0 [ 88.483494][ T4440] usb 4-1: Using ep0 maxpacket: 8 [ 88.514667][ T4440] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 88.635091][ T4440] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 88.723560][ T4440] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.799122][ T4440] usb 4-1: Product: syz [ 88.891030][ T4440] usb 4-1: Manufacturer: syz [ 88.941057][ T4440] usb 4-1: SerialNumber: syz [ 89.046929][ T4440] usb 4-1: config 0 descriptor?? [ 89.126578][ T4440] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 89.171331][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 89.171492][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 89.194479][ T4440] usb 4-1: setting power ON [ 89.199572][ T4440] dvb-usb: bulk message failed: -22 (2/0) [ 89.246316][ T4440] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 89.274211][ T4440] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 89.284215][ T4440] usb 4-1: media controller created [ 89.375238][ T4439] usb 3-1: reset high-speed USB device number 4 using dummy_hcd [ 89.384474][ T4440] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 89.402381][ T5083] dvb-usb: bulk message failed: -22 (3/0) [ 89.441416][ T5083] dvb-usb: bulk message failed: -22 (3/0) [ 89.459266][ T4440] usb 4-1: selecting invalid altsetting 6 [ 89.472193][ T4440] usb 4-1: digital interface selection failed (-22) [ 89.504125][ T4440] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 89.504130][ T5096] cxusb: i2c rd: len=159 is too big! [ 89.504130][ T5096] [ 89.516544][ T4440] usb 4-1: setting power OFF [ 89.556078][ T4440] dvb-usb: bulk message failed: -22 (2/0) [ 89.569264][ T4440] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 89.574094][ T5100] netlink: 'syz.1.213': attribute type 1 has an invalid length. [ 89.579933][ T4440] (NULL device *): no alternate interface [ 89.595314][ T4439] usb 3-1: device firmware changed [ 89.606589][ T5100] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.213'. [ 89.619782][ T4439] usb 3-1: USB disconnect, device number 4 [ 89.692726][ T4440] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 89.737763][ T4440] usb 4-1: USB disconnect, device number 2 [ 89.957424][ T5095] loop4: detected capacity change from 0 to 32768 [ 89.968004][ T5095] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 90.089660][ T5093] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 90.101350][ T26] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 90.109098][ T4439] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 90.169675][ T5116] netlink: 'syz.3.218': attribute type 1 has an invalid length. [ 90.184262][ T5116] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.218'. [ 90.196606][ T5114] syz.1.217[5114] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.196695][ T5114] syz.1.217[5114] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.218470][ T5116] syz.3.218[5116] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.230386][ T5116] syz.3.218[5116] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 90.312679][ T4439] usb 3-1: config index 0 descriptor too short (expected 39, got 27) [ 90.332386][ T4439] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 90.343168][ T4439] usb 3-1: config 0 interface 0 has no altsetting 0 [ 90.350988][ T26] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 90.366961][ T26] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 90.391245][ T4440] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 90.409853][ T26] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 90.421643][ T4439] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 90.430698][ T4439] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 90.458724][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.468404][ T4439] usb 3-1: Product: syz [ 90.473261][ T4439] usb 3-1: SerialNumber: 乍ᢂ [ 90.485050][ T4439] usb 3-1: config 0 descriptor?? [ 90.499886][ T4439] hub 3-1:0.0: bad descriptor, ignoring hub [ 90.506029][ T4439] hub: probe of 3-1:0.0 failed with error -5 [ 90.515924][ T4439] usb 3-1: selecting invalid altsetting 0 [ 90.686193][ T4440] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 90.695530][ T26] usb 1-1: usb_control_msg returned -32 [ 90.701126][ T26] usbtmc 1-1:16.0: can't read capabilities [ 90.713952][ T4440] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 90.731807][ T4440] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 90.741014][ T4440] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 90.754811][ T4839] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 90.792605][ T4440] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 90.829817][ T4323] usb 3-1: USB disconnect, device number 5 [ 90.837492][ T4440] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 90.876366][ T4440] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 90.892022][ T4440] usb 5-1: Product: syz [ 90.898233][ T4440] usb 5-1: Manufacturer: syz [ 90.913570][ T4440] cdc_wdm 5-1:1.0: skipping garbage [ 90.919380][ T4440] cdc_wdm 5-1:1.0: skipping garbage [ 90.930884][ T4440] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device [ 90.938174][ T4440] cdc_wdm 5-1:1.0: Unknown control protocol [ 90.973193][ T4839] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 90.981996][ T4839] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 90.992496][ T4839] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 91.015197][ T4839] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 91.026673][ T4839] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 91.059851][ T4839] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 91.096403][ T4839] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 91.150229][ T4839] usb 2-1: Product: syz [ 91.160450][ T4839] usb 2-1: Manufacturer: syz [ 91.183990][ T4839] cdc_wdm 2-1:1.0: skipping garbage [ 91.189371][ T4839] cdc_wdm 2-1:1.0: skipping garbage [ 91.259989][ T5138] sp0: Synchronizing with TNC [ 91.592753][ T4746] usb 1-1: USB disconnect, device number 2 [ 91.630361][ T4839] cdc_wdm 2-1:1.0: cdc-wdm2: USB WDM device [ 91.653134][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 91.653336][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 91.742777][ T4839] cdc_wdm 2-1:1.0: Unknown control protocol [ 92.250003][ T5149] TCP: TCP_TX_DELAY enabled [ 92.373637][ T5153] syz.2.229[5153] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.373737][ T5153] syz.2.229[5153] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.389566][ T4281] Bluetooth: hci2: Unknown advertising packet type: 0x11 [ 92.504661][ T5158] netlink: 'syz.3.231': attribute type 1 has an invalid length. [ 92.526161][ T5158] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.231'. [ 92.568510][ T5158] syz.3.231[5158] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.568601][ T5158] syz.3.231[5158] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.748387][ T5166] loop2: detected capacity change from 0 to 512 [ 92.827595][ T5166] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 92.852592][ T5166] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.040813][ T4597] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 93.067131][ T4597] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 128 with error 28 [ 93.076024][ T4839] usb 5-1: USB disconnect, device number 2 [ 93.081713][ T4597] EXT4-fs (loop2): This should not happen!! Data will be lost [ 93.081713][ T4597] [ 93.097876][ T4597] EXT4-fs (loop2): Total free blocks count 0 [ 93.104133][ T4597] EXT4-fs (loop2): Free/Dirty block details [ 93.110075][ T4597] EXT4-fs (loop2): free_blocks=65280 [ 93.116427][ T4597] EXT4-fs (loop2): dirty_blocks=128 [ 93.125712][ T4597] EXT4-fs (loop2): Block reservation details [ 93.132389][ T4597] EXT4-fs (loop2): i_reserved_data_blocks=128 [ 93.145992][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 93.206394][ T5177] sp0: Synchronizing with TNC [ 93.737110][ T4439] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 93.765902][ T26] usb 2-1: USB disconnect, device number 2 [ 94.011258][ T4439] usb 4-1: Using ep0 maxpacket: 16 [ 94.202864][ T5181] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 94.451286][ T4282] Bluetooth: hci0: command 0x0c1a tx timeout [ 94.451396][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 94.816614][ T4439] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 94.826599][ T4439] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 94.836498][ T4439] usb 4-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 94.849661][ T4439] usb 4-1: config 1 interface 0 has no altsetting 0 [ 94.868963][ T4439] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 94.881341][ T4439] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.889352][ T4439] usb 4-1: Product: syz [ 94.893645][ T4439] usb 4-1: Manufacturer: syz [ 94.898251][ T4439] usb 4-1: SerialNumber: syz [ 95.111979][ T5194] syz.0.244[5194] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.112081][ T5194] syz.0.244[5194] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.119230][ T4439] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 95.227577][ T5198] netlink: 'syz.4.246': attribute type 1 has an invalid length. [ 95.261369][ T5198] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.246'. [ 95.289721][ T5198] syz.4.246[5198] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.289820][ T5198] syz.4.246[5198] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.305505][ T5185] loop1: detected capacity change from 0 to 32768 [ 95.410883][ T14] usb 4-1: USB disconnect, device number 3 [ 95.443642][ T5204] loop2: detected capacity change from 0 to 7 [ 95.473010][ T5204] Dev loop2: unable to read RDB block 7 [ 95.475646][ T5185] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 95.478852][ T5204] loop2: unable to read partition table [ 95.494376][ T5204] loop2: partition table beyond EOD, truncated [ 95.510342][ T14] usblp0: removed [ 95.512549][ T5204] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 95.574447][ T27] audit: type=1800 audit(1761774788.093:5): pid=5185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.240" name="file1" dev="loop1" ino=17058 res=0 errno=0 [ 95.740284][ T4268] ocfs2: Unmounting device (7,1) on (node local) [ 95.833308][ T5215] netlink: 'syz.4.250': attribute type 11 has an invalid length. [ 96.021295][ T4344] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 96.089317][ T5221] sp0: Synchronizing with TNC [ 96.211571][ T4344] usb 3-1: Using ep0 maxpacket: 8 [ 96.225995][ T4344] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 96.281673][ T4839] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 96.473115][ T4344] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 96.542997][ T4839] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 96.598643][ T5224] loop4: detected capacity change from 0 to 64 [ 96.611274][ T4839] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.635128][ T4344] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 96.658428][ T4839] usb 1-1: Product: syz [ 96.669659][ T4839] usb 1-1: Manufacturer: syz [ 96.674972][ T4344] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 96.686453][ T4839] usb 1-1: SerialNumber: syz [ 96.784746][ T4344] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 96.851570][ T4839] usb 1-1: config 0 descriptor?? [ 97.059920][ T4344] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 97.171335][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 97.177568][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 97.261750][ T4344] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.559429][ T4839] usb 1-1: USB disconnect, device number 3 [ 97.646952][ T4344] usb 3-1: usb_control_msg returned -32 [ 97.660429][ T4344] usbtmc 3-1:16.0: can't read capabilities [ 97.720669][ T5237] loop4: detected capacity change from 0 to 512 [ 97.738533][ T5237] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 97.850732][ T5237] EXT4-fs (loop4): 1 truncate cleaned up [ 97.866920][ T5237] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 97.970714][ T4272] EXT4-fs (loop4): unmounting filesystem. [ 98.020557][ T5245] usbtmc 3-1:16.0: INITIATE_ABORT_BULK_OUT returned 0 [ 98.070917][ T5248] syz.1.259[5248] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.071008][ T5248] syz.1.259[5248] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.100494][ T5251] loop4: detected capacity change from 0 to 256 [ 98.145524][ T5251] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 98.222122][ T4344] usb 3-1: USB disconnect, device number 6 [ 98.234668][ T5254] netlink: 'syz.3.261': attribute type 1 has an invalid length. [ 98.267514][ T5254] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.261'. [ 98.309198][ T5254] syz.3.261[5254] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.309291][ T5254] syz.3.261[5254] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.356620][ T5259] netlink: 36 bytes leftover after parsing attributes in process `syz.1.263'. [ 98.407625][ T5257] loop4: detected capacity change from 0 to 512 [ 98.471257][ T5257] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 98.481019][ T5257] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 98.497558][ T5257] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 98.549632][ T5257] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 98.575182][ T5257] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 98.584033][ T5257] EXT4-fs (loop4): orphan cleanup on readonly fs [ 98.594751][ T5257] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.262: bg 0: block 34: padding at end of block bitmap is not set [ 98.618936][ T5257] Quota error (device loop4): write_blk: dquota write failed [ 98.627690][ T5257] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 98.638118][ T5257] EXT4-fs error (device loop4): ext4_acquire_dquot:6809: comm syz.4.262: Failed to acquire dquot type 1 [ 98.811287][ T4439] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 98.855604][ T5257] EXT4-fs (loop4): 1 truncate cleaned up [ 98.867552][ T5257] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 99.097516][ T4439] usb 2-1: Using ep0 maxpacket: 8 [ 99.538423][ T4439] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 99.539577][ T5275] sp0: Synchronizing with TNC [ 99.683748][ T4439] usb 2-1: config 179 has no interface number 0 [ 99.761663][ T4439] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 99.902922][ T4439] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 100.034329][ T4439] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 100.131404][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 100.137576][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 100.157561][ T4439] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 100.265931][ T4439] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 100.394073][ T4439] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 100.477439][ T4439] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.127878][ T5264] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 101.293871][ T4272] EXT4-fs (loop4): unmounting filesystem. [ 101.336814][ T5285] syz.0.269[5285] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.336906][ T5285] syz.0.269[5285] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.547001][ T22] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input5 [ 101.630931][ T5293] loop2: detected capacity change from 0 to 2048 [ 101.781369][ T5298] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 101.820312][ T5299] syz.0.274[5299] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.820408][ T5299] syz.0.274[5299] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.876390][ C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 101.876389][ T4839] usb 2-1: USB disconnect, device number 3 [ 101.906488][ T5298] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 101.928007][ T4839] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 101.967184][ T5298] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4) [ 101.990548][ T5298] Remounting filesystem read-only [ 102.095499][ T4267] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer [ 102.180302][ T5308] loop3: detected capacity change from 0 to 512 [ 102.231628][ T5308] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 102.253031][ T5312] netlink: 'syz.2.278': attribute type 1 has an invalid length. [ 102.263958][ T5312] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.278'. [ 102.286002][ T5308] EXT4-fs (loop3): 1 truncate cleaned up [ 102.309064][ T5308] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 102.326426][ T5312] syz.2.278[5312] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.326514][ T5312] syz.2.278[5312] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.411652][ T5308] EXT4-fs (loop3): shut down requested (1) [ 102.456130][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 102.471360][ T14] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 102.598046][ T5324] device macvlan0 entered promiscuous mode [ 102.641017][ T5328] syz.2.285[5328] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.641110][ T5328] syz.2.285[5328] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.659483][ T5324] device batadv0 entered promiscuous mode [ 102.691667][ T5324] device macvlan0 left promiscuous mode [ 102.711228][ T14] usb 5-1: Using ep0 maxpacket: 32 [ 102.787844][ T5324] device batadv0 left promiscuous mode [ 102.923968][ T14] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.937244][ T14] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.948027][ T14] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 102.957493][ T14] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.967451][ T14] usb 5-1: config 0 descriptor?? [ 103.411666][ T4282] Bluetooth: hci0: command 0x0c1a tx timeout [ 103.417848][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 103.611111][ T14] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 103.982471][ T4439] usb 5-1: USB disconnect, device number 3 [ 104.029234][ T5354] netlink: 24 bytes leftover after parsing attributes in process `syz.2.293'. [ 104.043247][ T5348] fido_id[5348]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:1E7D:2D5A.0001/report_descriptor': No such device [ 104.174295][ T5362] netlink: 'syz.0.296': attribute type 1 has an invalid length. [ 104.203749][ T5362] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.296'. [ 104.245741][ T5362] syz.0.296[5362] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.245830][ T5362] syz.0.296[5362] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.511305][ T4839] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 105.722761][ T4839] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 105.754557][ T4839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.779983][ T4839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.818216][ T4839] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 105.843336][ T4839] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 105.882470][ T4839] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 105.900979][ T4839] usb 3-1: Manufacturer: syz [ 105.932501][ T5403] netlink: 'syz.0.312': attribute type 1 has an invalid length. [ 105.951104][ T4839] usb 3-1: config 0 descriptor?? [ 105.961354][ T5403] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.312'. [ 106.057117][ T5407] sp0: Synchronizing with TNC [ 106.127066][ T5406] loop3: detected capacity change from 0 to 2048 [ 106.301615][ T4282] Bluetooth: hci0: command 0x0c1a tx timeout [ 106.301649][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 106.484467][ T4839] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 106.511511][ T5403] bpf_get_probe_write_proto: 2 callbacks suppressed [ 106.511526][ T5403] syz.0.312[5403] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 106.532081][ T5403] syz.0.312[5403] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 106.546867][ T4839] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 106.572652][ T5406] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 106.585682][ T4839] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 106.827926][ T22] usb 3-1: USB disconnect, device number 7 [ 107.766748][ T5411] fido_id[5411]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 107.854410][ T5428] syz.4.321[5428] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.854497][ T5428] syz.4.321[5428] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.003527][ T5430] loop2: detected capacity change from 0 to 1024 [ 108.047010][ T5438] loop0: detected capacity change from 0 to 256 [ 108.059419][ T5436] loop3: detected capacity change from 0 to 1024 [ 108.091423][ T4281] Bluetooth: hci3: unexpected subevent 0x01 length: 37 > 18 [ 108.100180][ T4281] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 108.105865][ T5430] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 108.116448][ T4281] CPU: 0 PID: 4281 Comm: kworker/u5:6 Not tainted syzkaller #0 [ 108.119208][ T5430] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.125894][ T4281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 108.125909][ T4281] Workqueue: hci3 hci_rx_work [ 108.151043][ T4281] Call Trace: [ 108.154337][ T4281] [ 108.157282][ T4281] dump_stack_lvl+0x168/0x22e [ 108.161975][ T4281] ? show_regs_print_info+0x12/0x12 [ 108.167175][ T4281] ? load_image+0x3b0/0x3b0 [ 108.171780][ T4281] sysfs_create_dir_ns+0x252/0x280 [ 108.176883][ T4281] ? hci_rx_work+0x3eb/0xd40 [ 108.181467][ T4281] ? sysfs_warn_dup+0xa0/0xa0 [ 108.186138][ T4281] ? do_raw_spin_unlock+0x11d/0x230 [ 108.191329][ T4281] kobject_add_internal+0x6b8/0xc80 [ 108.196533][ T4281] kobject_add+0x152/0x210 [ 108.200945][ T4281] ? kobject_init+0x1d0/0x1d0 [ 108.205616][ T4281] ? klist_children_get+0x50/0x50 [ 108.210630][ T4281] ? get_device_parent+0x121/0x3f0 [ 108.215734][ T4281] device_add+0x483/0xfb0 [ 108.220049][ T4281] ? kmem_cache_free+0xf7/0x290 [ 108.224891][ T4281] hci_conn_add_sysfs+0xd1/0x1e0 [ 108.229818][ T4281] le_conn_complete_evt+0xfec/0x15d0 [ 108.235103][ T4281] ? hci_le_big_info_adv_report_evt+0x310/0x310 [ 108.241330][ T4281] ? bt_info+0x150/0x150 [ 108.245560][ T4281] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 108.251188][ T4281] ? skb_pull_data+0xf7/0x200 [ 108.255858][ T4281] hci_le_conn_complete_evt+0x183/0x440 [ 108.261395][ T4281] ? hci_remote_host_features_evt+0x270/0x270 [ 108.267450][ T4281] hci_event_packet+0x791/0x1210 [ 108.272382][ T4281] ? bis_list+0x280/0x280 [ 108.276699][ T4281] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 108.282589][ T4281] ? kcov_remote_start+0x4c7/0x7e0 [ 108.287688][ T4281] ? nf_l4proto_log_invalid+0x1f9/0x26e [ 108.293224][ T4281] ? hci_send_to_monitor+0x9c/0x4a0 [ 108.298411][ T4281] hci_rx_work+0x3eb/0xd40 [ 108.302822][ T4281] ? _raw_spin_unlock+0x40/0x40 [ 108.307758][ T4281] ? process_one_work+0x7a1/0x1160 [ 108.312857][ T4281] process_one_work+0x898/0x1160 [ 108.317795][ T4281] ? worker_detach_from_pool+0x240/0x240 [ 108.323419][ T4281] ? _raw_spin_lock_irq+0xab/0xe0 [ 108.328432][ T4281] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 108.333793][ T4281] ? kthread_data+0x4b/0xc0 [ 108.338290][ T4281] worker_thread+0xaa2/0x1250 [ 108.342975][ T4281] kthread+0x29d/0x330 [ 108.347032][ T4281] ? worker_clr_flags+0x1a0/0x1a0 [ 108.352044][ T4281] ? kthread_blkcg+0xd0/0xd0 [ 108.356631][ T4281] ret_from_fork+0x1f/0x30 [ 108.361047][ T4281] [ 108.367770][ T4281] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 108.381356][ T5436] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 108.381437][ T5436] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.385202][ T5436] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.324: inode has both inline data and extents flags [ 108.400089][ T4281] Bluetooth: hci3: failed to register connection device [ 108.404640][ T5430] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.322: inode has both inline data and extents flags [ 108.482272][ T5446] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.324: inode has both inline data and extents flags [ 108.531481][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 108.536189][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 108.730338][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 108.837005][ T5450] sp0: Synchronizing with TNC [ 109.161525][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 109.491007][ T5458] netlink: 'syz.2.328': attribute type 1 has an invalid length. [ 109.535042][ T5458] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.328'. [ 109.563232][ T5458] syz.2.328[5458] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.563323][ T5458] syz.2.328[5458] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.670128][ T5464] capability: warning: `syz.0.332' uses deprecated v2 capabilities in a way that may be insecure [ 110.181407][ T4838] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 110.271492][ T4344] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 110.430005][ T4838] usb 2-1: unable to get BOS descriptor or descriptor too short [ 110.475264][ T4344] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 110.542979][ T4838] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 110.557548][ T4344] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.647177][ T4838] usb 2-1: can't read configurations, error -71 [ 110.698095][ T4344] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 110.833956][ T4344] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 110.943543][ T4344] usb 4-1: Manufacturer: syz [ 111.121951][ T4344] usb 4-1: config 0 descriptor?? [ 111.173442][ T5486] loop0: detected capacity change from 0 to 64 [ 111.281214][ T4344] rc_core: IR keymap rc-hauppauge not found [ 111.288782][ T4344] Registered IR keymap rc-empty [ 111.324678][ T4344] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 111.441647][ T4344] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input6 [ 111.662204][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 111.681389][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 111.883879][ C0] igorplugusb 4-1:0.0: Error: urb status = -32 [ 112.022669][ T4344] usb 4-1: USB disconnect, device number 4 [ 112.105861][ T5503] loop2: detected capacity change from 0 to 512 [ 112.117051][ T5503] EXT4-fs: Ignoring removed orlov option [ 112.129479][ T5501] loop4: detected capacity change from 0 to 1024 [ 112.146206][ T5503] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 112.162259][ T5501] EXT4-fs: inline encryption not supported [ 112.222523][ T5501] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 112.259910][ T5505] netlink: 'syz.0.346': attribute type 1 has an invalid length. [ 112.269440][ T5503] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 112.287336][ T5505] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.346'. [ 112.330951][ T5503] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2196: inode #15: comm syz.2.345: corrupted in-inode xattr [ 112.350027][ T5501] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 112.356996][ T5505] syz.0.346[5505] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.359176][ T5505] syz.0.346[5505] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.409610][ T5503] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.345: couldn't read orphan inode 15 (err -117) [ 112.472739][ T5503] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 112.515194][ T5501] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3836: comm syz.4.344: Allocating blocks 497-513 which overlap fs metadata [ 112.557341][ T5501] EXT4-fs (loop4): Remounting filesystem read-only [ 112.586467][ T5501] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3836: comm syz.4.344: Allocating blocks 497-513 which overlap fs metadata [ 112.650352][ T5501] EXT4-fs (loop4): Remounting filesystem read-only [ 112.665384][ T5500] EXT4-fs (loop4): pa ffff888073fa2000: logic 48, phys. 177, len 21 [ 112.674421][ T5500] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1 [ 112.696356][ T5500] EXT4-fs (loop4): Remounting filesystem read-only [ 112.708612][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 113.323021][ T4272] EXT4-fs (loop4): unmounting filesystem. [ 113.724783][ T5527] loop3: detected capacity change from 0 to 2048 [ 113.766603][ T5527] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=26504, location=26504 [ 113.793850][ T5527] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 113.806077][ T5533] syz.4.354 uses obsolete (PF_INET,SOCK_PACKET) [ 114.206878][ T5544] sp0: Synchronizing with TNC [ 114.451458][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 114.457655][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 114.772446][ T5548] netlink: 'syz.4.360': attribute type 1 has an invalid length. [ 114.802096][ T5548] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.360'. [ 114.859242][ T5548] syz.4.360[5548] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.859336][ T5548] syz.4.360[5548] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.999919][ T5539] loop1: detected capacity change from 0 to 32768 [ 115.119437][ T5539] JBD2: Ignoring recovery information on journal [ 115.197561][ T5563] loop3: detected capacity change from 0 to 1024 [ 115.311044][ T5539] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 116.482467][ T5577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.370'. [ 116.493705][ T5577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.370'. [ 116.502921][ T5577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.370'. [ 116.511884][ T5577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.370'. [ 116.520946][ T5577] Zero length message leads to an empty skb [ 116.600030][ T4268] ocfs2: Unmounting device (7,1) on (node local) [ 117.002811][ T5595] sp0: Synchronizing with TNC [ 117.051740][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 117.051780][ T4282] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 117.708204][ T5598] syz.4.377[5598] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 117.708295][ T5598] syz.4.377[5598] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 117.877330][ T5603] loop2: detected capacity change from 0 to 4096 [ 118.044041][ T5609] loop1: detected capacity change from 0 to 1024 [ 118.313364][ T5609] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 118.481541][ T5609] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.789088][ T5609] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.380: inode has both inline data and extents flags [ 119.107170][ T4268] EXT4-fs (loop1): unmounting filesystem. [ 119.185507][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.4.384'. [ 119.271811][ T5629] device syzkaller1 entered promiscuous mode [ 119.570434][ T5605] loop3: detected capacity change from 0 to 32768 [ 119.698119][ T5636] sp0: Synchronizing with TNC [ 119.749756][ T5605] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.378 (5605) [ 119.812048][ T4282] Bluetooth: hci0: command 0x0c1a tx timeout [ 119.818233][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 120.191671][ T5605] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 120.222360][ T5605] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 120.248555][ T5605] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 120.259794][ T5605] BTRFS info (device loop3): use zstd compression, level 3 [ 120.269639][ T5605] BTRFS info (device loop3): using free space tree [ 120.281763][ T5641] "syz.4.389" (5641) uses obsolete ecb(arc4) skcipher [ 120.330862][ T5625] loop0: detected capacity change from 0 to 32768 [ 120.433533][ T4309] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 120.463214][ T5625] XFS (loop0): Mounting V5 Filesystem [ 120.570837][ T5625] XFS (loop0): Ending clean mount [ 120.611496][ T5605] BTRFS info (device loop3): enabling ssd optimizations [ 120.616602][ T5625] XFS (loop0): Quotacheck needed: Please wait. [ 120.643140][ T4309] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 120.680774][ T4309] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.705330][ T4309] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 120.747990][ T4309] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.754765][ T5676] syz.2.393[5676] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 120.756265][ T5676] syz.2.393[5676] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 120.807004][ T4309] usb 2-1: config 0 descriptor?? [ 120.811725][ T5625] XFS (loop0): Quotacheck: Done. [ 120.931663][ T4266] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 121.476197][ T4309] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 121.823447][ T4309] usb 2-1: USB disconnect, device number 6 [ 122.758274][ T5093] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 9 /dev/loop3 scanned by udevd (5093) [ 122.851604][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 122.857700][ T4279] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 122.966909][ T5687] Bluetooth: MGMT ver 1.22 [ 123.036955][ T4265] XFS (loop0): Unmounting Filesystem [ 123.110428][ T5682] fido_id[5682]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 123.145524][ T5690] loop1: detected capacity change from 0 to 1024 [ 123.425277][ T5690] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 123.525459][ T5700] sp0: Synchronizing with TNC [ 123.638090][ T5690] ext4 filesystem being mounted at /77/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.091632][ T5690] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.398: inode has both inline data and extents flags [ 124.142915][ T5702] loop4: detected capacity change from 0 to 512 [ 124.175790][ T5703] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.398: inode has both inline data and extents flags [ 124.312366][ T5702] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.402: Invalid inode bitmap blk 4 in block_group 0 [ 124.319286][ T5684] loop2: detected capacity change from 0 to 40427 [ 124.352193][ T5684] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3ffff [ 124.369779][ T5702] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 124.400970][ T5684] F2FS-fs (loop2): invalid crc value [ 124.484246][ T5684] F2FS-fs (loop2): Found nat_bits in checkpoint [ 124.517817][ T4268] EXT4-fs (loop1): unmounting filesystem. [ 124.602517][ T4272] EXT4-fs (loop4): unmounting filesystem. [ 124.697686][ T5684] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 124.800963][ T5718] kvm [5715]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x200000ffa000 [ 124.831252][ T4309] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 124.868933][ T5684] F2FS-fs (loop2) : inject checkpoint error in f2fs_balance_fs of f2fs_unlink+0x3ae/0xab0 [ 124.927418][ T5684] overlayfs: cleanup of 'work/#2' failed (-5) [ 124.943874][ T5684] overlayfs: failed to set xattr on upper [ 124.949912][ T5684] overlayfs: ...falling back to index=off,metacopy=off. [ 124.963136][ T5684] overlayfs: failed to resolve './file0': -2 [ 124.969313][ T5721] syz.3.407[5721] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.969496][ T5721] syz.3.407[5721] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.046164][ T4309] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 125.061574][ T5728] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 125.106622][ T4309] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 125.126541][ T4309] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 125.146337][ T4309] usb 1-1: SerialNumber: syz [ 125.226512][ T5730] kernel read not supported for file /eth0 (pid: 5730 comm: syz.4.411) [ 125.254790][ T27] audit: type=1800 audit(1761774817.773:6): pid=5730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.411" name="eth0" dev="mqueue" ino=42126 res=0 errno=0 [ 125.287134][ T5733] 9pnet_fd: Insufficient options for proto=fd [ 125.580412][ T4309] cdc_ether: probe of 1-1:1.0 failed with error -71 [ 125.645502][ T4309] usb 1-1: USB disconnect, device number 4 [ 126.861864][ T4344] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 127.061579][ T5735] loop3: detected capacity change from 0 to 32768 [ 127.091348][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 127.091439][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 127.416274][ T5749] loop4: detected capacity change from 0 to 4096 [ 127.439688][ T5749] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 127.513252][ T5749] ntfs3: loop4: Failed to load $Extend. [ 127.534067][ T4344] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.546417][ T4344] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 127.573076][ T27] audit: type=1800 audit(1761774820.093:7): pid=5749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.418" name="file1" dev="loop4" ino=30 res=0 errno=0 [ 127.577939][ T4344] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 127.699539][ T4344] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 127.723278][ T4344] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.749430][ T4344] usb 1-1: Product: syz [ 127.764573][ T4344] usb 1-1: Manufacturer: syz [ 127.787021][ T4344] usb 1-1: SerialNumber: syz [ 127.913375][ T5764] syz.3.423[5764] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 127.913468][ T5764] syz.3.423[5764] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 127.965680][ T5767] loop1: detected capacity change from 0 to 128 [ 128.108354][ T5769] netlink: 16 bytes leftover after parsing attributes in process `syz.4.425'. [ 128.277003][ T5771] loop3: detected capacity change from 0 to 4096 [ 128.290775][ T5775] loop1: detected capacity change from 0 to 256 [ 128.421576][ T5771] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 128.454191][ T5775] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 129.244900][ T5784] affs: No valid root block on device nullb0 [ 129.378560][ T5786] netlink: 'syz.4.430': attribute type 1 has an invalid length. [ 129.405515][ T4344] cdc_ncm 1-1:1.0: bind() failure [ 129.417714][ T4266] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 129.423179][ T5786] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.430'. [ 129.445032][ T4344] cdc_ncm: probe of 1-1:1.1 failed with error -71 [ 129.450107][ T5786] syz.4.430[5786] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 129.455373][ T5786] syz.4.430[5786] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 129.479876][ T4344] cdc_mbim: probe of 1-1:1.1 failed with error -71 [ 129.569179][ T4344] usbtest: probe of 1-1:1.1 failed with error -71 [ 129.610109][ T4344] usb 1-1: USB disconnect, device number 5 [ 129.971308][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 129.977427][ T4279] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 130.752089][ T5804] syz.0.436[5804] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 130.752187][ T5804] syz.0.436[5804] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.927910][ T5819] netlink: 7080 bytes leftover after parsing attributes in process `syz.0.442'. [ 131.940771][ T5816] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 131.952096][ T5819] syz.0.442[5819] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.958254][ T5819] syz.0.442[5819] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.011511][ T5816] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 132.775769][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.782158][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.851431][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 132.857612][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 133.167818][ T5831] netlink: 'syz.3.445': attribute type 1 has an invalid length. [ 133.176125][ T5831] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.445'. [ 133.189380][ T5831] syz.3.445[5831] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.189468][ T5831] syz.3.445[5831] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.244864][ T5816] loop4: detected capacity change from 0 to 4096 [ 133.308867][ T5839] Illegal XDP return value 4294966772 on prog (id 80) dev syz_tun, expect packet loss! [ 133.360703][ T5093] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 133.656388][ T5846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.450'. [ 133.839745][ T5849] sp0: Synchronizing with TNC [ 134.620345][ T5853] loop3: detected capacity change from 0 to 8192 [ 134.631821][ T5836] loop2: detected capacity change from 0 to 32768 [ 134.649522][ T5855] syz.1.453[5855] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.649614][ T5855] syz.1.453[5855] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.689728][ T5853] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 134.714953][ T5853] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 134.724517][ T5853] REISERFS (device loop3): using ordered data mode [ 134.725906][ T5836] XFS (loop2): Mounting V5 Filesystem [ 134.731019][ T5853] reiserfs: using flush barriers [ 134.751584][ T5853] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 134.777316][ T5853] REISERFS (device loop3): checking transaction log (loop3) [ 134.838407][ T5836] XFS (loop2): Ending clean mount [ 134.876117][ T5836] XFS (loop2): Quotacheck needed: Please wait. [ 134.941140][ T5836] XFS (loop2): Quotacheck: Done. [ 135.030424][ T5868] loop4: detected capacity change from 0 to 1024 [ 135.060815][ T4267] XFS (loop2): Unmounting Filesystem [ 135.126719][ T5868] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 135.151871][ T5853] REISERFS (device loop3): Using tea hash to sort names [ 135.160680][ T5868] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.190865][ T5853] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 135.251309][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 135.257422][ T4279] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 135.366296][ T5868] EXT4-fs error (device loop4): ext4_lookup:1858: inode #15: comm syz.4.454: inode has both inline data and extents flags [ 135.669650][ T5876] EXT4-fs error (device loop4): ext4_lookup:1858: inode #15: comm syz.4.454: inode has both inline data and extents flags [ 136.194812][ T4272] EXT4-fs (loop4): unmounting filesystem. [ 136.222403][ T5881] netlink: 7080 bytes leftover after parsing attributes in process `syz.1.458'. [ 136.314382][ T5881] syz.1.458[5881] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 136.314474][ T5881] syz.1.458[5881] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.241758][ T5896] netlink: 'syz.3.461': attribute type 1 has an invalid length. [ 138.330599][ T5896] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.461'. [ 138.384828][ T5897] syz.3.461[5897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.384917][ T5897] syz.3.461[5897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.531340][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout [ 138.548784][ T4279] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 138.780636][ T5906] sp0: Synchronizing with TNC [ 139.645396][ T5912] syz.3.466[5912] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.645487][ T5912] syz.3.466[5912] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.916170][ T5922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.471'. [ 140.651851][ T4747] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 140.679201][ T5925] netlink: 7080 bytes leftover after parsing attributes in process `syz.3.473'. [ 140.690756][ T5925] syz.3.473[5925] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 140.690844][ T5925] syz.3.473[5925] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 140.739493][ T5931] loop1: detected capacity change from 0 to 128 [ 140.892406][ T4747] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 141.731367][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 141.737488][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 142.223783][ T4747] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 142.237428][ T4747] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 142.247500][ T4747] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 142.298760][ T4747] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 142.318994][ T4747] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.327275][ T4747] usb 3-1: Product: syz [ 142.332099][ T4747] usb 3-1: Manufacturer: syz [ 142.336857][ T4747] usb 3-1: SerialNumber: syz [ 142.346595][ T4747] cdc_ncm 3-1:1.0: skipping garbage [ 142.393836][ T5938] netlink: 'syz.0.476': attribute type 1 has an invalid length. [ 142.425003][ T5938] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.476'. [ 142.437709][ T5938] syz.0.476[5938] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.437821][ T5938] syz.0.476[5938] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.765925][ T5943] loop1: detected capacity change from 0 to 2048 [ 142.884358][ T5948] sp0: Synchronizing with TNC [ 143.298318][ T5943] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 143.357950][ T4747] cdc_ncm 3-1:1.0: bind() failure [ 143.364749][ T5950] input: syz1 as /devices/virtual/input/input7 [ 143.378049][ T4747] cdc_ncm: probe of 3-1:1.1 failed with error -71 [ 143.396118][ T5950] input: failed to attach handler leds to device input7, error: -6 [ 143.412809][ T4747] cdc_mbim: probe of 3-1:1.1 failed with error -71 [ 143.432481][ T4747] usbtest: probe of 3-1:1.1 failed with error -71 [ 143.489019][ T4747] usb 3-1: USB disconnect, device number 8 [ 143.620211][ T4639] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 143.640521][ T5958] loop3: detected capacity change from 0 to 16 [ 143.647487][ T5958] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 143.701298][ T4639] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 143.731669][ T4639] EXT4-fs (loop1): This should not happen!! Data will be lost [ 143.731669][ T4639] [ 143.743847][ T4639] EXT4-fs (loop1): Total free blocks count 0 [ 143.757652][ T4639] EXT4-fs (loop1): Free/Dirty block details [ 143.767078][ T4639] EXT4-fs (loop1): free_blocks=4096 [ 143.772757][ T4639] EXT4-fs (loop1): dirty_blocks=848 [ 143.778800][ T4639] EXT4-fs (loop1): Block reservation details [ 143.785143][ T4639] EXT4-fs (loop1): i_reserved_data_blocks=53 [ 143.794975][ T4640] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 816 with error 28 [ 143.809407][ T5962] all (unregistering): Released all slaves [ 144.124900][ T5972] syz.2.487[5972] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 144.124961][ T5972] syz.2.487[5972] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 144.774975][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 144.775067][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 145.480378][ T5986] netlink: 7064 bytes leftover after parsing attributes in process `syz.3.490'. [ 145.731807][ T5986] syz.3.490[5986] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.736870][ T5986] syz.3.490[5986] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.124130][ T5992] netlink: 'syz.1.492': attribute type 1 has an invalid length. [ 146.148521][ T5992] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.492'. [ 146.213966][ T5992] syz.1.492[5992] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.214056][ T5992] syz.1.492[5992] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.697723][ T6010] sp0: Synchronizing with TNC [ 146.942696][ T6012] sp1: Synchronizing with TNC [ 146.951489][ T4281] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 146.957761][ T4279] Bluetooth: hci0: command 0x0c1a tx timeout [ 147.361976][ T6017] loop3: detected capacity change from 0 to 512 [ 147.834783][ T6017] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13 [ 148.588561][ T6017] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #13: comm syz.3.501: iget: bad i_size value: 12154757448730 [ 148.707475][ T6017] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.501: couldn't read orphan inode 13 (err -117) [ 148.827702][ T6017] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 149.084070][ T6017] EXT4-fs (loop3): shut down requested (1) [ 149.095026][ T6031] syz.4.505[6031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.095120][ T6031] syz.4.505[6031] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.207318][ T4266] EXT4-fs (loop3): unmounting filesystem. [ 149.254840][ T6038] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.508'. [ 149.272291][ T6033] device syzkaller1 entered promiscuous mode [ 149.312429][ T6038] syz.0.508[6038] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.312519][ T6038] syz.0.508[6038] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.412508][ T6044] netlink: 'syz.2.510': attribute type 1 has an invalid length. [ 149.482701][ T6044] netlink: 7064 bytes leftover after parsing attributes in process `syz.2.510'. [ 149.503195][ T6045] syz.2.510[6045] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.503282][ T6045] syz.2.510[6045] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.592265][ T6050] loop1: detected capacity change from 0 to 1024 [ 150.016134][ T6050] ------------[ cut here ]------------ [ 150.021687][ T6050] WARNING: CPU: 0 PID: 6050 at mm/page_alloc.c:5590 __alloc_pages+0x2f4/0x4e0 [ 150.030618][ T6050] Modules linked in: [ 150.034658][ T6050] CPU: 0 PID: 6050 Comm: syz.1.512 Not tainted syzkaller #0 [ 150.041994][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 150.052611][ T6050] RIP: 0010:__alloc_pages+0x2f4/0x4e0 [ 150.058014][ T6050] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 a0 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 32 1f 45 0c 01 <0f> 0b eb a5 a9 00 00 08 00 8b 74 24 04 75 3e 44 89 f1 81 e1 7f ff [ 150.077873][ T6050] RSP: 0018:ffffc9000ded7a00 EFLAGS: 00010246 [ 150.084004][ T6050] RAX: ffffc9000ded7a00 RBX: 1ffff92001bdaf44 RCX: 0000000000000000 [ 150.092023][ T6050] RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc9000ded7a68 [ 150.100007][ T6050] RBP: ffffc9000ded7b00 R08: dffffc0000000000 R09: ffffc9000ded7a40 [ 150.108044][ T6050] R10: fffff52001bdaf4d R11: 1ffff92001bdaf48 R12: 000000000000000b [ 150.116054][ T6050] R13: 0000000000000000 R14: 0000000000040cc0 R15: dffffc0000000000 [ 150.124064][ T6050] FS: 00007f42244146c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 150.133121][ T6050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.139714][ T6050] CR2: 000000110c370a79 CR3: 000000001d384000 CR4: 00000000003506f0 [ 150.147725][ T6050] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 150.155740][ T6050] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 150.163752][ T6050] Call Trace: [ 150.167041][ T6050] [ 150.168064][ T6041] loop3: detected capacity change from 0 to 40427 [ 150.169970][ T6050] ? zone_statistics+0x170/0x170 [ 150.170002][ T6050] ? __might_fault+0xa6/0x120 [ 150.186099][ T6050] ? __lock_acquire+0x7c50/0x7c50 [ 150.191140][ T6050] ? do_vfs_ioctl+0xcb5/0x1d10 [ 150.195958][ T6050] __kmalloc_large_node+0x8c/0x1e0 [ 150.201091][ T6050] ? raw_ioctl+0x17f7/0x39c0 [ 150.205733][ T6050] __kmalloc+0x110/0x240 [ 150.209993][ T6050] ? _copy_from_user+0x10b/0x170 [ 150.214990][ T6050] raw_ioctl+0x17f7/0x39c0 [ 150.216444][ T6041] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 150.219412][ T6050] ? tomoyo_path_number_perm+0x4ae/0x600 [ 150.219440][ T6050] ? __kmem_cache_free+0xb6/0x1f0 [ 150.237862][ T6050] ? tomoyo_path_number_perm+0x503/0x600 [ 150.243552][ T6050] ? tomoyo_path_number_perm+0x1b6/0x600 [ 150.248239][ T6041] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 150.249182][ T6050] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 150.262909][ T6050] ? make_qualifier+0x3f0/0x3f0 [ 150.267804][ T6050] ? __fget_files+0x28/0x4d0 [ 150.272487][ T6050] ? bpf_lsm_file_ioctl+0x5/0x10 [ 150.277437][ T6050] ? security_file_ioctl+0x7c/0xa0 [ 150.282595][ T6050] ? make_qualifier+0x3f0/0x3f0 [ 150.287456][ T6050] __se_sys_ioctl+0xfa/0x170 [ 150.292112][ T6050] do_syscall_64+0x4c/0xa0 [ 150.296553][ T6050] ? clear_bhb_loop+0x60/0xb0 [ 150.301283][ T6050] ? clear_bhb_loop+0x60/0xb0 [ 150.305972][ T6050] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 150.311912][ T6050] RIP: 0033:0x7f422358efc9 [ 150.316349][ T6050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.336002][ T6050] RSP: 002b:00007f4224414038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 150.344184][ T6041] F2FS-fs (loop3): invalid crc value [ 150.344467][ T6050] RAX: ffffffffffffffda RBX: 00007f42237e5fa0 RCX: 00007f422358efc9 [ 150.357734][ T6050] RDX: 0000200000000080 RSI: 00000000c0085504 RDI: 0000000000000004 [ 150.365744][ T6050] RBP: 00007f4223611f91 R08: 0000000000000000 R09: 0000000000000000 [ 150.373754][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.381763][ T6050] R13: 00007f42237e6038 R14: 00007f42237e5fa0 R15: 00007ffc78443bc8 [ 150.389758][ T6050] [ 150.392834][ T6050] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 150.400112][ T6050] CPU: 0 PID: 6050 Comm: syz.1.512 Not tainted syzkaller #0 [ 150.407387][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 150.417425][ T6050] Call Trace: [ 150.420689][ T6050] [ 150.423605][ T6050] dump_stack_lvl+0x168/0x22e [ 150.428274][ T6050] ? memcpy+0x3c/0x60 [ 150.432247][ T6050] ? show_regs_print_info+0x12/0x12 [ 150.437430][ T6050] ? load_image+0x3b0/0x3b0 [ 150.441928][ T6050] panic+0x2c9/0x710 [ 150.445814][ T6050] ? bpf_jit_dump+0xd0/0xd0 [ 150.450312][ T6050] __warn+0x2f8/0x4f0 [ 150.454281][ T6050] ? __alloc_pages+0x2f4/0x4e0 [ 150.459037][ T6050] ? __alloc_pages+0x2f4/0x4e0 [ 150.463792][ T6050] report_bug+0x2ba/0x4f0 [ 150.468110][ T6050] ? __alloc_pages+0x2f4/0x4e0 [ 150.472864][ T6050] handle_bug+0x3a/0x70 [ 150.477008][ T6050] exc_invalid_op+0x16/0x40 [ 150.481496][ T6050] asm_exc_invalid_op+0x16/0x20 [ 150.486331][ T6050] RIP: 0010:__alloc_pages+0x2f4/0x4e0 [ 150.491692][ T6050] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 a0 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 32 1f 45 0c 01 <0f> 0b eb a5 a9 00 00 08 00 8b 74 24 04 75 3e 44 89 f1 81 e1 7f ff [ 150.511288][ T6050] RSP: 0018:ffffc9000ded7a00 EFLAGS: 00010246 [ 150.517338][ T6050] RAX: ffffc9000ded7a00 RBX: 1ffff92001bdaf44 RCX: 0000000000000000 [ 150.525301][ T6050] RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc9000ded7a68 [ 150.533258][ T6050] RBP: ffffc9000ded7b00 R08: dffffc0000000000 R09: ffffc9000ded7a40 [ 150.541215][ T6050] R10: fffff52001bdaf4d R11: 1ffff92001bdaf48 R12: 000000000000000b [ 150.549169][ T6050] R13: 0000000000000000 R14: 0000000000040cc0 R15: dffffc0000000000 [ 150.557143][ T6050] ? zone_statistics+0x170/0x170 [ 150.562071][ T6050] ? __might_fault+0xa6/0x120 [ 150.566740][ T6050] ? __lock_acquire+0x7c50/0x7c50 [ 150.571758][ T6050] ? do_vfs_ioctl+0xcb5/0x1d10 [ 150.576508][ T6050] __kmalloc_large_node+0x8c/0x1e0 [ 150.581611][ T6050] ? raw_ioctl+0x17f7/0x39c0 [ 150.586181][ T6050] __kmalloc+0x110/0x240 [ 150.590411][ T6050] ? _copy_from_user+0x10b/0x170 [ 150.595335][ T6050] raw_ioctl+0x17f7/0x39c0 [ 150.599734][ T6050] ? tomoyo_path_number_perm+0x4ae/0x600 [ 150.605357][ T6050] ? __kmem_cache_free+0xb6/0x1f0 [ 150.610371][ T6050] ? tomoyo_path_number_perm+0x503/0x600 [ 150.615985][ T6050] ? tomoyo_path_number_perm+0x1b6/0x600 [ 150.621600][ T6050] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 150.627041][ T6050] ? make_qualifier+0x3f0/0x3f0 [ 150.631899][ T6050] ? __fget_files+0x28/0x4d0 [ 150.636481][ T6050] ? bpf_lsm_file_ioctl+0x5/0x10 [ 150.641404][ T6050] ? security_file_ioctl+0x7c/0xa0 [ 150.646499][ T6050] ? make_qualifier+0x3f0/0x3f0 [ 150.651330][ T6050] __se_sys_ioctl+0xfa/0x170 [ 150.655909][ T6050] do_syscall_64+0x4c/0xa0 [ 150.660310][ T6050] ? clear_bhb_loop+0x60/0xb0 [ 150.664977][ T6050] ? clear_bhb_loop+0x60/0xb0 [ 150.669636][ T6050] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 150.675511][ T6050] RIP: 0033:0x7f422358efc9 [ 150.679910][ T6050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.699500][ T6050] RSP: 002b:00007f4224414038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 150.707895][ T6050] RAX: ffffffffffffffda RBX: 00007f42237e5fa0 RCX: 00007f422358efc9 [ 150.715848][ T6050] RDX: 0000200000000080 RSI: 00000000c0085504 RDI: 0000000000000004 [ 150.723812][ T6050] RBP: 00007f4223611f91 R08: 0000000000000000 R09: 0000000000000000 [ 150.731770][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.739721][ T6050] R13: 00007f42237e6038 R14: 00007f42237e5fa0 R15: 00007ffc78443bc8 [ 150.747770][ T6050] [ 150.750999][ T6050] Kernel Offset: disabled [ 150.755309][ T6050] Rebooting in 86400 seconds..